我尝试设置配置了密钥库的http服务器,然后在浏览器中访问它。但是,我没有这样做。我使用的是mac os 10.11.6版本。
a。)用于生成密钥库的命令:keytool -genkey -alias vrkey -keyalg RSA
b。)用于导出证书的命令:keytool -export -alias vrkey -file vrtest.cer
c。)用于将证书添加到信任库: keytool -import -alias test -keystore $HOME/.truststore -file vrtest.cer
以下是我尝试过的事情:
从终端连接,我得到了适当的回复:
Administrator-MacBook-Pro:src administrator$ java -Djavax.net.ssl.trustStore=$HOME/.truststore sample.MySecureClient localhost 8999
Who is John
what is he ?
提供一个不正确的信任库,看看ssl中是否有错误,但我仍能从服务器获得响应:
Administrator-MacBook-Pro:src administrator$ java -Djavax.net.ssl.trustStore=$HOME/.truststore123 sample.MySecureClient localhost 8999
Who is John
what is he ?
尝试连接open ssl和curl,但我不认为设置了SSL上下文:
Administrator-MacBook-Pro:src administrator$ openssl s_client -connect 127.0.0.1:8999
CONNECTED(00000003)
4425:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618:
带有调试选项的openssl:
Administrator-MacBook-Pro:src administrator$ openssl s_client -debug -connect 127.0.0.1:8999
CONNECTED(00000003)
write to 0x7fd43bc1b320 [0x7fd43c00d000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 39 00 00 ......W... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 00 00 9a 00 00 99 00 ..3..2../.......
0030 - 00 96 03 00 80 00 00 05-00 00 04 01 00 80 00 00 ................
0040 - 15 00 00 12 00 00 09 06-00 40 00 00 14 00 00 11 .........@......
0050 - 00 00 08 00 00 06 04 00-80 00 00 03 02 00 80 00 ................
0060 - 00 ff 75 85 ef 4c 18 89-5e 13 74 fd b3 25 3a a6 ..u..L..^.t..%:.
0070 - e0 c7 b7 80 15 62 55 58-f5 1e 8e f1 f5 07 8f 8b .....bUX........
0080 - 23 91 #.
read from 0x7fd43bc1b320 [0x7fd43c012600] (7 bytes => 7 (0x7))
0000 - 77 68 61 74 20 69 73 what is
4434:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_clnt.c:618:
使用curl命令
Administrator-MacBook-Pro:src administrator$ curl -v -k "https://127.0.0.1:8999"
* Rebuilt URL to: https://127.0.0.1:8999/
* Trying 127.0.0.1...
* Connected to 127.0.0.1 (127.0.0.1) port 8999 (#0)
* Unknown SSL protocol error in connection to 127.0.0.1:-9847
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 127.0.0.1:-9847
在客户端和服务器的代码中设置系统属性,并从intelliJ IDE运行代码。我得到了正确的请求/响应输出,但我没有看到https服务器已设置,因为我无法在浏览器中使用该服务器。
打开chrome / safari中的https://localhost:8999/网址,但无法打开它。 [![在此处输入图像说明] [1]] [1]
现在假设我的密钥库和信任存储设置正确。我在这里做错了什么?
以下是信息:
服务器代码package sample;
import javax.net.ServerSocketFactory;
import java.io.*;
import java.net.ServerSocket;
import java.net.Socket;
public class MySecureServer extends Thread {
private Socket sock;
public MySecureServer(Socket s ) {
this.sock = s;
}
public static void main(String[] args) throws IOException {
System.setProperty("javax.net.ssl.keyStore", File.separator + "Users"
+ File.separator + "administrator"
+ File.separator + ".keystore");
System.setProperty("javax.net.ssl.keyStorePassword", "abcde");
System.out.println(System.getProperty("javax.net.ssl.keyStore"));
ServerSocketFactory ssf = ServerSocketFactory.getDefault();
ServerSocket ss = ssf.createServerSocket(8999);
while (true) {
new MySecureServer(ss.accept()).start();
}
}
public void run() {
try {
BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream()));
PrintWriter pw = new PrintWriter(sock.getOutputStream());
String data = br.readLine();
pw.println("what is he ?");
pw.close();
sock.close();
} catch (final Exception e) {
e.printStackTrace();
}
}
}
######客户代码#####
package sample;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSession;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
public class MySecureClient {
public static void main(String[] args) throws IOException {
SocketFactory sf = SocketFactory.getDefault();
//Socket s = sf.createSocket(args[0], Integer.parseInt(args[1]));
Socket s = sf.createSocket("localhost", 8999);
BufferedReader br = new BufferedReader(new InputStreamReader(s.getInputStream()));
PrintWriter pw = new PrintWriter(s.getOutputStream());
System.out.println("Who is John");
pw.println("Who is John");
pw.flush();
System.out.println(br.readLine());
s.close();
}
}
EDITED
我写了另一个安全客户端来获取ssl上下文并得到错误:
Hostname = null
Exception in thread "main" javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:482)
at sample.MyNewSecureClient.main(MyNewSecureClient.java:28)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:147)
Process finished with exit code 1
以下是安全客户端代码:
package sample;
import sun.security.x509.X500Name;
import javax.net.SocketFactory;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
public class MyNewSecureClient {
public static void main(String[] args) throws IOException {
SocketFactory sf = SSLSocketFactory.getDefault();
//SSLSocket sslSocket = (SSLSocket) sf.createSocket(args[0],Integer.parseInt(args[1]));
SSLSocket sslSocket = (SSLSocket) sf.createSocket("localhost", 8999);
SSLSession sess = sslSocket.getSession();
String host = sess.getPeerHost();
System.out.println("Hostname = " + host);
X509Certificate[] certificates = sess.getPeerCertificateChain();
String dn = certificates[0].getSubjectDN().getName();
System.out.println("Subject DN = " + dn);
X500Name name = new X500Name(dn);
if (!host.equals(name.getCommonName())) {
System.out.println("Warning: Expected " + host + " and got " + name.getCommonName());
}
BufferedReader br = new BufferedReader(new InputStreamReader(sslSocket.getInputStream()));
PrintWriter pw = new PrintWriter(sslSocket.getOutputStream());
System.out.println("Who is John");
pw.println("Who is John");
pw.flush();
System.out.println(br.readLine());
sslSocket.close();
}
}