运行HTTPS服务器时出现问题

时间:2019-06-02 11:37:41

标签: java http ssl https

我使用示例here编写了HTTPS服务器。

服务器代码:

public class HTTPSServer {

public static void main(String[] args) throws Exception {
    HttpsServer server = HttpsServer.create(new InetSocketAddress(8080), 5);
    server.createContext("/", new MyHandler());

    char[] storepass = "storepass".toCharArray();
    char[] keypass = "serverpass".toCharArray();

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(HTTPSServer.class.getClassLoader().getResourceAsStream("web-vision.jks"), storepass);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(ks, keypass);

    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(kmf.getKeyManagers(), new TrustManager[]{}, null);

   server.setHttpsConfigurator(new HttpsConfigurator(sslContext) {

       @Override
       public void configure (HttpsParameters params) {

           // get the remote address if needed
           InetSocketAddress remote = params.getClientAddress();

           SSLContext c = getSSLContext();

           // get the default parameters
           SSLParameters sslparams = c.getDefaultSSLParameters();

           params.setSSLParameters(sslparams);
           // statement above could throw IAE if any params invalid.
           // eg. if app has a UI and parameters supplied by a user.

       }
   });

    ExecutorService executor = Executors.newFixedThreadPool(5);
    server.setExecutor(executor); // creates a default executor
    server.start();
    executor.awaitTermination(Integer.MAX_VALUE, TimeUnit.DAYS);

}

static class MyHandler implements HttpHandler {
    public void handle(HttpExchange t) throws IOException {

      String response = "This is the response";
      t.sendResponseHeaders(200, response.length());
      OutputStream os = t.getResponseBody();
      os.write(response.getBytes());
    }
}

对于该服务器,我使用以下命令创建了带有密钥的文件:

keytool -genkey -keystore web-vision.jks -dname "CN=localhost, OU=gg, O=NA, L=Unknown, ST=Unknown, C=RU" -storepass storepass -alias server-test -keypass serverpass

接下来,我将此文件放入项目资源中。

然后,我启动此服务器并尝试通过访问https://10.155.26.68:8080/https://localhost:8080/来连接到该服务器并获得答案,但是没有答案,则服务器不可用。

在此之前,我实现了最简单的HTTP服务器,并且运行良好。

使用curl连接到HTTPS服务器会产生此错误:

  

卷曲:(35)OpenSSL SSL_connect:SSL_ERROR_SYSCALL连接到10.155.26.68:8080

screenshot of calling curl

更新

感谢您的帮助,但仅通过使用以下命令创建新证书解决了该问题:

keytool -v -genkey -dname "CN=localhost, OU=Developers, O=NA, L=Ufa, C=RB" -alias parent -storetype jks -keystore vision.jks -validity 365 -keyalg RSA -keysize 2048 -storepass mystorepass -keypass mykeypass

我正在学习SSL,也许第一个证书创建不正确。

1 个答案:

答案 0 :(得分:2)

遇到curl的SSL_ERROR_SYSCALL的可能原因是,使用keytool创建证书时,您没有指定要使用的算法。

在这种情况下,keytool默认使用DSA

然后,在带有curl的握手阶段,服务器找不到通用的身份验证方案,并引发异常:

javax.net.ssl.SSLHandshakeException: No available authentication scheme
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.onProduceCertificate(CertificateMessage.java:945)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateProducer.produce(CertificateMessage.java:934)
        at java.base/sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:436)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(ClientHello.java:1224)
        at java.base/sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(ClientHello.java:1160)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:849)
        at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:448)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1052)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:999)
        at jdk.httpserver/sun.net.httpserver.SSLStreams.doHandshake(SSLStreams.java:464)
        at jdk.httpserver/sun.net.httpserver.SSLStreams.recvData(SSLStreams.java:418)
        at jdk.httpserver/sun.net.httpserver.SSLStreams$InputStream.read(SSLStreams.java:522)
        at jdk.httpserver/sun.net.httpserver.SSLStreams$InputStream.read(SSLStreams.java:591)
        at jdk.httpserver/sun.net.httpserver.Request.readLine(Request.java:80)
        at jdk.httpserver/sun.net.httpserver.Request.<init>(Request.java:50)
        at jdk.httpserver/sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:551)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
        at java.base/java.lang.Thread.run(Thread.java:834)

由于此异常是由FINER在日志级别sun.net.httpserver.ServerImpl$Exchange.run记录的,因此很难检测到。

您已经发现,用keytool调用-keyalg RSA来生成证书,会使服务器和客户端找到一种可解决此问题的身份验证方案:

keytool -genkeypair -keyalg RSA -alias selfsigned -keystore keystore.jks -storepass secret_password -dname "CN=localhost, OU=Developers, O=NA, L=Ufa, C=RB"
相关问题
最新问题