我正在创建一个服务器和客户端一体化聊天应用程序,我正在尝试切换到SSL连接。我创建了一个keystore.jks和一个证书文件(.cer)但现在当程序尝试建立连接时,代理客户端抛出:
引起:java.io.IOException:密钥库格式无效
以下是代码:
System.setProperty("javax.net.ssl.keyStore", "certificates/keystore.jks");
System.setProperty("javax.net.ssl.trustStore", "certificates/certificate.cer");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
if (this.role == ConnectionRole.SERVER) {
connectingAlert.getJFrame().setVisible(true);
setupServer();
do {
Thread.sleep(10);
} while (socket == null);
}
if (this.role == ConnectionRole.CLIENT) {
connectingAlert.getJFrame().setVisible(true);
setupClient(targetIP);
}
private void setupServer() throws IOException {
SSLServerSocketFactory sslSrvFact = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
serverSocket = (SSLServerSocket) sslSrvFact.createServerSocket(8080, 1);
socket = (SSLSocket) serverSocket.accept();
setupStreams();
}
private void setupClient(String IPAddress) throws IOException {
SSLSocketFactory sslFact = (SSLSocketFactory) SSLSocketFactory.getDefault();
socket = (SSLSocket) sslFact.createSocket("localhost", 8080);
setupStreams();
}
private void setupStreams() throws IOException {
dataOut = new ObjectOutputStream(socket.getOutputStream());
dataIn = new ObjectInputStream(socket.getInputStream());
chatInterface = ChatInterface.getInstance();
}
答案 0 :(得分:0)
System.setProperty("javax.net.ssl.trustStore", "certificates/certificate.cer");
问题出在这里。 .cer文件不是信任库。您需要使用keytool选项通过-trustcacerts将其导入真正的Java信任库。
但是不清楚你为什么要使用信任库。您是否期望拥有自签名证书的同行将其发送给您?大多数情况下,您应该使用Java附带的信任库,而不要设置javax.net.ssl.trustStore。