KeyStore，HttpClient和HTTPS：有人可以向我解释这段代码吗？ [英] KeyStore, HttpClient, and HTTPS: Can someone explain this code to me?

问题描述

我正在尝试了解此代码。

KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());        
FileInputStream instream = new FileInputStream(new File("my.keystore")); 
try {
    trustStore.load(instream, "nopassword".toCharArray());
} finally {
    instream.close();
}

SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);
Scheme sch = new Scheme("https", socketFactory, 443);
httpclient.getConnectionManager().getSchemeRegistry().register(sch);

我的问题：

trustStore.load（instream，nopassword.toCharArray（））; 究竟在做什么？从阅读文档 load（）将使用一些任意的nopassword从输入流（我们刚刚创建的一个空文件）加载KeyStore数据。为什么不用 null 作为InputStream参数加载它，并将空字符串作为密码字段加载？

trustStore.load(instream, "nopassword".toCharArray()); is doing what exactly? From reading the documentation load() will load KeyStore data from an input stream (which is just an empty file we just created), using some arbitrary "nopassword". Why not just load it with null as the InputStream parameter and an empty string as the password field?

然后将这个空的KeyStore传递给SSLSocketFactory构造函数时会发生什么？这样的操作的结果是什么？

And then what is happening when this empty KeyStore is being passed to the SSLSocketFactory constructor? What's the result of such an operation?

或者 - 这只是一个例子，在实际的应用程序中你必须实际放置对现有密钥库文件的引用/密码？

Or -- is this simply an example where in a real application you would have to actually put a reference to an existing keystore file / password?

推荐答案

或者 - 这只是一个例子，你可以在一个真实的应用程序中实际上对现有密钥库文件/密码的引用？

Or -- is this simply an example where in a real application you would have to actually put a reference to an existing keystore file / password?

它看起来真的那样。在HttpClient 4.0.1的二进制或源代码发行版中没有分发my.keystore文件。要运行它，您将创建一个实际的密钥库。您可以使用 keytool 或 Portecle 。

It really looks that way. There is no "my.keystore" file distributed in either the binary or source distributions of HttpClient 4.0.1. For this to run you would create an actual keystore. You could use either keytool or Portecle.

此示例向您展示如何使用不同于JVM默认使用的信任存储区（$ JAVA_HOME / jre / lib / security / cacerts），该实例为 DefaultHttpClient 。当SSL站点使用由他们自己的内部签名的证书时，这非常有用。证书颁发机构。只有在识别出服务器证书的签名者时才会建立SSL连接。关于 TLS 的维基百科条目是一个不错的介绍，如果你不熟悉概念。

This example is showing you how to utilize a different trust store than the one that the JVM uses by default ($JAVA_HOME/jre/lib/security/cacerts) for this instance of DefaultHttpClient. This is useful when an SSL site is using a certificate signed by their own in-house certificate authority. The SSL connection will only be established when the signer of the server certificate is recognized. The Wikipedia entry on TLS is a decent introduction if you are unfamiliar with the concept.

这篇关于KeyStore，HttpClient和HTTPS：有人可以向我解释这段代码吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！