Jav*_*ool 10 java security ssl
我在java中使用SSLServerSocket和java.ssl包中的其他类测试SSL.当我运行以下代码时,我得到异常java.io.IOException:无效的密钥库格式.我的代码:
package testing;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.net.Socket;
import java.security.KeyStore;
import javax.net.ServerSocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.TrustManager;
public class SSLServerTest {
public static void main(String[] args) {
try {
int port = 3000;
SSLContext sc = SSLContext.getInstance("TLSv1.2");
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("key.txt");
try {
ks.load(ksIs, "Bennett556".toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "Bennett556".toCharArray());
sc.init(kmf.getKeyManagers(), new TrustManager[] {}, null);
ServerSocketFactory ssocketFactory = sc.getServerSocketFactory();
SSLServerSocket ssocket = (SSLServerSocket) ssocketFactory
.createServerSocket(port);
ssocket.setEnabledProtocols(new String[] { "SSLv3" });
Socket socket = ssocket.accept();
BufferedReader in = new BufferedReader(new InputStreamReader(
socket.getInputStream()));
PrintWriter out = new PrintWriter(socket.getOutputStream());
out.println("Hello, Securly!");
out.close();
in.close();
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
文件key.txt:1268312345812304612348712634283427346我猜我应该在key.txt文件中添加其他内容,但我不知道该放入什么内容.可能是一个被玷污的物体.
编辑:客户代码:
package testing;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;
import javax.net.SocketFactory;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
public class SSLClientTest {
public static void main(String[] args) {
int port = 3000;
String host = "localhost";
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
KeyStore ks = KeyStore.getInstance("JKS");
InputStream ksIs = new FileInputStream("key.txt");
try {
ks.load(ksIs, "Bennett556".toCharArray());
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "Bennett556".toCharArray());
sc.init(kmf.getKeyManagers(), new TrustManager[] {}, null);
SocketFactory factory = sc.getSocketFactory();
SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
socket.startHandshake();
BufferedReader in = new BufferedReader(new InputStreamReader(
socket.getInputStream()));
String str = "";
while ((str = in.readLine()) != null)
System.out.println(str);
in.close();
socket.close();
} catch (Exception e) {
e.printStackTrace();
}
}
}
aca*_*uci 14
我有完全相同的问题.实际上,密钥库文件无效,与JDK // JRE版本无关.我的案子中的问题是由Maven引起的.我在我的pom文件中使用以下选项:
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
</resource>
</resources>
过滤中的"真实"值正在弄乱密钥文件.因此,Spring运行时我的类路径中可用的密钥文件与我在目录"src/main/resources"下的密码文件不完全相同,并导致无效的密钥库格式异常.当我使用keytool进行测试时,我使用的是"resources"文件夹下的那个,这样就误导了真正的问题.
解决问题:在pom.xml文件中,将"filtering"的值更改为"false".解决该问题的另一种方法是在application.properties文件中明确指定密钥库的位置.所以代替:
server.ssl.key-store: classpath:keystore.jks
我用了
server.ssl.key-store: keystore/keystore.jks
load keystore使用以下代码时,我遇到了同样的问题:
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
Resource resource = new ClassPathResource(file);
trustStore.load(resource.getInputStream(), password.toCharArray());
原来是JDK问题,不适用于 jre1.8.0_25。当我将JDK版本升级到最新版本时jre1.8.0_121,它可以工作。