默认 SSL 上下文初始化失败:空 [英] Default SSL context init failed: null

问题描述

在创建 SSL 服务器时，我收到此异常:Default SSL context init failed: null.它似乎来自它找不到密钥库和信任库的事实.我尝试从 jar 文件中设置它们.该文件存在于 jar 中，但似乎找不到该资源.

When creating a SSL server, I got this exception: Default SSL context init failed: null. It seems that it comes from the fact it can't find the keystore and truststore. I try to set them from a jar file. The file exists in the jar but it seems that the resource cannot be found.

String keystore = TestFramework.class.getResource("/security/keystore.jks").getFile();
System.setProperty("javax.net.ssl.keyStore", keystore);
System.setProperty("javax.net.ssl.keyStorePassword", password);
String truststore = TestFramework.class.getResource("/security/truststore").getFile();
System.setProperty("javax.net.ssl.trustStore", truststore);
System.setProperty("javax.net.ssl.trustStorePassword", "ebxmlrr");

我运行了一个 ls 命令来检查文件是否存在.它存在.然后我通过运行命令 jar -tf myjar.jar | 检查 keystore.jks 是否存在.grep security 并且它存在.

I ran a ls command to check if the file exists. It exists. Then I check if the keystore.jks exists by running the command jar -tf myjar.jar | grep security and it exists.

security/
security/keystore.jks
security/truststore

我的应用程序在 Tomcat 下运行.

My application is running under Tomcat.

推荐答案

不起作用的原因是那些系统属性需要实际文件系统上的文件，而不是存档中的文件.您最好创建自己的 SSLContext 使用这些密钥库和信任流:

The reason that won't work is that those system properties are expecting a file on the actual filesystem, not from within an archive. You'd be better off creating your own SSLContext using those keystore and trustore streams:

KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(TestFramework.class.getResourceAsStream("/security/keystore.jks"), password.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, password.toCharArray());

KeyStore trustStore = KeyStore.getInstance("jks");
trustStore.load(TestFramework.class.getResourceAsStream("/security/truststore"), "ebxmlrr".toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);

SSLContext context = SSLContext.getInstance("SSL");
context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

...

HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());

这篇关于默认 SSL 上下文初始化失败:空的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！