为商业产品的组件提供安全的HTTP通信 [英] secure HTTP communication for components of commercial product
问题描述
假设我想发布一个商业产品,它有两个用Java编写的组件,使用RESTful API在本地网络上相互通信。它可能是一个音乐经理,一个联系人数据库,一本食谱---重要的是这是一个合理且非常可能的场景。
Let's say I want to ship a commercial product that has two components, written in Java, communicating with each other on a local network using a RESTful API. It could be a music manager, a contact database, a cookbook --- what's important is that this is a reasonable and extremely likely scenario.
注意我我正在谈论通过本地网络互相交流的两个组件 - 而不是关于与我的服务器进行通信。
那么如何进行通信安全吗?
So how do I make the communication secure?
我知道如果我为这个世界建立一个HTTP服务器,我可以(甚至便宜地)购买SSL证书。我做到了但我不能告诉用户去购买证书---他们不知道我在说什么,也永远无法弄清楚如何安装它。
I know if I go set up an HTTP server for the world that I can (even cheaply) buy an SSL certificate. I've done it. But I can't tell the user to go buy a certificate --- they will have no idea what I'm talking about, and could never figure out how to install it.
那我该怎么办?向每个人发送我自己的自签名证书并做一些非常糟糕的事情,如禁用Java中的证书验证?可怕,我知道。但至少信息不会以纯文本形式出现。
So what do I do? Ship everybody my own self-signed certificate and do a Very Bad Thing like disable certificate validation in Java? Horrible, I know. But at least the information won't be going over the line in plain text.
任何人都有更好的解决方案吗?
Anyone have any better solutions?
推荐答案
2015年9月20日更新 以澄清评论中提出的要点
要了解如何做到这一点,让我们检查一下这种应用程序的可能部署方案。假设有问题的应用程序包含两个组件 - 客户端部分和服务器部分,旨在安装在本地网络上的不同计算机上。我们希望我们的服务器部件只接受安全连接,因此本地网络被认为是敌对的。
To understand how this can be done, let us examine a possible deployment scenario of such an application. Assume that the application in question comprises two components - the client part and the server part, meant to be installed onto different computers on a local network. We want our server part to accept secure connections only, so the local network is considered hostile.
-
安装服务器部件。在安装时,使用目标计算机的主机名以编程方式创建自签名证书。如果计算机没有DNS记录(例如 myserver.mycorp.com ),请使用其IP地址 - 它必须是静态的,因为我们需要将客户端部分指向它。您可以使用 Bouncy Castle API 以代码创建证书。
Install the server part. At the time of the installation, programmatically create a self-signed certificate using the hostname of a target computer. If there is no DNS record for the computer (like myserver.mycorp.com), use its IP address - it has to be static since we need to point the client part to it. You can use Bouncy Castle API to create a certificate in code.
将客户端部件安装到另一台计算机上,并将生成的证书复制到安装文件夹。手动执行此操作可有效地在服务器和客户端之间建立信任。尝试通过恶意网络上的未加密连接自动执行此操作将失去目的。
Install the client part onto another computer, and copy the generated certificate to the installation folder. Doing this manually is effectively establishing trust between the server and client. Trying to do this automatically via an unencrypted connection over a hostile network would be defeating the purpose.
由于您确保在您自己的应用程序部分之间严格保密通信,完全控制相关应用程序所信任的证书。在客户端上,创建一个密钥库,并将生成的证书添加到它:
Since you are securing communication strictly beetween your own application parts, you are in full control of what certificates the application in question trusts. On the client, create a keystore, and add the generated certificate to it:
FileInputStream fis = new FileInputStream(yourCertificateFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate c = (X509Certificate)cf.generateCertificate(fis);
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, aRandomKeystorePasswordCharArray);
ks.setCertificateEntry(aUniqueNameForYourCertificate, c);
FileOutputStream fos = new FileOutputStream(aRandomKeystoreFileName);
ks.store(fos, aRandomKeystorePasswordCharArray);
fos.close();
告诉JVM您的应用程序只会信任来自其自己的密钥库的证书。
Tell the JVM that your application is only going to trust certificates from its own keystore.
// replace backslashes '\' with slashes '/' in aRandomKeystoreFileName on Windows
System.setProperty("javax.net.ssl.trustStore", aRandomKeystoreFileName);
System.setProperty("javax.net.ssl.trustStorePassword", aRandomKeystorePassword);
这篇关于为商业产品的组件提供安全的HTTP通信的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
