java - 运行 HTTPS 服务器的问题
问题描述
我使用此处的示例编写了 HTTPS 服务器。
服务器代码:
public class HTTPSServer {
public static void main(String[] args) throws Exception {
HttpsServer server = HttpsServer.create(new InetSocketAddress(8080), 5);
server.createContext("/", new MyHandler());
char[] storepass = "storepass".toCharArray();
char[] keypass = "serverpass".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(HTTPSServer.class.getClassLoader().getResourceAsStream("web-vision.jks"), storepass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keypass);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), new TrustManager[]{}, null);
server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
@Override
public void configure (HttpsParameters params) {
// get the remote address if needed
InetSocketAddress remote = params.getClientAddress();
SSLContext c = getSSLContext();
// get the default parameters
SSLParameters sslparams = c.getDefaultSSLParameters();
params.setSSLParameters(sslparams);
// statement above could throw IAE if any params invalid.
// eg. if app has a UI and parameters supplied by a user.
}
});
ExecutorService executor = Executors.newFixedThreadPool(5);
server.setExecutor(executor); // creates a default executor
server.start();
executor.awaitTermination(Integer.MAX_VALUE, TimeUnit.DAYS);
}
static class MyHandler implements HttpHandler {
public void handle(HttpExchange t) throws IOException {
String response = "This is the response";
t.sendResponseHeaders(200, response.length());
OutputStream os = t.getResponseBody();
os.write(response.getBytes());
}
}
对于此服务器,我使用以下命令创建了一个带有键的文件:
keytool -genkey -keystore web-vision.jks -dname "CN=localhost, OU=gg, O=NA, L=Unknown, ST=Unknown, C=RU" -storepass storepass -alias server-test -keypass serverpass
接下来,我把这个文件放到项目资源中。
然后我启动这台服务器并尝试连接到它并通过访问https://10.155.26.68:8080/and来获得答案https://localhost:8080/,但是没有答案,服务器不可用。
在此之前,我实现了最简单的 HTTP 服务器,它运行良好。
使用 curl 连接到 HTTPS 服务器会产生以下错误:
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL 连接到 10.155.26.68:8080
更新:
感谢您的帮助,但问题只能通过使用以下命令创建新证书来解决:
keytool -v -genkey -dname "CN=localhost, OU=Developers, O=NA, L=Ufa, C=RB" -alias parent -storetype jks -keystore vision.jks -validity 365 -keyalg RSA -keysize 2048 -storepass mystorepass -keypass mykeypass
我只是在学习 SSL,也许第一个证书创建不正确。
解决方案
您使用 curl 遇到的可能原因SSL_ERROR_SYSCALL是,在使用创建证书时keytool,您没有指定要使用的算法。
在这种情况下,keytool默认使用DSA。
然后,在与 curl 的握手阶段,服务器找不到通用的身份验证方案并抛出异常:
javax.net.ssl.SSLHandshakeException: No available authentication scheme
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:945)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:934)
at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1224)
at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1160)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:849)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
at jdk.httpserver/sun.net.httpserver.SSLStreams.doHandshake(SSLStreams.java:464)
at jdk.httpserver/sun.net.httpserver.SSLStreams.recvData(SSLStreams.java:418)
at jdk.httpserver/sun.net.httpserver.SSLStreams$InputStream.read(SSLStreams.java:522)
at jdk.httpserver/sun.net.httpserver.SSLStreams$InputStream.read(SSLStreams.java:591)
at jdk.httpserver/sun.net.httpserver.Request.readLine(Request.java:80)
at jdk.httpserver/sun.net.httpserver.Request.<init>(Request.java:50)
at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:551)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
由于此异常是在日志级别记录的FINER,sun.net.httpserver.ServerImpl$Exchange.run因此很难检测到。
如您所见,调用keytoolwith-keyalg RSA生成证书,使服务器和客户端找到解决该问题的身份验证方案:
keytool -genkeypair -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass secret_password -dname "CN=localhost, OU=Developers, O=NA, L=Ufa, C=RB"
推荐阅读
- android - React Native App - 开发服务器返回响应错误代码:500
- javascript - jQuery 可滑动底页
- android - 如何将图像保持在透明背景上?
- string - 如何计算 trimstart 删除了多少个字符
- javascript - 更改图像映射加载的视频属性
- dart - 使用 Navigator.pop() 颤振“showDialog”
- google-app-engine - 无需添加 DNS 条目即可访问 GHS 应用引擎
- yii - Yii2 - hasMany 与多列的关系
- angular - 在 auth 用户中遇到问题“第一个参数“电子邮件”必须是有效字符串”
- handlebars.js - 屏幕阅读器未阅读工具提示气泡消息