SSLSocket创建中的Java异常
作者:互联网
在代码中:
System.setProperty("javax.net.ssl.trustStore", cacerts);
System.setProperty("javax.net.ssl.trustStorePassword", pwdCacerts);
SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", port);
我得到一个Java异常:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at PracticaRO.Cliente.main(Cliente.java:24)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
at java.security.Provider$Service.newInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getInstance(Unknown Source)
at javax.net.ssl.SSLContext.getDefault(Unknown Source)
at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
at PracticaRO.Cliente.main(Cliente.java:23)
Caused by: java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(Unknown Source)
at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
... 7 more
在我使用-keytool -import -keystore cacerts -alias kpServer类型JCEKS -file Server.cer将新的公钥导入cacerts之前,它一直工作良好,是什么导致了上述异常.
在此先感谢您的帮助.
解决方法:
我将引导您完成设置过程.我建议您将一个密码用于所有操作,以免一开始就混淆它.
请按照以下步骤操作:
1.在命令行上:
要使用2048位RSA创建公用/专用密钥对,实体名称为“ secureEntity”,存储在文件“ server.keyStore”中.
1.1 keytool -genkeypair -alias secureEntity -keyalg RSA -keysize 2048-梯形服务器.keyStore
该命令为“ secureEntity”存储了一个私钥和一个公钥.
私钥,只有您才能访问它(通过知道文件密码).
公钥存储为证书,因此遵循X509证书协议字段.这样,我们可以假定它包含一个公共密钥,并且此公共密钥与“ secureEntity”相关联.
这是我们需要验证服务器发送给客户端的证书的知识.
SSL第一步验证是由客户端进行的,因此客户端首先验证服务器.
现在,我们已经生成了一个证书并将其存储在server.keyStore中,我们可以导出该证书,以便将其导入一个或多个trustStore中.
我们的方式:
1.2 keytool -exportcert-别名secureEntity-文件exported.cer -keystore server.keystore
因此,现在我们可以将其添加到真正的trustStore文件中,它将要求我们在导入后立即确认我们确实信任该实体.如果该文件不存在,则会自动创建.
1.3 keytool -importcert -alias secureEntity -keystoretrustedEntities.trustStore -fileexported.cer
为了方便起见,现在将其导入仅包含服务器证书的文件中:
1.4 keytool -importcert -alias secureEntity -keystore serverKeys.keyStore -fileexported.cer
因此,现在您的服务器应该具有私钥和公钥(证书).
在JAVA中:
客户端:
System.setProperty( “javax.net.ssl.trustStore中”, “trustedEntities.trustStore”)
并在这里创建sslsocket
服务器端:
System.setProperty(“ javax.net.ssl.keyStore”,“ serverKeys.keyStore”)
System.setProperty(“ javax.net.ssl.keyStorePassword”,“ serverKeys.keyStore您之前定义的文件密码”)
创建服务器ssl就是这样.
希望这可以帮助.干杯!
标签:java,keytool,truststore,sslsocketfactory 来源: https://codeday.me/bug/20191010/1884049.html