如何忽略自定义JMX客户端中的SSL证书

时间:2015-04-17 14:13:34

标签: java ssl jmx

我想编写一个自定义JMX客户端。客户端连接到我信任的服务器。我绝对不想使用keytool导入密钥。与SsLHandshakeException建立连接时失败。

String username = "admin";
String password = "admin";
String[] credentials = new String[] { username, password };
Map<String, Object> env = new HashMap<>();
env.put(JMXConnector.CREDENTIALS, credentials);
// Only required for SSL Connections
env.put("com.sun.jndi.rmi.factory.socket", new SslRMIClientSocketFactory());
// MBeanServer mbs = ManagementFactory.getPlatformMBeanServer();
JMXServiceURL url = new JMXServiceURL("service:jmx:rmi:///jndi/rmi://trustedhost:10010/jmxrmi");
JMXConnector jmxc = JMXConnectorFactory.connect(url, env);

我得到的例外:

Exception in thread "main" java.io.IOException: Failed to retrieve RMIServer stub: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:369)
    at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
    at my.monitor.TestMbean.main(TestMbean.java:32)
Caused by: javax.naming.CommunicationException [Root exception is java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake]
    at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:122)
    at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:205)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1957)
    at javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1924)
    at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:287)
    ... 2 more
Caused by: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
    at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
    at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:342)
    at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
    at com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:118)
    ... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:980)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:735)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at java.io.DataOutputStream.flush(DataOutputStream.java:123)
    at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229)
    ... 11 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:505)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:961)
    ... 18 more

3 个答案:

答案 0 :(得分:1)

我不知道如何规避Java所要求的SSL安全性,但我认为你应该重新考虑你对“我绝对不想使用keytool导入密钥”的立场。问题不在于您是否信任服务器。重要的问题是:

  1. 您希望与服务器进行纯文本通信。有多少人能听到这个?如果您的客户在本地网络内运行,那么只有同一公司的每个人都能够监视您。如果您离开受保护的网络,未知数量的人可能会突然看到您正在做的事情。
  2. 如果在客户端中禁用SSL,服务器应该如何确保命令来自您?没有SSL,有人可能会劫持您的通信并控制服务器。
  3. 如果没有SSL,密码将以纯文本形式传输。 A TV station recently found在2015年接受采访时在墙上贴上密码并不是明智之举。

    4. 所以正确的问题应该是:如何正确设置SSL以保护JMX?请参阅http://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html搜索“使用SSL”

答案 1 :(得分:1)

  

客户端连接到我信任的服务器。

你怎么知道的?证书验证的全部目的是确保您实际连接到您想要的服务器而不是某些中间人。

答案 2 :(得分:0)

尝试将此代码放在代码之前

myApp.directive('ajaxMessage', function() {

  return {
    restrict: 'EA',
    scope: {
      success: '='
    },

    // Use anything you like in the template -- note the ng-if will only
    // render the element when the success property has a value
    // Also note the {{ binding }}

    template: "<div ng-if=\"success\" class=\"alert alert-info\">{{ success }}</div>",

    link: function($scope, $element, $attrs) {

      // Watching $scope.success (not the $attrs.success)

      $scope.$watch('success', function(value) {
        console.log('Success is now:', value);  
      });
    }
  };

});
相关问题
最新问题