简单的双向RMI SSL连接,PKIX路径构建失败

时间:2014-05-31 03:30:12

标签: java ssl rmi

我有一个程序,该程序有两个可运行的文件,一个叫做ServerImpl,另一个叫做ClientImpl。我的目标是能够使用带有SSL的RMI将ClientImpl连接到ServerImpl并调用方法。服务器还应该能够通过回调使用RMI和SSL调用客户端上的方法。我可以让客户端使用SSL连接到服务器并调用该服务器上的方法,但是我无法使用带有SSL的RMI将服务器连接回客户端。

该程序还有两个目录,包含两组不同的cert,keystore,truststore文件:

resources/client/
    client_cert.cer
    client_keystore.jks
    client_truststore.jks

 resources/server/
     server_cert.cer
     server_keystore.jks
     server_truststore.jks

ServerImpl.java文件:

public class ServerImpl implements ServerInt {

    private ClientInt client;

    public static void main(String[] args) {
        ServerImpl server = new ServerImpl();
        server.bind();
    }

    public void bind() {
        System.setProperty("java.rmi.server.hostname", "192.168.0.32");
        System.setProperty("javax.net.ssl.keyStore", "./resources/server/server_keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "password");

        RMIClientSocketFactory rmiClientSocketFactory = new SslRMIClientSocketFactory();
        RMIServerSocketFactory rmiServerSocketFactory = new SslRMIServerSocketFactory();

        try {
            ServerInt si = (ServerInt) UnicastRemoteObject.exportObject(this, 0, rmiClientSocketFactory, rmiServerSocketFactory);
            Registry reg = LocateRegistry.createRegistry(1099);

            reg.rebind("server", si);
            System.out.println("RMIServer is bound in registry");
        } catch (RemoteException ex) {
            Logger.getLogger(ServerImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    @Override
    public void connect(ClientInt ci) throws RemoteException {
        System.out.println("client connected");
    }

}

ClientImpl.java文件:

public class ClientImpl implements ClientInt {

    private ServerInt server;

    public static void main(String[] args) {
        ClientImpl client = new ClientImpl();
        client.bind();
        client.initConnection();
        client.connectToServer();

    }

    public void initConnection() {
        System.setProperty("javax.net.ssl.trustStore", "./resources/client/client_truststore.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "password");
        try {
            Registry reg = LocateRegistry.getRegistry("192.168.0.32", 1099);
            server = (ServerInt) reg.lookup("server");

        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NotBoundException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    public void bind() {
        System.setProperty("java.rmi.server.hostname", "192.168.0.32");
        System.setProperty("javax.net.ssl.keyStore", "./resources/client/client_keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "password");

        RMIClientSocketFactory rmiClientSocketFactory = new SslRMIClientSocketFactory();
        RMIServerSocketFactory rmiServerSockeyFactory = new SslRMIServerSocketFactory();
        try {

            ClientInt ci = (ClientInt) UnicastRemoteObject.exportObject(this, 0, rmiClientSocketFactory, rmiServerSockeyFactory);
            Registry reg = LocateRegistry.createRegistry(5001);
            reg.rebind("client", ci);
            System.out.println("RMIClient is bound in registry");
        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    public void connectToServer() {
        try {
            server.connect(this);
        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    @Override
    public void sayHelloToClient(String helloText) throws RemoteException {
        System.out.println(helloText);
    }
}

然后我运行ServerImpl.java文件,没有问题它运行正常。然后我运行ClientImpl.java文件,当我调用connectToServer方法时出错:

java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

任何人都可以了解问题在这里以及我如何能够解决它?如果做不到这一点,有人能指出我有一个关于让两个使用SSL互相交流的RMI实体的好教程吗?感谢。

1 个答案:

答案 0 :(得分:0)

好的,我已经弄清楚了。问题是相应的客户端/服务器java文件仍然使用默认的Java TrustStore,而不是我在原始问题代码中定义的自定义Truststore文件。以下是正在寻找使用SSL进行双向RMI客户端 - 服务器连接的简单演示的其他任何人的正确代码。

创建空白Java项目后,添加“资源”'文件夹进入顶级目录,该目录有两个子目录' client'和'服务器'。然后生成两组独立的证书,密钥库和信任库,并将它们放在相应的子目录中,如下所示:

resources/client/
    client_cert.cer
    client_keystore.jks
    client_truststore.jks

resources/server/
    server_cert.cer
    server_keystore.jks
    server_truststore.jks

然后为服务器创建一个名为' ServerInt':

的界面 
public interface ServerInt extends Remote {
    public void connect(ClientInt ci) throws RemoteException;
}

