Java SSLHandshakeException无通用密码套件-仅使用wiremock的linux
我有一个集成测试,它使用wiremock作为模拟服务器 我已按如下方式设置服务器:Java SSLHandshakeException无通用密码套件-仅使用wiremock的linux,java,ssl,jenkins,centos,wiremock,Java,Ssl,Jenkins,Centos,Wiremock,我有一个集成测试,它使用wiremock作为模拟服务器 我已按如下方式设置服务器: @ClassRule public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig() .port(9998) .httpsPort(7777) .needClientAuth(true) .trustStorePath(WireMockConf
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.port(9998)
.httpsPort(7777)
.needClientAuth(true)
.trustStorePath(WireMockConfiguration.getTruststorePath())
.trustStorePassword("changeit")
.keystorePath(WireMockConfiguration.getTruststorePath())
.keystorePassword("changeit")
);
// we only use a single instance of the server across all tests in the class
@Rule
public WireMockClassRule instanceRule = wireMockRule;
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore server.jks
keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit -keystore client.jks
keytool -export -alias client-alias -storepass changeit -file client.cer -keystore client.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore server.truststore -keypass changeit -storepass changeit
public static String getTruststorePath() {
return resolveFile("server.truststore");
}
public static String getKeystorePath() {
return resolveFile("server.jks");
}
private static String resolveFile(final String file) {
final URL resource = WireMockConfiguration.class.getClassLoader().getResource(file);
if (resource == null) {
throw new IllegalStateException("Could not resolve property");
}
return resource.getFile();
}
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.chooseCipherSuite(ServerHandshaker.java:1035)
at sun.security.ssl.ServerHandshaker.clientHello(ServerHandshaker.java:738)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:221)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.mortbay.jetty.security.SslSocketConnector$SslConnection.run(SslSocketConnector.java:708)
at com.github.tomakehurst.wiremock.jetty6.DelayableSslSocketConnector$1.run(DelayableSslSocketConnector.java:52)
at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
@ClassRule
public static WireMockClassRule wireMockRule = new WireMockClassRule(wireMockConfig()
.port(9998)
.httpsPort(7777)
.needClientAuth(true)
.trustStorePath(WireMockConfiguration.getTruststorePath())
.trustStorePassword("changeit")
.keystorePath(WireMockConfiguration.getTruststorePath())
.keystorePassword("changeit")
);
// we only use a single instance of the server across all tests in the class
@Rule
public WireMockClassRule instanceRule = wireMockRule;
keytool -genkey -alias server-alias -keyalg RSA -keypass changeit -storepass changeit -keystore server.jks
keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit -keystore client.jks
keytool -export -alias client-alias -storepass changeit -file client.cer -keystore client.jks
keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore server.truststore -keypass changeit -storepass changeit
事实上,问题在于规则配置
.trustStorePath(WireMockConfiguration.getTruststorePath())
.trustStorePassword("changeit")
.keystorePath(WireMockConfiguration.getTruststorePath())
我将信任库设置为同时用作信任库和密钥库 不能将同一文件同时用作信任库和密钥库。这毫无意义,而且安全性很差。