我正在编写一个带有RMI的客户端服务器应用程序,我想保护客户端和服务器之间的流量。我想使用SslRMIClientSocketFactory和SslRMIServerSocketFactory来实现此目的。
我为客户端和服务器(client.private和server.private)创建了密钥对,还为客户端和服务器创建了密钥对(client.public和{{1 }})。
我认为我正确地将keypair添加到密钥库并将证书添加到信任库。 我只在导出我的对象时使用自定义套接字工厂,而不是在我创建RMI注册表时。这是我的代码:
服务器
server.public客户端:
public class Server implements ServerProtocol {
public Server() {
super();
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
LocateRegistry.createRegistry(2020).rebind("server", this);
UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
}
public void sayHello() {
System.out.println("Hello");
}
}
运行时,我收到以下错误消息:
public class Client implements ClientProtocol {
public Client() {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
Registry reg = LocateRegistry.getRegistry("localhost", 2020);
serverStub = (ServerService) reg.lookup("server");
stub = (ClientService) UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
serverStub.sayHello();
}
}
我使用以下命令创建密钥,导出和导入密钥:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at com.sun.proxy.$Proxy0.sayHello(Unknown Source)
at project.Client.<init>(Client.java:100)
at project.Client.main(Client.java:785)
我是否需要配置其他内容才能使其正常工作? Eclipse中的东西?
答案 0 :(得分:1)
您正在使用SSL套接字工厂创建注册表,但您没有向getRegistry()提供套接字工厂。
答案 1 :(得分:0)
我能够通过避免内置Java类SslRMIClientSocketFactory和SslRMIServerSocketFactory并创建我自己的实现RMIClientSocketFactory和RMIServerSocketFactory接口的类来解决这个问题。 / p>
<强>的RMIClientSocketFactory
public class MyClientSocketFactory implements RMIClientSocketFactory, Serializable {
public MyClientSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLSocketFactory sf = SSLC.getSocketFactory();
SSLSocket socket = (SSLSocket) sf.createSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}
<强>的RMIServerSocketFactory
public class MyServerSocketFactory implements RMIClientSocketFactory, Serializable {
public MyServerSocketFactory() {}
public Socket createSocket(String host, int port) {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SSLServerSocketFactory sf = SSLC.getServerSocketFactory();
SSLServerSocket socket = (SSLServerSocket) sf.createServerSocket(host, port);
return socket;
}
public int hashCode() {
return getClass().hashCode();
}
public boolean equals(Object obj) {
if (obj == this) {
return true;
} else if (obj == null || getClass() != obj.getClass()) {
return false;
}
return true;
}
}