客户端的另一个界面名为' ClientInt':

public interface ClientInt extends Remote {
    public void sayHelloToClient(String helloText) throws RemoteException;
}

现在为服务器创建一个名为' ServerImpl':

的新java类 
public class ServerImpl implements ServerInt {

    public static void main(String[] args) {
        ServerImpl server = new ServerImpl();
        server.bind();
    }

    public void bind() {
//        System.setProperty("javax.net.debug", "all");        
        System.setProperty("javax.net.ssl.trustStore", "./resources/server/server_truststore.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "password");
        System.setProperty("java.rmi.server.hostname", "192.168.0.32");
        System.setProperty("javax.net.ssl.keyStore", "./resources/server/server_keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "password");


        RMIClientSocketFactory rmiClientSocketFactory = new SslRMIClientSocketFactory();
        RMIServerSocketFactory rmiServerSocketFactory = new SslRMIServerSocketFactory();

        try {


            // Uncomment this line...
            //ServerInt si = (ServerInt) UnicastRemoteObject.exportObject(this, 0);
            // and then comment out this line to turn off SSL (do the same in the ClientImpl.java file)
            ServerInt si = (ServerInt) UnicastRemoteObject.exportObject(this, 0, rmiClientSocketFactory, rmiServerSocketFactory);



            Registry reg = LocateRegistry.createRegistry(1099);
            reg.rebind("server", si);
            System.out.println("Server is bound in registry");
        } catch (RemoteException ex) {
            Logger.getLogger(ServerImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    @Override
    public void connect(ClientInt ci) throws RemoteException {
        System.out.println("Client is connected");

        // Generate a really big block of text to send to the client, that way it will be easy to see in a packet
        // capture tool like wireshark and verify that it is in fact encrypted.
        String helloText = "";
        for (int i = 0; i < 10000; i++) {
            helloText += "A";
        }

        ci.sayHelloToClient(helloText);
    }

}

最后,我们需要一个名为&#39; ClientImpl&#39;的客户端类:

public class ClientImpl implements ClientInt {

    private ServerInt server; 

    public static void main(String[] args) {
        ClientImpl client = new ClientImpl();
        client.bind();
        client.initConnection();
        client.connectToServer();

    }

    public void initConnection() {
        try {
            Registry reg = LocateRegistry.getRegistry("192.168.0.32", 1099);
            server = (ServerInt) reg.lookup("server");

        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        } catch (NotBoundException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    public void bind() {
//        System.setProperty("javax.net.debug", "all");        
        System.setProperty("javax.net.ssl.trustStore", "./resources/client/client_truststore.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "password");

        System.setProperty("java.rmi.server.hostname", "192.168.0.32");
        System.setProperty("javax.net.ssl.keyStore", "./resources/client/client_keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "password");


        RMIClientSocketFactory rmiClientSocketFactory = new SslRMIClientSocketFactory();
        RMIServerSocketFactory rmiServerSockeyFactory = new SslRMIServerSocketFactory();
        try {

            // Uncomment this line...
            // ClientInt ci = (ClientInt) UnicastRemoteObject.exportObject(this, 0);
            // and comment out this line to turn off SSL (do the same in the ServerImpl.java file)
            ClientInt ci = (ClientInt) UnicastRemoteObject.exportObject(this, 0, rmiClientSocketFactory, rmiServerSockeyFactory);


            Registry reg = LocateRegistry.createRegistry(5001);
            reg.rebind("client", ci);
            System.out.println("Client is bound in registry");
        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    public void connectToServer() {
        try {
            server.connect(this);
        } catch (RemoteException ex) {
            Logger.getLogger(ClientImpl.class.getName()).log(Level.SEVERE, null, ex);
        }
    }

    @Override
    public void sayHelloToClient(String helloText) throws RemoteException {
        System.out.println(helloText);
    }
}

这就是它的全部内容。首先运行&#39; ServerImpl&#39;文件,这将创建RMI服务器。然后运行&#39; ClientImpl&#39;文件,这将创建它自己的RMI注册表,然后通过connectToServer方法将自身发送到服务器。服务器将使用客户端RMI对象接收此消息,然后使用客户端RMI对象的该实例来调用客户端方法。一直使用SSL。

要验证它是否使用SSL,服务器会生成一个非常长的文本字符串并将其发送回客户端。通过使用像Wireshark这样的数据包捕获工具,您可以轻松地看到此消息已加密。我在代码中添加了注释,可以轻松关闭SSL,以便您无需加密即可查看此文本。

我花了很长时间才承认要把这一切都搞清楚,同时我也找不到关于这个主题的任何好的教程。所以希望如果其他人都坚持这个问题,这将有所帮助。

相关问题
最新问题