我一直在研究java activemq客户端软件以连接到ssl驱动的代理,但是以编程方式设置信任存储:
// Configure the secure connection factory.
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
connectionFactory.setTrustStore("/conf/client.ts"); // truststore which includes the certificate of the broaker
connectionFactory.setTrustStorePassword("password");
如所示here。但是,抛出一个
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径构建失败 错误
在质量检查Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?的响应之后,我通过将代理证书添加到我的java安装的可信证书中,成功地将客户端连接到代理。
但是,在这种情况下,我不希望每个使用该应用程序的用户在其Java发行版上导入证书,而是希望客户端应用程序已经携带了代理证书。我怎样才能最好使用ActiveMQSslConnectionFactory类?
答案 0 :(得分:1)
据我了解,您需要信任所有传入的自签名证书。
您可以尝试这种方式(创建一个不验证然后注册它的信任管理器:
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certificates, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certificates, String authType) {
}
}
};
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
} catch (GeneralSecurityException e) {
}
//then do the ssl conversation.
答案 1 :(得分:0)
我仍然无法使用setTrustStore
ActiveMQSslConnectionFactory方法以编程方式设置信任库
但根据@Chris的回复,可以附加一个新的信任管理器,它接受ActiveMQSslConnectionFactory的所有证书。
为了做到这一点,我创建了与他相同的TrustManager,但使用了不同的方法将其链接到ActiveMQSslConnectionFactory
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certificates, String authType) {
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certificates, String authType) {
}
}
};
try {
String connectionString = "ssl://ipaddress:port"
ActiveMQSslConnectionFactory factory = new ActiveMQSslConnectionFactory(connectionString);
factory.setKeyAndTrustManagers(null, trustAllCerts, new SecureRandom());
Connection connection = factory.createConnection(user,password);
connection.start();
} catch (Exception e) {
}