我使用Java中的SSLServerSocket類建立安全套接字連接,然後使用目標c中的Stream類(CF和NS)。 我有它設置,使用下面的代碼:SSL Socket連接:CFNetwork SSLHandshake失敗(-9824)連接到Java SSLServerSocket
的Java SSLServerSocket代碼(SecureClientWorker
涉及每個連接):
public void listenSocket(int port){
try {
System.setProperty("javax.net.ssl.keyStore", "path/to/certificate(signed_by_own_root_certificate).jks");
//I try to make this root certificate trusted by iOS (see obj-c code below)
System.setProperty("javax.net.ssl.keyStorePassword", "PASSWORD...");
} catch (IOException e1) {
e1.printStackTrace();
}
try{
SSLServerSocketFactory ssf = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
server = (SSLServerSocket) ssf.createServerSocket(port);
logger.info("Started to listen on port: "+port);
}catch(Exception e){
logger.warning("Could not listen on port: "+port);
e.printStackTrace();
}
while(running){
SecureClientWorker w;
try{
w = new SecureClientWorker(server.accept(), this);
Thread t = new Thread(w);
t.start();
}catch(IOException e){
if(running)
e.printStackTrace();
}
}
}
目標C客戶端代碼:
[self addRootCert]; //This is where I attempt to make the root certificate trusted, If needed I can post it
CFReadStreamRef readStream;
CFWriteStreamRef writeStream;
CFStreamCreatePairWithSocketToHost(NULL, (__bridge CFStringRef)self.ip.text, self.portNumber.text.intValue, &readStream, &writeStream);
// Set options then bridge to ARC:
NSDictionary *settings = [[NSDictionary alloc] initWithObjectsAndKeys:
(id)kCFStreamSocketSecurityLevelNegotiatedSSL, kCFStreamPropertySocketSecurityLevel,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredCertificates,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsAnyRoot,
[NSNumber numberWithBool:YES], kCFStreamSSLAllowsExpiredRoots,
[NSNumber numberWithBool:NO], kCFStreamSSLValidatesCertificateChain,
nil];
if (readStream) {
CFReadStreamSetProperty(readStream, kCFStreamPropertySSLSettings, (__bridge CFDictionaryRef)settings);
inStream = (__bridge_transfer NSInputStream*) readStream;
[inStream setDelegate:self];
[inStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[inStream open];
}
if (writeStream) {
CFWriteStreamSetProperty(writeStream, kCFStreamPropertySSLSettings, (__bridge CFDictionaryRef)settings);
outStream = (__bridge_transfer NSOutputStream*) writeStream;
[outStream setDelegate:self];
[outStream scheduleInRunLoop:[NSRunLoop currentRunLoop] forMode:NSDefaultRunLoopMode];
[outStream open];
}
然而,這導致錯誤代碼CFNetwork SSLHandshake failed (-9824)
和inStream對象在NSStreamDelegate
方法中返回錯誤NSStreamEventErrorOccurred
。
在Java方面,一個IOException
似乎出現以下拋出:
in = new BufferedReader(new InputStreamReader(clientSocket.getInputStream())); //ClientSocket is just the connection to the client
[...]
in.readLine();
的的printStackTrace說:javax.net.ssl.SSLHandshakeException: no cipher suites in common
我一定要創建一個KeyManager
(因爲我讀別的地方)?我該如何做到這一點(從無到有開放SSLServerSocket請)?
任何幫助將不勝感激!
編輯
我已經改變了服務器端的代碼,因爲它可能無法設置系統屬性。
我的新代碼是:
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream ksIs = new FileInputStream(new File("path/to/certificate(signed_by_own_root_certificate).jks"));
try {
ks.load(ksIs, "PASSWORD...".toCharArray());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} finally {
if (ksIs != null) {
ksIs.close();
}
}
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "PASWD".toCharArray());
KeyManager keyManagers[] = kmf.getKeyManagers();
SSLContext sc = SSLContext.getDefault();
sc.init(keyManagers, null, new SecureRandom());
SSLServerSocketFactory socketFactory = sc.getServerSocketFactory();
server = (SSLServerSocket) socketFactory.createServerSocket(port);
不過我現在收到此錯誤信息: java.security.KeyManagementException: Default SSLContext is initialized automatically
一些研究,我試圖讓我自己TrustManager
後,但不能得到它仍然可以工作
我錯過了什麼?
但我沒有得到任何錯誤消息說,它無法打開密鑰庫..我也只是增加了一個編輯與更新的代碼 –
「*但我不得到任何錯誤消息,說它無法打開密鑰庫*「:你不會。如果在設置屬性之前默認的'SSLContext'沒有任何密鑰庫(默認值)被初始化,那就太晚了。 (您的新編輯是一個不同的問題。) – Bruno
非常感謝,編輯修正了它! (從你所說的必須做很長的路,我不能從代碼設置系統屬性!)並感謝.getInstance()方法! 'TLS'是最好用的嗎? –