简单的 Java HTTPS 服务器 [英] Simple Java HTTPS server

问题描述

我需要为 Java 应用程序设置一个真正轻量级的 HTTPS 服务器.这是一个模拟器，我们的开发实验室正在使用它来模拟一台设备在野外接受的 HTTPS 连接.因为它纯粹是一个轻量级的开发工具，根本没有以任何方式用于生产，所以我很乐意绕过认证和尽可能多的谈判.

I need to set up a really lightweight HTTPS server for a Java application. It's a simulator that's being used in our development labs to simulate the HTTPS connections accepted by a piece of equipment in the wild. Because it's purely a lightweight development tool and isn't used in production in any way at all, I'm quite happy to bypass certifications and as much negotiation as I can.

我计划在 Java 6 SE 中使用 HttpsServer 类，但我正在努力让它工作.作为测试客户端，我从 cygwin 命令行 (wget https://[address]:[port]) 使用 wget 但 wget 报告无法建立 SSL 连接".

I'm planning on using the HttpsServer class in Java 6 SE but I'm struggling to get it working. As a test client, I'm using wget from the cygwin command line (wget https://[address]:[port]) but wget reports that it was "Unable to establish SSL connection".

如果我使用 -d 选项运行 wget 进行调试，它会告诉我SSL 握手失败".

If I run wget with the -d option for debugging it tells me "SSL handshake failed".

我花了 30 分钟在谷歌上搜索这个，一切似乎都指向了描述方法的相当无用的 Java 6 文档，但实际上并没有谈论如何让这该死的事情说话或提供任何示例代码.

I've spent 30 minutes googling this and everything seems to just point back to the fairly useless Java 6 documentation that describes the methods but doesn't actually talk about how to get the darn thing talking or provide any example code at all.

有人能把我推向正确的方向吗?

Can anyone nudge me in the right direction?

推荐答案

我最终使用的是这个:

try {
    // Set up the socket address
    InetSocketAddress address = new InetSocketAddress(InetAddress.getLocalHost(), config.getHttpsPort());

    // Initialise the HTTPS server
    HttpsServer httpsServer = HttpsServer.create(address, 0);
    SSLContext sslContext = SSLContext.getInstance("TLS");

    // Initialise the keystore
    char[] password = "simulator".toCharArray();
    KeyStore ks = KeyStore.getInstance("JKS");
    FileInputStream fis = new FileInputStream("lig.keystore");
    ks.load(fis, password);

    // Set up the key manager factory
    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, password);

    // Set up the trust manager factory
    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);

    // Set up the HTTPS context and parameters
    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext) {
        public void configure(HttpsParameters params) {
            try {
                // Initialise the SSL context
                SSLContext c = SSLContext.getDefault();
                SSLEngine engine = c.createSSLEngine();
                params.setNeedClientAuth(false);
                params.setCipherSuites(engine.getEnabledCipherSuites());
                params.setProtocols(engine.getEnabledProtocols());

                // Get the default parameters
                SSLParameters defaultSSLParameters = c.getDefaultSSLParameters();
                params.setSSLParameters(defaultSSLParameters);
            } catch (Exception ex) {
                ILogger log = new LoggerFactory().getLogger();
                log.exception(ex);
                log.error("Failed to create HTTPS port");
            }
        }
    });
    LigServer server = new LigServer(httpsServer);
    joinableThreadList.add(server.getJoinableThread());
} catch (Exception exception) {
    log.exception(exception);
    log.error("Failed to create HTTPS server on port " + config.getHttpsPort() + " of localhost");
}

生成密钥库:

$ keytool -genkeypair -keyalg RSA -alias self_signed -keypass simulator 
  -keystore lig.keystore -storepass simulator

另请参见此处.

可能 storepass 和 keypass 可能不同，在这种情况下 ks.load 和 kmf.init 必须分别使用 storepass 和 keypass.

Potentially storepass and keypass might be different, in which case the ks.load and kmf.init must use storepass and keypass, respectively.

这篇关于简单的 Java HTTPS 服务器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！