我需要对付使用TLS协议连接的F5机器。 为此,我构建了一个使用HTTPsURLConnection对象的类。
m_httpsConnection = (HttpsURLConnection) m_url.openConnection();
然后,我下载了F5证书文件,使用JDK keytool创建密钥库,并用它来尝试设置连接以使用TLS协议:
InputStream in = new FileInputStream(new File("c:/temp/F5keystore"));
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(in, "changeit".toCharArray());
in.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[] {defaultTrustManager}, null);
SSLSocketFactory sslSocketFactory = context.getSocketFactory();
((HttpsURLConnection) m_httpsConnection).setSSLSocketFactory(sslSocketFactory);
(我饶了你们的捕获......)
代码似乎正在迅速传递,但当我这样做时:
OutputStream os = m_httpsConnection.getOutputStream();
我明白了......
“javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到所请求目标的有效证书路径“
现在,我在c:\ temp下有文件F5keystore文件,为什么不找到它呢?..
这是将TLS设置为连接的正确方法吗?现在我在打开连接后这样做,虽然我可能认为它应该在连接打开之前。但是,连接仍然是空的......
我在此处根据您的要求添加更多信息:
C:\temp>keytool -v -printcert -file server.crt
Owner: EMAILADDRESS=root@localhost.localdomain, CN=localhost.localdomain, OU=MyOrg, O=MyCompany, L=Seattle, ST=WA, C=--
Issuer: EMAILADDRESS=root@localhost.localdomain, CN=localhost.localdomain, OU=MyOrg, O=MyCompany, L=Seattle, ST=WA, C=--
Serial number: 90f9d7e288ae6a77
Valid from: Fri Nov 07 08:20:36 IST 2014 until: Mon Nov 04 08:20:36 IST 2024
Certificate fingerprints:
MD5: C1:BE:43:9B:8B:C3:AA:F7:F2:BF:E6:06:08:42:18:17
SHA1: 12:36:01:30:14:68:1C:C9:7D:7B:32:75:C6:08:86:E9:36:AD:CF:AA
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA B6 71 94 D1 CB ED DF 1B 38 66 12 70 94 AA 76 ..q......8f.p..v
0010: 68 DF 2A 16 h.*.
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
#3: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AA B6 71 94 D1 CB ED DF 1B 38 66 12 70 94 AA 76 ..q......8f.p..v
0010: 68 DF 2A 16 h.*.
]
[EMAILADDRESS=root@localhost.localdomain, CN=localhost.localdomain, OU=MyOrg, O=MyCompany, L=Seattle, ST=WA, C=--]
SerialNumber: [ 90f9d7e2 88ae6a77]
]
最诚挚的问候,Tal