我正在从事软件项目工作,在那里我有一个创建Proxi的任务,就像客户端一样。这个Clientproxi在win10上的java中运行 并与嵌入式Serviceregistry Yocto-Linux进行通信,并且必须通过带有certivicateexchange TLS1.2的HTTP构建安全的外部连接。我实现并使用bouncycastlelibraries并完成以下工作:
UnsecureHttpExecutor unsecureHttpExecutor = new UnsecureHttpExecutor();// Connection for external Clientservices
logger.debug("Try to connect!");
HttpRequest httpRequest = new BasicHttpRequest("GET", "/auth");// simple GET /auth -for REST
logger.debug("http.request: \n" + httpRequest.toString());
try {
HttpResponse httpResponse = unsecureHttpExecutor.executeRequest(httpRequest);// createHttpClient(); connectHttpClient();
String mibIdentifierJson = EntityUtils.toString(httpResponse.getEntity());
logger.debug("This is MIBIdentifierJson:\n" + mibIdentifierJson);
ResponseObject responseObject = JsonUtils.objectMapper().readValue(mibIdentifierJson, ResponseObject.class);
logger.debug("JSONUtils" + JsonUtils.objectMapper().readValue(mibIdentifierJson, ResponseObject.class).toString());
ClientContext clientContext = null;
RegistrationProcess registrationProcess = new RegistrationProcess();
logger.debug("Here is all ok!?");
RegistrationResult registrationResult = registrationProcess.registerNewClient(); //<-- Here are the question
//__________________________________________________________________________
public RegistrationResult registerNewClient(ClientContext clientContext) {
RegistrationResult registrationResult = null;
try {
createHttpClient();
// create KeyPair, CSR and Self-Signed certificate which will be send to server during tls handshake (see MSC_002)
KeyPair keyPair = CertificateUtils.generateKeyPair();
//L.d("KeyPair abgeschlossen");
logger.debug("KeyPair abgeschlossen KeyPair: " + keyPair.toString());
PKCS10CertificationRequest certificationRequest = CertificateUtils.createCertificationRequest(/*clientContext.getAppName()*/"Testapp", keyPair);
logger.debug("PKCS10CertificationRequest erfolgreich abgeschlossen");
//L.d("PKCS10CertificationRequest erfolgreich abgeschlossen"
X509CertificateHolder selfSignedCertificate = CertificateUtils.selfSignCertificate(certificationRequest, keyPair.getPrivate());
//L.d("X509 Selbstsigniertes");
logger.debug("X509 Selbstsigniertes Certifikat erstellt" + selfSignedCertificate.toString());
openTlsConnect(selfSignedCertificate, keyPair.getPrivate());
我得到以下日志
08:30:15.264 [main] DEBUG [main][connect()] - Try to connect!
08:30:15.268 [main] DEBUG [main][connect()] - http.request: GET /auth []
08:30:15.296 [main] DEBUG [main][connect()] - Das ist der MIBIdentifierJson: {"data":[{"id":"","name":"this is the auth-service of ViWi-ServiceRegistry","uri":"auth\/"}],"status":"ok","timestamp":1002380}
08:30:15.401 [main] DEBUG [main][connect()] - JSONUtilsCommunication.ResponseObject@6321e813
08:30:15.402 [main] DEBUG [main][connect()] - Hier noch alles gut!
08:30:15.598 [main] DEBUG [Registrationprocess] - KeyPair abgeschlossen KeyPair: java.security.KeyPair@77167fb7
08:30:15.619 [main] DEBUG [Registrationprocess] - PKCS10CertificationRequest erfolgreich abgeschlossen
08:30:15.626 [main] DEBUG [Registrationprocess] - X509 Selbstsigniertes Certifikat erstelltorg.bouncycastle.cert.X509CertificateHolder@ad1a4e8d Registration started RegistrationSocked erstellt
08:30:15.627 [main] DEBUG Registrationsocked] - Connect registration socket using timeout: 3000
08:30:15.638 [main] DEBUG Registrationsocked] - Client Inputstream: %s
08:30:15.638 [main] DEBUG Registrationsocked] - Client Outputstream: %s
08:30:15.639 [main] DEBUG Registrationsocked] - TlsClientProtocol
08:30:15.639 [main] DEBUG Registrationsocked] - connect now via tls
08:30:15.639 [main] DEBUG Registrationsocked] - TLS Client: Registration.RegistrationTlsClient@441772e
08:30:15.639 [main] DEBUG Registrationsocked] - TLS Client: Registration.RegistrationTlsClient$1@14dd9eb7 java.io.IOException: Internal TLS error, this could be an attackCould not perform registration process.
问题在于openTLSConnection方法,我不知道我做错了什么。也许它提供了另一种获得TLS连接或客户端连接的方法。 thx foward征求意见!
答案 0 :(得分:0)
代码是正确的,但应该是端口443。