我已经设置了一个自签名证书来测试ssl java连接 - 但是,它拒绝找到java trustStore。除了编译类的文件夹(使用netbeans)以及/ java / jre6 / bin之外,我还在/ Java / jre6 / lib / security中保存了它的副本 以上都不会起作用,因为当我运行以下命令时 - trustStore = null。
public class ShowTrustStore {
public static void main(String[] args) {
System.setProperty("javax.net.ssl.keyStore", "keystore.jks");
System.setProperty("javax.net.ssl.trustStrore", "cacerts.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
String trustStore = System.getProperty("javax.net.ssl.trustStore");
if (trustStore == null) {
System.out.println("javax.net.ssl.trustStore is not defined");
} else {
System.out.println("javax.net.ssl.trustStore = " + trustStore);
}
}
}
如何正确设置路径?
********** UPDATE ************ 使用getFile()方法和一些其他调试数据:
package ssltest;
public class Main {
public static void main(String[] args) {
// System.setProperty("javax.net.ssl.keyStore", "/keystore.jks");
// System.setProperty("javax.net.ssl.trustStrore", "/java.home/cacerts.jks");
// System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
// System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
try {
Main.class.getResource("trustStore.jks").getFile();
} catch (Exception e) {
e.printStackTrace();
}
String trustStore = System.getProperty("javax.net.ssl.trustStore");
if (trustStore == null) {
String storeLoc;
storeLoc = System.getProperty("java.class.path");
System.out.println("classpath: " + storeLoc);
}
trustStore = System.getProperty("javax.net.ssl.trustStore");
if (trustStore == null) {
System.out.println("javax.net.ssl.trustStore is not defined");
} else {
System.out.println("javax.net.ssl.trustStore = " + trustStore);
}
}
}
运行: 显示java.lang.NullPointerException classpath:C:\ Users \ Main \ Documents \ NetBeansProjects \ sslTest \ build \ classes; C:\ Users \ Main \ Documents \ NetBeansProjects \ sslTest \ src 在ssltest.Main.main(Main.java:15) javax.net.ssl.trustStore未定义 建立成功(总时间:0秒)
答案 0 :(得分:62)
你有一个拼写错误 - 它是trustStore。
除了使用System.setProperty(..)设置变量外,您还可以使用
-Djavax.net.ssl.keyStore=path/to/keystore.jks
答案 1 :(得分:44)
看起来你有一个错字 - “trustStrore”应该是“trustStore”,即
System.setProperty("javax.net.ssl.trustStrore", "cacerts.jks");
应该是:
System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
答案 2 :(得分:11)
两个
-Djavax.net.ssl.trustStore=path/to/trustStore.jks
和
System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
做同样的事情,没有明显的工作差异。在你的情况下,你只是有一个错字。您在trustStore
javax.net.ssl.trustStore.
答案 3 :(得分:1)
或者,如果使用javax.net.ssl.trustStore指定信任库的位置不起作用(就像我在双向身份验证中那样),您还可以使用SSLContextBuilder,如下例所示。此示例还包括如何创建httpclient,以显示SSL构建器如何工作。
SSLContextBuilder sslcontextbuilder = SSLContexts.custom();
sslcontextbuilder.loadTrustMaterial(
new File("C:\\path to\\truststore.jks"), //path to jks file
"password".toCharArray(), //enters in the truststore password for use
new TrustSelfSignedStrategy() //will trust own CA and all self-signed certs
);
SSLContext sslcontext = sslcontextbuilder.build(); //load trust store
SSLConnectionSocketFactory sslsockfac = new SSLConnectionSocketFactory(sslcontext,new String[] { "TLSv1" },null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsockfac).build(); //sets up a httpclient for use with ssl socket factory
try {
HttpGet httpget = new HttpGet("https://localhost:8443"); //I had a tomcat server running on localhost which required the client to have their trust cert
System.out.println("Executing request " + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
答案 4 :(得分:0)
正如其他人指出的那样,该属性中有一个拼写错误。
检查 JVM 是否正在使用配置的 trustStore 的另一种方法是添加属性:-Djavax.net.debug=all,这将打开调试消息。
应用程序启动后,会打印出如下信息:
javax.net.ssl|DEBUG|11|parallel-1|2021-04-17 21:25:13.827 CST|TrustStoreManager.java:112|trustStore is: C:/path/to/the/trustStore
然后我们可以判断它是使用我们想要的还是JDK自带的。
参考