使用自生成的密钥来测试 java ssl 应用程序
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2125686/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Using a self generated key to test java ssl app
提问by oneAday
i'm working on a very simple server that uses ssl (in netbeans) - to test it i've created a certificate following the instructions here: http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html
我正在一个非常简单的服务器上工作,它使用 ssl(在 netbeans 中) - 为了测试它,我按照这里的说明创建了一个证书:http: //java.sun.com/javaee/5/docs/tutorial/doc /bnbxw.html
java-home\bin\keytool -genkey -alias server-alias-keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
java-home\bin\keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks
java-home\bin\keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Now to get a simple echo server using ssl going, i'vre tried a variety of code: all of which throw lots of exceptions - one example is below:
现在为了使用 ssl 获得一个简单的回显服务器,我尝试了各种代码:所有这些代码都会抛出很多异常——下面是一个例子:
try {
System.setProperty("javax.net.ssl.keyStore", "cacerts.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
ServerSocket ss = ssf.createServerSocket(5432);
} catch (Exception e {
e.printStackTrace();
}
Is this the best way to be doing this?
这是最好的方法吗?
The java page mentions this:
java页面提到了这一点:
You must enter the server name in response to keytool's first prompt, in which it asks for first and last names. For testing purposes, this can be localhost.
When you run the example applications, the host specified in the keystore must match the host identified in the javaee.server.name property specified in the file tut-install/javaeetutorial5/examples/bp-project/build.properties.
您必须输入服务器名称以响应 keytool 的第一个提示,它要求输入名字和姓氏。出于测试目的,这可以是本地主机。
运行示例应用程序时,密钥库中指定的主机必须与文件 tut-install/javaeetutorial5/examples/bp-project/build.properties 中指定的 javaee.server.name 属性中标识的主机匹配。
How do i apply this to code im building (and running) in the netbeans ide?
我如何将其应用于在 netbeans ide 中构建(和运行)的代码?
UPDATE: it throws the following errors
更新:它引发以下错误
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLServerSocketFactory.throwException(SSLServerSocketFactory.java:142)
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(SSLServerSocketFactory.java:149)
at MainClass.main(MainClass.java:23)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLServerSocketFactory.getDefault(SSLServerSocketFactory.java:96)
at MainClass.main(MainClass.java:21)
Caused by: java.security.PrivilegedActionException: java.io.FileNotFoundException: cacerts.jks (The system cannot find the file specified)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:120)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at java.security.Provider$Service.newInstance(Provider.java:1221)
... 6 more
Caused by: java.io.FileNotFoundException: cacerts.jks (The system cannot find the file specified)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at java.io.FileInputStream.<init>(FileInputStream.java:66)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.run(DefaultSSLContextImpl.java:123)
at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.run(DefaultSSLContextImpl.java:121)
... 16 more
many thanks
非常感谢
回答by Stephen C
If you used 'localhost' as the hostname in the self-signed certificate, then HTTPS will only work when you send requests to your server using 'localhost' as the domain name for the request.
如果您在自签名证书中使用“localhost”作为主机名,那么 HTTPS 仅在您使用“localhost”作为请求的域名向您的服务器发送请求时才有效。
EDIT: based on the exception, I'd say that the real problem may be that your keystore file is not in the location that the JVM expects it to be. Try using an absolute pathname in the system property that gives the location.
编辑:基于异常,我想说真正的问题可能是您的密钥库文件不在 JVM 期望的位置。尝试在给出位置的系统属性中使用绝对路径名。
