使用自生成的密钥来测试java ssl app [英] Using a self generated key to test java ssl app

问题描述

我正在使用一个非常简单的服务器，使用ssl（在netbeans中） - 测试它我按照这里的说明创建了一个证书：
http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html

i'm working on a very simple server that uses ssl (in netbeans) - to test it i've created a certificate following the instructions here: http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html

java-home\bin\keytool -genkey -alias server-alias-keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks

java-home\bin\keytool -export -alias server-alias -storepass changeit -file server.cer -keystore keystore.jks

java-home\bin\keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit

现在要使用ssl获取一个简单的echo服务器，我尝试了各种代码：所有这些代码都有很多例外 - 下面是一个例子：

Now to get a simple echo server using ssl going, i'vre tried a variety of code: all of which throw lots of exceptions - one example is below:

try {
            System.setProperty("javax.net.ssl.keyStore", "cacerts.jks");
            System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

            SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();

            ServerSocket ss = ssf.createServerSocket(5432);
        } catch (Exception e {
            e.printStackTrace();
        }

这是最好的方法吗？

java页面提到：

您必须在
响应keytool的第一个提示输入服务器名称，在
中它要求输入第一个和最后一个
名称。出于测试目的，这可以
是localhost。

You must enter the server name in response to keytool’s first prompt, in which it asks for first and last names. For testing purposes, this can be localhost.

运行示例应用程序时，
密钥库中指定的主机
必须与$ b中标识的主机匹配$ b javaee.server.name属性在
tut-install / javaeetutorial5 / examples / bp-project / build.properties文件中指定
。

When you run the example applications, the host specified in the keystore must match the host identified in the javaee.server.name property specified in the file tut-install/javaeetutorial5/examples/bp-project/build.properties.

如何将此应用于netbeans ide中的代码构建（和运行）？

How do i apply this to code im building (and running) in the netbeans ide?

更新：它会抛出以下错误

java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at javax.net.ssl.DefaultSSLServerSocketFactory.throwException(SSLServerSocketFactory.java:142)
        at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(SSLServerSocketFactory.java:149)
        at MainClass.main(MainClass.java:23)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at java.security.Provider$Service.newInstance(Provider.java:1245)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
        at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
        at javax.net.ssl.SSLServerSocketFactory.getDefault(SSLServerSocketFactory.java:96)
        at MainClass.main(MainClass.java:21)
Caused by: java.security.PrivilegedActionException: java.io.FileNotFoundException: cacerts.jks (The system cannot find the file specified)
        at java.security.AccessController.doPrivileged(Native Method)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:120)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at java.security.Provider$Service.newInstance(Provider.java:1221)
        ... 6 more
Caused by: java.io.FileNotFoundException: cacerts.jks (The system cannot find the file specified)
        at java.io.FileInputStream.open(Native Method)
        at java.io.FileInputStream.<init>(FileInputStream.java:106)
        at java.io.FileInputStream.<init>(FileInputStream.java:66)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl$2.run(DefaultSSLContextImpl.java:123)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl$2.run(DefaultSSLContextImpl.java:121)
        ... 16 more

非常感谢

推荐答案

如果您使用localhost作为自签名证书中的主机名，则HTTPS仅在您使用localhost向服务器发送请求时才有效作为请求的域名。

If you used 'localhost' as the hostname in the self-signed certificate, then HTTPS will only work when you send requests to your server using 'localhost' as the domain name for the request.

编辑：基于异常，我会说真正的问题可能是你的密钥库文件不在JVM期望的位置。尝试在提供位置的系统属性中使用绝对路径名。

EDIT : based on the exception, I'd say that the real problem may be that your keystore file is not in the location that the JVM expects it to be. Try using an absolute pathname in the system property that gives the location.

这篇关于使用自生成的密钥来测试java ssl app的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！