添加trustStore以进行客户端身份验证 [英] Add trustStore for client authentication
本文介绍了添加trustStore以进行客户端身份验证的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
服务器和各自的客户端支持客户端身份验证,但如下所示: SSLHandshakeException:no cipher套件共同,没有trustStore引用,即它们使用默认的trustStore。如何指定trustStore?
A server and respective client support client authentication but as noted here: SSLHandshakeException: no cipher suites in common, do not have trustStore reference, i.e. they use the default trustStore. How can the trustStore be specified?
ClassFileServer:
private static ServerSocketFactory getServerSocketFactory(String type) {
if (type.equals("TLS")) {
SSLServerSocketFactory ssf = null;
Properties systemProps = System.getProperties();
systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks");
systemProps.put( "javax.net.ssl.trustStorePassword", "p@ssw0rd");
System.setProperties(systemProps);
try {
// set up key manager to do server authentication
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "p@ssw0rd".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystore.jks"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
ssf = ctx.getServerSocketFactory();
return ssf;
} catch (Exception e) {
e.printStackTrace();
}
}
SSLSocketClientWithClientAuth:
try {
/*
* Set up a key manager for client authentication
* if asked by the server. Use the implementation's
* default TrustStore and secureRandom routines.
*/
Properties systemProps = System.getProperties();
systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks");
systemProps.put( "javax.net.ssl.trustStorePassword", "changeit");
System.setProperties(systemProps);
SSLSocketFactory factory = null;
try {
SSLContext ctx;
KeyManagerFactory kmf;
KeyStore ks;
char[] passphrase = "changeit".toCharArray();
ctx = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream("keystore.jks"), passphrase);
kmf.init(ks, passphrase);
ctx.init(kmf.getKeyManagers(), null, null);
factory = ctx.getSocketFactory();
} catch (Exception e) {
throw new IOException(e.getMessage());
}
SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
推荐答案
指定 trustStore 通过设置系统属性:
Specify the trustStore by setting the system properties:
System.setProperty(javax.net.ssl.trustStore,cacerts.jks );
或通过命令行调用:
-Djavax.net.ssl.keyStore = path / to / keystore.jks
这篇关于添加trustStore以进行客户端身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
