我需要什么才能获得SSL套接字(SslRMIServerSocketFactory / SslRMIClientSocketFactory)?

时间:2011-07-15 09:26:38

标签: security authentication ssl rmi

Hy,基本上我想获得SslRMIServerSocketFactory / SslRMIClientSocketFactory来保护我的RMI调用。当还需要客户端身份验证(密钥库,证书,...)时,获取这些的常用方法是什么?我需要生成/发送什么?

编辑:我现在通过服务器和客户端身份验证以及自签名证书成功保护了与RMI的通信。这现在在我的机器上运行。我将证书,信任库和密钥库提交到存储库,但它不能在其他计算机上运行 有人提出迁移打破了密钥库,但我无法弄清楚为什么?有没有人有想法?
编辑:这是完整的堆栈跟踪

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:614)  at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184) at 
sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)  at 
sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)  at 
com.uc4.webui.sla.monitoring.SLAMonitoringAccessService.<init>(SLAMonitoringAccessService.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
org.eclipse.equinox.internal.ds.model.ServiceComponent.createInstance(ServiceComponent.java:457) at 
    org.eclipse.equinox.internal.ds.model.ServiceComponentProp.createInstance(ServiceComponentProp.java:264) at 
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:325) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:588) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:196) at 
org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:441) at 
org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:213) at 
org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:800) at 
org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:767) at 
org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89)  at 
java.lang.Thread.run(Thread.java:662) Caused by: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179) at 
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:105) at 
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595
)  ... 22 more Caused by: 
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
java.security.Provider$Service.newInstance(Provider.java:1245)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:220)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:147)  at 
javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)  at 
javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)  at 
javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)  at 
javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:102) ... 23 more Caused by: 
java.io.IOException: Invalid keystore format  at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)  at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at 
java.security.KeyStore.load(KeyStore.java:1185)  at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150) at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
java.security.Provider$Service.newInstance(Provider.java:1221)  ... 30 more

我的平台是Windows 7和

java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)

以下是我用于生成的keytool命令:

keytool -genkeypair -keyalg RSA -validity 3650 -keystore bundlekeystore.jks
keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer
keytool -import -file standalonecertificate.cer -keystore truststore.jks

1 个答案:

答案 0 :(得分:1)

  1. 您需要使用每个类的实例导出远程对象,并根据您对启用的协议和密码套件(如果有)的特殊要求进行适当配置。
  2. 您的服务器在其密钥库中需要私钥和签名证书。
  3. 如果是自签名证书,则需要从那里导出并导入客户端的信任库。
  4. 您的客户端需要在其密钥库中使用私钥和签名证书。
  5. 如果是自签名证书,则需要从那里导出并导入服务器的信任库。
  6. 如果证书由认可的CA签名,则可以省略涉及信任库的部分。
  7. 如果您的客户对协议或密码套件有任何特殊要求,则需要设置为SslRMIClientSocketFactory描述的系统属性。
  8. 如果你还需要一个安全的注册表,你必须采取几个额外的步骤,如果你要求我将在这里发布,但是如果你看一下LocateRegistry.gateRegistry()/ getRegistry()重载就很明显了。套接字工厂参数。
相关问题
最新问题