带有SSL的RMI - 服务器启动时的握手异常(没有共同的密码套件)

时间:2014-10-12 01:12:13

标签: java ssl rmi keytool

已更新!

当我尝试运行服务器时,我收到了SSL握手异常(javax.net.ssl.SSLHandshakeException: no cipher suites in common)。 远程方法只添加两个整数,并应返回结果。

这是将调试设置为“all”的例外(这是出于学术目的):

f4e@ubuntu:~/src$ java -cp /home/f4e/src:/home/f4e/public_html/classes/compute.jar -Djavax.net.debug=all JavaMainServer
keyStore is : /home/f4e/src/serverkeystore
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
***
found key for : server
chain [0] = [
[
  Version: V3
  Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 18523315733382648428919797254180215121918680143007156020237354938904591444431012172536331570011181574721085963241699242853767649174345376352591591448005435254849892937718191287509551368398704906969172147973698519659824622806121999239096092356467792628227325721217980719230231762025485862089668075844884800711903665577397049161291123872070216055386733370538028317923384382556173303479769656151061580819536871500370959735685963256143202392828062573471002182934694101563872088260168888834961204862115930106248918201069963020941120542510624155122918649342520758653875037471445162406226513752022792866552462931171741371669
  public exponent: 65537
  Validity: [From: Sun Oct 12 07:56:20 PDT 2014,
               To: Mon Oct 12 07:56:20 PDT 2015]
  Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  SerialNumber: [    66990436]

Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB FB BA 6D C8 1E 01 C7   AF E7 4D F4 EC A2 A5 68  ...m......M....h
0010: D0 86 49 74                                        ..It
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 64 5D 21 4A 7F 0A 6E 2C   FA 84 53 E2 32 C0 CF 0E  d]!J..n,..S.2...
0010: 02 4E DE 2E 59 B2 5F 43   BF 5F A8 95 65 1C 28 02  .N..Y._C._..e.(.
0020: 50 C7 9A 4A E0 CF 88 5B   62 6E C6 97 92 64 13 F0  P..J...[bn...d..
0030: CE BA FD C9 51 1F 02 D3   02 05 93 2B 93 C1 35 0E  ....Q......+..5.
0040: C2 1B 5F BA 97 63 B3 85   06 17 72 23 74 EA 40 04  .._..c....r#t.@.
0050: 40 31 36 AB 6D 93 DE 5B   6F 4F BB A1 0E 7A 55 AD  @16.m..[oO...zU.
0060: AE C6 C2 07 D1 2D 36 CF   E8 93 B1 1E 36 F6 6E E8  .....-6.....6.n.
0070: FE 37 7B 88 E8 B5 3E 01   62 5F 2D 0F D6 7E 6D 41  .7....>.b_-...mA
0080: 01 48 09 61 87 2E 29 4F   E8 73 D5 D1 5F 09 43 D4  .H.a..)O.s.._.C.
0090: 88 0C 10 01 33 E7 5E 70   1D E9 54 0F 21 39 09 0F  ....3.^p..T.!9..
00A0: E6 A9 43 64 B9 9C 09 BC   9B 5D 87 82 C0 70 58 60  ..Cd.....]...pX`
00B0: 84 56 E9 4B 48 76 CF 31   0F E9 33 5C 63 09 6B AA  .V.KHv.1..3\c.k.
00C0: 7D 2E C8 72 84 8D 7A 59   6C A1 CA E0 85 31 C5 CA  ...r..zYl....1..
00D0: 37 55 6D E7 3A B6 12 FE   7E 06 FA 9D CB 74 BE 52  7Um.:........t.R
00E0: 12 17 41 B6 41 E8 06 97   21 C3 29 A0 C6 50 D3 6A  ..A.A...!.)..P.j
00F0: 42 99 22 CC F8 52 79 01   91 B1 6A 5B 81 3C 78 F6  B."..Ry...j[.<x.

]
***
trustStore is: /home/f4e/src/servertruststore
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Issuer:  CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
  Algorithm: RSA; Serial number: 0x66990436
  Valid from Sun Oct 12 07:56:20 PDT 2014 until Mon Oct 12 07:56:20 PDT 2015

trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256%% No cached client session
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*** ClientHello, TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
RandomCookie:  GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71
, Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false115, 180, 83, 192, 38, 54
, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 119
0000: 01 00 00 73 03 01 54 3C   51 5A 39 F5 F3 44 F9 A5  ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB   4E 28 6F C6 E5 33 92 1B  Gs.S.&6.N(o..RMI TCP Connection(2)-192.168.190.129, setSoTimeout(7200000) called3..
0020: 
57 0D 21 61 86 EF 00 00   38 C0 0A C0 14 00 35 C0  W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 12 00 0A 00   08 00 06 00 17 00 18 00  ................
0070: 19 00 0B 00 02 01 00                               .......
main, WRITE: TLSv1 Handshake, length = 119
[Raw write]: length = 124[Raw read]: length = 5
0000: 16 03 01 00 77    
      0000:                     16    03     01 .00 ..77 .01 w
[Raw read]: length = 11900 00   
0000: 73 03 01 54 3C 51 5A 39 01  00 .00 .73 .03 .01 w.54 .3C .  s.51 .5A T<QZ9
0010: 39 F5 F3 F5 44 F3 F9 44 F9 A5 A5  47 .73 .B4 .  s.53 .T<QZ9.C0 .26 D.36 .EB 
0010: 4E 47 28 73 6F B4  .53 .C0 D.26 .36 Gs.EB S.  &6.4E N(o
0020: 28 C6 6F E5 C6 33 E5 92 33 92 1B 1B  57 Gs.0D S.&6.21 N(o.  .61 3.86 .EF 
0020: 00 57 00 0D 38 21 C0 61 0A 86  EF 00 .00 .  3.38 .C0 W.0A !a.C0 14 .00 .35 .C0 8. .W.
!a.0030: .C0 ..14 8.00 .35 .C0 ..05 5.C0 
0F 0030:   05 00 C0 39 0F 00 00 38 39 00 C0 38 09 C0 C0   13 09 C0 13 00 2F  C0 ...04 5.C0 . ......9..8.9..8......
0040: 00 .2F /.C0 ..04 
C0 0040: 0E 0E 00 00 33 33   00 00 32 32 C0 07 C0 C0   07 11 00 05 C0 C0 02 11 C0 0C 00 C0 05   .../.3.2.........3...2..........

0050: 0050: 08 C0 C0 02 12 C0 00 0A 0C C0 C0 03 08 C0 C0   12 0D   00 00 16 00 13 00 0A 04 C0 00 03  C0 ..0D .00 ..16 . .....................
.0060: .FF .01 .00 .00 
12 0060: 00 00 0A 13 00 00   04 08 00 00 FF 06 01 00 00 17   00 18 00 00 12  .00 .0A .00 ..08 .00 .06 .. ..............
.0070: .19 .00 .0B .00 .02 .01 .00 .   
     0070:                00    17     00 .18 .00 .19 ..00 .0B .
  RMI TCP Connection(2)-192.168.190.129, READ: TLSv1 Handshake, length = 11900 02 01 00 
   *** ClientHello, TLSv1          ............

RandomCookie:  GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71, 115, 180, 83, 192, 38, 54, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes:  len = 119
0000: 01 00 00 73 03 01 54 3C   51 5A 39 F5 F3 44 F9 A5  ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB   4E 28 6F C6 E5 33 92 1B  Gs.S.&6.N(o..3..
0020: 57 0D 21 61 86 EF 00 00   38 C0 0A C0 14 00 35 C0  W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0   11 00 05 C0 02 C0 0C C0  ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0   0D 00 16 00 13 00 04 00  ................
0060: FF 01 00 00 12 00 0A 00   08 00 06 00 17 00 18 00  ................
0070: 19 00 0B 00 02 01 00                               .......
%% Initialized:  [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-2, SSL_NULL_WITH_NULL_NULL]
RMI TCP Connection(2)-192.168.190.129, SEND TLSv1 ALERT:  fatal, description = handshake_failure
RMI TCP Connection(2)-192.168.190.129, WRITE: TLSv1 Alert, length = 2
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
JavaMainServer exception
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
	javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
	at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
	at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
	at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
	at JavaMainServer.main(JavaMainServer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
	at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
	at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
	at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
	at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
	at java.io.DataOutputStream.flush(DataOutputStream.java:123)
	at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229)
	... 4 more
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28                               ......(
RMI TCP Connection(2)-192.168.190.129, called closeSocket()
RMI TCP Connection(2)-192.168.190.129, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
RMI TCP Connection(2)-192.168.190.129, called close()
RMI TCP Connection(2)-192.168.190.129, called closeInternal(true)

这3个.java个文件已更新并解决了我的问题:

JavaMainServer.java

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import java.rmi.RemoteException;
import java.net.*;
import java.util.*;

/**
 *
 * @author João
 */
public class JavaMainServer extends UnicastRemoteObject implements Compute {

    public JavaMainServer() throws RemoteException {
        super(0,
			new SslRMIClientSocketFactory(),
			new SslRMIServerSocketFactory(null, null, true));
    }
    
    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        try {
			setSettings();
			
			if (System.getSecurityManager() == null) {
				System.setSecurityManager(new SecurityManager());
			}	
            
            String name = "Compute";
            Compute add = new JavaMainServer();
                        
