java KeyStore、HttpClient 和 HTTPS:有人可以向我解释此代码吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2741457/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
KeyStore, HttpClient, and HTTPS: Can someone explain this code to me?
提问by stormin986
I'm trying to understand what's going on in this code.
我试图了解这段代码中发生了什么。
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("my.keystore"));
try {
trustStore.load(instream, "nopassword".toCharArray());
} finally {
instream.close();
}
SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);
My Questions:
我的问题:
trustStore.load(instream, "nopassword".toCharArray());is doing what exactly? From reading the documentation load()will load KeyStore data from an input stream (which is just an empty file we just created), using some arbitrary "nopassword". Why not just load it with nullas the InputStream parameter and an empty string as the password field?
trustStore.load(instream, "nopassword".toCharArray());究竟是在做什么?通过阅读文档load()将从输入流(这只是我们刚刚创建的一个空文件)中加载 KeyStore 数据,使用一些任意的“无密码”。为什么不直接将其null作为 InputStream 参数加载,并将空字符串作为密码字段加载?
And then what is happening when this empty KeyStore is being passed to the SSLSocketFactory constructor? What's the result of such an operation?
那么当这个空的 KeyStore 被传递给 SSLSocketFactory 构造函数时会发生什么?这样操作的结果是什么?
Or -- is this simply an example where in a real application you would have to actually put a reference to an existing keystore file / password?
或者——这仅仅是一个例子,在实际应用程序中,您必须实际引用现有的密钥库文件/密码?
采纳答案by laz
Or -- is this simply an example where in a real application you would have to actually put a reference to an existing keystore file / password?
或者——这仅仅是一个例子,在实际应用程序中,您必须实际引用现有的密钥库文件/密码?
It really looks that way. There is no "my.keystore"file distributed in either the binary or source distributions of HttpClient 4.0.1. For this to run you would create an actual keystore. You could use either keytoolor Portecle.
看起来真的是这样。在"my.keystore"HttpClient 4.0.1 的二进制或源代码分发中没有分发文件。为此,您将创建一个实际的密钥库。您可以使用keytool或Portecle。
This example is showing you how to utilize a different trust store than the one that the JVM uses by default ($JAVA_HOME/jre/lib/security/cacerts) for this instance of DefaultHttpClient. This is useful when an SSL site is using a certificate signed by their own in-house certificate authority. The SSL connection will only be established when the signer of the server certificate is recognized. The Wikipedia entry on TLSis a decent introduction if you are unfamiliar with the concept.
此示例向您展示了如何为DefaultHttpClient. 当 SSL 站点使用由他们自己的内部证书颁发机构签署的证书时,这很有用。只有在服务器证书的签名者被识别时才会建立 SSL 连接。如果您不熟悉TLS的概念,维基百科上的TLS条目是一个不错的介绍。
回答by ZZ Coder
This example tries to show you how to load your own trust store. To get this example working, you need to have a file called "my.keystore" in your current directory and the password for the keystore is "nopassword".
此示例试图向您展示如何加载您自己的信任存储。要使此示例正常工作,您需要在当前目录中有一个名为“my.keystore”的文件,并且密钥库的密码是“nopassword”。
Please note new File("my.keystore")doesn't necessarily create a new file. It simply creates a File object pointing to the path.
请注意new File("my.keystore")不一定创建新文件。它只是创建一个指向路径的 File 对象。
