SSLSocket创建的Java异常 [英] Java Exception on SSLSocket creation

问题描述

在代码中：

System.setProperty("javax.net.ssl.trustStore", cacerts);
System.setProperty("javax.net.ssl.trustStorePassword", pwdCacerts);

SSLSocketFactory sslsocketfactory = (SSLSocketFactory)  SSLSocketFactory.getDefault();
SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("localhost", port);

我获得Java异常：

java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
    at javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown Source)
    at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
    at PracticaRO.Cliente.main(Cliente.java:24)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
    at java.security.Provider$Service.newInstance(Unknown Source)
    at sun.security.jca.GetInstance.getInstance(Unknown Source)
    at sun.security.jca.GetInstance.getInstance(Unknown Source)
    at javax.net.ssl.SSLContext.getInstance(Unknown Source)
    at javax.net.ssl.SSLContext.getDefault(Unknown Source)
    at javax.net.ssl.SSLSocketFactory.getDefault(Unknown Source)
    at PracticaRO.Cliente.main(Cliente.java:23)
Caused by: java.io.IOException: Invalid keystore format
    at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
    at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
    at java.security.KeyStore.load(Unknown Source)
    at sun.security.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(Unknown Source)
    at sun.security.ssl.SSLContextImpl$DefaultSSLContext.getDefaultTrustManager(Unknown Source)
    at sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
    at java.lang.reflect.Constructor.newInstance(Unknown Source)
    at java.lang.Class.newInstance(Unknown Source)
    ... 7 more

在我使用 -keytool -import -keystore cacerts -alias kpServer type JCEKS -file Server.cer 导致上述异常的原因。

It worked fine until I imported a new public key into cacerts with -keytool -import -keystore cacerts -alias kpServer type JCEKS -file Server.cer what caused the exception above.

提前感谢您的任何帮助。

Thanks in advance for any help.

推荐答案

我将引导您完成设置过程。我建议你只使用一个密码，一开始就不要混淆。

按照以下步骤操作：

1。在命令行上：

I'm going to walk you through setup process. I suggest you use one password for everything just for you not to get confuse with it at first.

Follow this steps:
1. On Command Line:

要使用RSA创建公钥/私钥对，2048位，实体名称为secureEntity，存储在文件server.keyStore中。

1.1 keytool -genkeypair -alias secureEntity -keyalg RSA -keysize 2048 - keystone server.keyStore

To create a Public/Private Key Pair using RSA, 2048 bits, entity name is "secureEntity", stored in file "server.keyStore".
1.1 keytool -genkeypair -alias secureEntity -keyalg RSA -keysize 2048 - keystone server.keyStore

该命令存储私钥和secureEntity的公钥。

私钥，只有你应该有权访问它（通过知道文件密码）。

公钥存储为证书，所以它遵循X509证书协议字段。这样我们可以假设它包含一个公钥，并且这个公钥与secureEntity相关联。

这是我们需要知道的，以验证服务器发送给客户端的证书。 br>
SSL第一步验证由客户端完成，因此客户端首先验证服务器。

现在我们已经生成了证书，它存储在server.keyStore中我们可以导出它以便能够将其导入一个或多个trustStore。

我们的方式：

1.2 keytool -exportcert -alias secureEntity -file exported.cer -keystore server.keystore

That command stored a Private Key and a Public Key for "secureEntity".
The Private Key, only you should have access to it (by knowing file password).
The Public Key is stored as a Certificate, so it follows X509 Certificate protocol fields. That way we can assume it contains a public key, and this public key is associated to "secureEntity".
And this is what we need to know for us to validate the certificate sent by server to client.
SSL first step validation is made by client, so the client validates the server in first place.
So now that we have generated a certificate and it is stored in server.keyStore we can export it in order to be able to import it into one or more trustStore.
The way we do it:
1.2 keytool -exportcert -alias secureEntity -file exported.cer -keystore server.keystore

所以现在我们可以添加到我们真正的trustStore文件中，它会要求我们确认我们真的相信该实体是对的进口后。如果文件不存在，则会自动创建。

1.3 keytool -importcert -alias secureEntity -keystore trustedEntities.trustStore -file exported.cer

So now we can add to our really trustStore file, and it will ask us to confirm that we really trust that entity right after the import. If the file doesn't exists it well be automatically created.
1.3 keytool -importcert -alias secureEntity -keystore trustedEntities.trustStore -file exported.cer

为方便起见，我们可以将其导入仅包含服务器证书的文件：

1.4 keytool -importcert -alias secureEntity -keystore serverKeys.keyStore -file exported.cer

Now for convenience lets import it to a file that only contains server certificate:
1.4 keytool -importcert -alias secureEntity -keystore serverKeys.keyStore -file exported.cer

所以现在你的服务器应该有私钥和公钥（证书）。

So now your server should have a private and public key (certificate).

在JAVA中：

客户端：

System.setProperty（javax.net.ssl.trustStore， trustedEntities.trustStore）

和在这里创建sslsocket

Client Side:
System.setProperty("javax.net.ssl.trustStore","trustedEntities.trustStore")
and Create sslsocket here

服务器端：

系统。 setProperty（javax.net.ssl.keyStore，serverKeys.keyStore）

System.setProperty（javax.net.ssl.keyStorePassword，serverKeys.keyStore FILE WORDWORD，你之前定义的 ）

Server Side:
System.setProperty("javax.net.ssl.keyStore", "serverKeys.keyStore")
System.setProperty("javax.net.ssl.keyStorePassword", "serverKeys.keyStore FILE PASSWORD THAT YOU DEFINED BEFORE")

创建一个服务器ssl，就是这样。
希望这会有所帮助。干杯！

Create a server ssl and thats it. Hope this helps. Cheers!

这篇关于SSLSocket创建的Java异常的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！