1. 首頁
  2. 問答
  3. 在java中使用臨時密鑰庫的2路SSL

在java中使用臨時密鑰庫的2路SSL

2012-08-08 26 views
0

我有一個自己寫的java服務器,它可能在其密鑰庫中有多個密鑰(1個用於連接的密鑰和另一個用於翻轉的密鑰),所以我嘗試讀取密鑰庫然後在我需要啓動服務器時,只用一個密鑰構造一個臨時密鑰庫以傳遞給SSLContext。然而,這似乎並沒有工作:在java中使用臨時密鑰庫的2路SSL

在客戶端,我得到:

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty 
sun.security.ssl.Alerts.getSSLException(Unknown Source) 
sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
sun.security.ssl.SSLSocketImpl.handleException(Unknown Source) 
sun.security.ssl.SSLSocketImpl.handleException(Unknown Source) 
sun.security.ssl.AppOutputStream.write(Unknown Source) 
java.io.BufferedOutputStream.flushBuffer(Unknown Source) 
java.io.BufferedOutputStream.flush(Unknown Source) 
com.netrust.protocol.ProtocolClient.initialize(ProtocolClient.java:41) 
com.netrust.clientregistrar.gui.Client.connect(Client.java:501) 
com.netrust.clientregistrar.gui.Client.sendGetDirectoryChangeLog(Client.java:108) 
com.netrust.clientregistrar.gui.ServerTreeModel.refresh(ServerTreeModel.java:195) 
com.netrust.clientregistrar.gui.ServerTreeModel.refresh(ServerTreeModel.java:333) 
com.netrust.clientregistrar.gui.ServerTreePanel.refresh(ServerTreePanel.java:189) 
com.netrust.clientregistrar.gui.ClientRegistrarPanel.<init>(ClientRegistrarPanel.java:195) 
com.netrust.clientregistrar.gui.Main.runApplication(Main.java:150) 
com.netrust.clientregistrar.gui.Main.access$300(Main.java:26) 
com.netrust.clientregistrar.gui.Main$1.run(Main.java:64) 
java.awt.event.InvocationEvent.dispatch(Unknown Source) 
java.awt.EventQueue.dispatchEventImpl(Unknown Source) 
java.awt.EventQueue.access$000(Unknown Source) 
java.awt.EventQueue$3.run(Unknown Source) 
java.awt.EventQueue$3.run(Unknown Source) 
java.security.AccessController.doPrivileged(Native Method) 
java.security.ProtectionDomain$1.doIntersectionPrivilege(Unknown Source) 
java.awt.EventQueue.dispatchEvent(Unknown Source) 
java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) 
java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) 
java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) 
java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
java.awt.EventDispatchThread.pumpEvents(Unknown Source) 
java.awt.EventDispatchThread.run(Unknown Source)

在服務器端,我得到:

javax.net.ssl.SSLException: Received fatal alert: internal_error 
sun.security.ssl.Alerts.getSSLException(Unknown Source) 
sun.security.ssl.Alerts.getSSLException(Unknown Source) 
sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
com.netrust.server.ManagementSecureConnectionHandler.run(ManagementSecureConnectionHandler.java:96) 
com.netrust.util.DynamicThreadPool$WorkerThread.run(DynamicThreadPool.java:295)

相關代碼:

// marhalAsJKS() 
Enumeration<String> aliases = keyStore.aliases(); 
String alias = null; 
java.security.KeyStore jks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType()); 
jks.load(null, oldPassword); 
while (aliases.hasMoreElements()) 
{ 
    alias = aliases.nextElement(); 
    if (keyStore.isKeyEntry(alias)) 
    { 
     jks.setKeyEntry(alias, 
       keyStore.getKey(alias, oldPassword), 
       oldPassword, 
       keyStore.getCertificateChain(alias)); 
    } 
    else if (keyStore.isCertificateEntry(alias)) 
    { 
     jks.setCertificateEntry(alias, keyStore.getCertificate(alias)); 
    } 
} 
// Constructing ephemeral keystore and truststore 
ephemeralKeyStore = managementKeyStore.marshalAsJKS(); 
ephemeralKeyStore.deleteEntry(PathRegistry.SERVER_KEY_ROLLOVER_ENTRY_ALIAS); 
ephemeralTrustStore = managementKeyStore.marshalAsJKS(); 
ephemeralTrustStore.deleteEntry(PathRegistry.SERVER_KEY_ROLLOVER_ENTRY_ALIAS); 
if (generalConfiguration.isRootServerType() && managementKeyStore.isKeyEntry(PathRegistry.SERVER_KEY_ROLLOVER_ENTRY_ALIAS)) 
    ephemeralTrustStore.setCertificateEntry(PathRegistry.ROOT_CERTIFICATE_ROLLOVER_ENTRY_ALIAS, 
            managementKeyStore.getCertificate(PathRegistry.SERVER_KEY_ROLLOVER_ENTRY_ALIAS)); 

// Initializing SSL 
sslContext = SSLContext.getInstance("TLS"); 
keyManagerFactory.init(getKeyStore(), getKeyStorePassword()); 
trustManagerFactory.init(getTrustStore()); 
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); 
serverSocket = (SSLServerSocket) sslContext.getServerSocketFactory().createServerSocket(getPort());

類似的問題,但1路SSL: How can I have multiple SSL certificates for a Java server

來源

2012-08-08 shawn

+0

你這樣做是錯誤的。你應該安裝一個自定義的KeyManager,而不是所有的臨時密鑰庫malarkey。但編寫代碼來解決部署問題首先是一種奇怪的方法。 – EJP 2012-08-08 23:08:39

回答

2

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

這幾乎可以肯定是來自於你的客戶端代碼信任管理器,你已經有一個空的信任庫初始化。

來源

2012-08-08 14:31:19 Bruno

相關問題

 相關問題