            Registry reg = LocateRegistry.getRegistry(null, 1099,
													new SslRMIClientSocketFactory());
            reg.rebind(name, add);
            System.out.println("JavaMainServer bound");
        } catch (Exception e) {
            System.err.println("JavaMainServer exception");
            e.printStackTrace();
        }
    }
    
    private static void setSettings() {
        String pass = "ssfbpwks";
        System.setProperty("java.security.policy", "server.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
		System.setProperty("java.rmi.server.hostname", "192.168.190.129");
		
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/serverkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/servertruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}

    @Override
    public int addCalculation(int a, int b) {
        return a + b;
    }
    
}

JavaMainClient.java

import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;

/**
 *
 * @author João
 */
public class JavaMainClient {

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        try {
			setSettings();
        
			if(System.getSecurityManager() == null) {
				System.setSecurityManager(new SecurityManager());
			}
			
            String name = "Compute";
            Registry reg = LocateRegistry.getRegistry(args[0], 1099,
													new SslRMIClientSocketFactory());
            
            Compute comp = (Compute) reg.lookup(name);
            comp.addCalculation(Integer.parseInt(args[1]), Integer.parseInt(args[2]));
            System.out.println(comp.addCalculation(Integer.parseInt(args[1]),
												Integer.parseInt(args[2])));
        } catch(Exception e) {
            System.err.println("JavaMainClient exception:");
            e.printStackTrace();
        }
    }
    
    private static void setSettings() {
		String pass = "csfbpwks";
		System.setProperty("java.security.policy", "client.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntux/~f4e/classes/");
        
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/clientkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/clienttruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}
}

RmiRegistry.java

import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import java.rmi.registry.LocateRegistry;

public class RmiRegistry {
	public static void main(String[] args) {
		try {
			setSettings();
			
			LocateRegistry.createRegistry(1099, new SslRMIClientSocketFactory(),
												new SslRMIServerSocketFactory(null, null, true));
			
			Thread.sleep(Long.MAX_VALUE);
		} catch(Exception e) {
            System.err.println("RmiRegistry exception:");
            e.printStackTrace();
		}
	}
	
	private static void setSettings() {
        String pass = "rsfbpwks";
        //System.setProperty("java.security.policy", "server.policy");
        
        System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
		System.setProperty("java.rmi.server.hostname", "192.168.190.129");
		
		System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/regkeystore");
		System.setProperty("javax.net.ssl.keyStorePassword", pass);
		System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/regtruststore");
		System.setProperty("javax.net.ssl.trustStorePassword", pass);
	}
}

我使用以下 UPDATED 命令来创建密钥库,证书和信任库:

keytool -genkeypair -alias server -keyalg RSA -validity 365 -keystore serverkeystore
keytool -export -alias server -keystore serverkeystore -rfc -file server.cer
keytool -import -alias servercert -file server.cer -keystore servertruststore

keytool -genkeypair -alias client -keyalg RSA -validity 365 -keystore clientkeystore
keytool -export -alias client -keystore clientkeystore -rfc -file client.cer
keytool -import -alias clientcert -file client.cer -keystore clienttruststore

keytool -genkeypair -alias reg -keyalg RSA -validity 365 -keystore regkeystore
keytool -export -alias reg -keystore regkeystore -rfc -file reg.cer
keytool -import -alias regcert -file reg.cer -keystore regtruststore

keytool -import -alias regcert -file reg.cer -keystore servertruststore
keytool -import -alias clientcert -file client.cer -keystore servertruststore

keytool -import -alias regcert -file reg.cer -keystore clienttruststore
keytool -import -alias servercert -file server.cer -keystore clienttruststore

keytool -import -alias clientcert -file client.cer -keystore regtruststore
keytool -import -alias servercert -file server.cer -keystore regtruststore

感谢您的帮助。

2 个答案:

答案 0 :(得分:0)

KeyStore与trustStore不同。同一个文件不会同时工作。您需要查看JSSE参考指南。私钥和从中生成的证书在每种情况下都在您自己的KeyStore中。在每种情况下,导出的证书都会放在另一个人的trustStore中,如果它是自签名的,否则两个人都应该使用默认的信任库。

答案 1 :(得分:0)

好的,我在思考了一下后最终解决了自己的问题(我终于理解(我认为)SSL和证书的情况)。 所以,首先,当我因为SSL运行自定义RmiRegistry时,我需要在JavaMainServer上设置我在RmiRegistry上设置的属性,当然,还要创建证书,密钥库和信任库也是如此。

在此之后我得到了PKIX异常。在稍微思考之后,我意识到我必须将JavaMainServer证书导入RmiRegistry信任库并将RmiRegistry证书导入JavaMainServer信任库。此外,在客户端和服务器之间执行相同操作。以前我只将JavaMainClient证书导入JavaMainClient信任库,将JavaMainServer证书导入JavaMainServer信任库,如果我理解了正确的机制,这是愚蠢的。用我的最终代码更新了问题。