java - 带有 KeyStore 和 ServerSockets 的 Java SSL/TLS
问题描述
我正在使用 TLS/SSL 函数对 SocketServer Lib 进行编码,但我的代码中有问题。
如果我加载密钥库文件,它会引发 IOException,但证书会完全显示在浏览器中。
我的代码:
SSLServerSocketFactory factoryIO;
FileManager certificateIO = new FileManager(CacheHandler.fileIO.getPath("database") + "letsencrypt.jks");
char[] passphraseIO = "12345678".toCharArray();
if (certificateIO.exits()) {
//this.socketIO = SSLServerSocketFactory.getDefault().createServerSocket(this.networkIO.getPort(), 10, this.networkIO.getAddress());
//this.socketIO = this.getContext().getServerSocketFactory().createServerSocket(this.networkIO.getPort(), 10, this.networkIO.getAddress());
// Load Key Store.
KeyStore storeIO = KeyStore.getInstance("JKS");
storeIO.load(certificateIO.stream(), passphraseIO);
// Initialize Key Manger.
KeyManagerFactory managerIO = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
managerIO.init(storeIO, passphraseIO);
// Initialize Trust Manger.
// TrustManagerFactory trustIO = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
//trustIO.init(storeIO);
// Initialize SSL Context with Trust and Key Manager.
SSLContext contextIO = SSLContext.getInstance(this.protocolIO);
contextIO.init(managerIO.getKeyManagers(), null /*trustIO.getTrustManagers()*/, null);
factoryIO = contextIO.getServerSocketFactory();
// ((SSLServerSocket) this.socketIO).setWantClientAuth(true);
//((SSLServerSocket) this.socketIO).setEnabledCipherSuites(new String[]{"TLS_DHE_DSS_WITH_AES_256_CBC_SHA256"});
//((SSLServerSocket) this.socketIO).setEnabledProtocols(new String[]{"TLSv1.2"});
我尝试了很多东西,但如果没有这个错误,我就无法让它运行,它在一段时间内工作,但我不知道我做了什么,产生了这个错误。
引发以下异常:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:658)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:61)
at sun.security.util.AnchorCertificates$1.run(AnchorCertificates.java:52)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.util.AnchorCertificates.<clinit>(AnchorCertificates.java:52)
at sun.security.provider.certpath.AlgorithmChecker.checkFingerprint(AlgorithmChecker.java:214)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:164)
at sun.security.provider.certpath.AlgorithmChecker.<init>(AlgorithmChecker.java:118)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:157)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.validator.Validator.validate(Validator.java:238)
at sun.security.validator.Validator.validate(Validator.java:207)
at javax.crypto.JarVerifier.isTrusted(JarVerifier.java:610)
at javax.crypto.JarVerifier.verifySingleJar(JarVerifier.java:530)
at javax.crypto.JarVerifier.verifyJars(JarVerifier.java:363)
at javax.crypto.JarVerifier.verify(JarVerifier.java:289)
at javax.crypto.JceSecurity.verifyProviderJar(JceSecurity.java:164)
at javax.crypto.JceSecurity.getVerificationResult(JceSecurity.java:190)
at javax.crypto.JceSecurity.canUseProvider(JceSecurity.java:204)
at javax.crypto.KeyAgreement.getInstance(KeyAgreement.java:179)
at sun.security.ssl.JsseJce.getKeyAgreement(JsseJce.java:269)
at sun.security.ssl.JsseJce$EcAvailability.<clinit>(JsseJce.java:418)
at sun.security.ssl.JsseJce.isEcAvailable(JsseJce.java:194)
at sun.security.ssl.CipherSuite$KeyExchange.isAvailable(CipherSuite.java:371)
at sun.security.ssl.CipherSuite.isAvailable(CipherSuite.java:185)
at sun.security.ssl.SSLContextImpl.getApplicableCipherSuiteList(SSLContextImpl.java:304)
at sun.security.ssl.SSLContextImpl.access$100(SSLContextImpl.java:42)
at sun.security.ssl.SSLContextImpl$AbstractTLSContext.<clinit>(SSLContextImpl.java:432)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at java.security.Provider$Service.getImplClass(Provider.java:1634)
at java.security.Provider$Service.newInstance(Provider.java:1592)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:164)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:156)
at de.bytestore.mytriox.network.server.ServerSocket.startIO(ServerSocket.java:203)
at de.bytestore.mytriox.network.server.ServerSocket.start(ServerSocket.java:172)
at de.bytestore.mytriox.web.WebServer.start(WebServer.java:44)
at de.bytestore.mytriox.web.WebService.start(WebService.java:54)
at de.bytestore.mytriox.service.ServiceHandler.start(ServiceHandler.java:63)
at de.bytestore.mytriox.service.ServiceHandler.start(ServiceHandler.java:48)
at de.bytestore.mytriox.guardian.GuardianHandler.init(GuardianHandler.java:121)
at de.bytestore.mytriox.guardian.GuardianHandler.load(GuardianHandler.java:82)
at de.bytestore.mytriox.Controller.main(Controller.java:11)
我通过以下命令生成我的 KeyStore 文件:
keytool -genkeypair -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass 12345678 -dname "CN=localhost, OU=Developers, O=Bull Bytes, L=Linz, C=AT"
解决方案
问题是我的 KeyStore 的流方法。
我将 URL 转换为 URI 以打开 Stream,但由于相对路径错误,因此无法正常工作。
所以我现在使用 FileInputStream 并获取错误路径的异常。
推荐阅读
- docker - 有没有办法在 Docker 中配置自动挂载?
- angular - 如何在 Bamboo for Angular 项目中生成代码覆盖率数据?
- c++ - Q3DScatter 图的标签在哪里?
- visual-studio-code - 无法触发 VS Code 的设置“git.confirmEmptyCommits”:false
- java - 如何导出和导入相互依赖的 app-docker 和 mysql-docker?
- react-native - react-native 可以与 Proton native 共享代码库吗?
- python-3.x - 为什么'[False] 或 [True]' 在 python3 中计算为 [False]?
- docker - 是否可以在本地编写代码并使用 Visual Studio Code 在 docker 映像中构建它?
- javascript - 如何将数组、OnClick 中的值重置为按钮?
- javascript - React 组件在状态更新时自动重新安装,为什么?