1. 首頁
  2. 問答
  3. 的Apache HTTP客戶端服務器TLS實現:獲取密鑰庫異常

的Apache HTTP客戶端服務器TLS實現:獲取密鑰庫異常

2015-02-06 30 views
-1

服務器端:的Apache HTTP客戶端服務器TLS實現:獲取密鑰庫異常

  1. 我已經部署在Tomcat安全的RESTful服務針對HTTPS協議已啓用。

  2. 我創建使用keytool.

  3. 出口從serverkeystore的servercertificate.cer密鑰庫serverkeystore文件。

客戶端:

  1. 創建客戶端密鑰庫clientkeystore.jsk

  2. 進口的servercertificate.cer在clientkeystore.jsk

  3. 導出的clientcertificate.cer來自clientkeystore.jsk。

  4. 進口下JAVA_HOME/lib/security中的clientcertificate.cer

異常的客戶端代碼:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) 
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) 
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) 
... 30 more

代碼:

private SSLConnectionSocketFactory buildSSLSocketFactory() throws Exception, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException { 
    KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
    FileInputStream instream = new FileInputStream(new File("path to clientkeystore.jks")); 
    try { 
     trustStore.load(instream, "phhclient".toCharArray()); 
    } finally { 
     instream.close(); 
    } 
    // Trust own CA and all self-signed certs 
    SSLContext sslcontext = SSLContexts.custom() 
      .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()) 
      .build(); 
    // Allow TLSv1 protocol only 
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
      sslcontext, 
      new String[] { "TLSv1" }, 
      null, 
      SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 


    return sslsf; 
}

無法找到要求的目標的有效證書路徑牛逼 請讓我知道爲什麼我收到異常

感謝和問候,

拉胡爾·哈因

來源

2015-02-06 user3909389

回答

0

之所以這樣做的例外是代碼是無法找到在客戶端的信任存儲服務器證書。請檢查服務器證書是否已添加到您的客戶端信任庫。此外,TrustManagerFactory沒有在函數中實例化。

以下代碼可用於構建SSL Socket Factory。請包括必要的進口聲明:

SSLSocketFactory buildSSLSocketFactory() throws Exception { 
    SSLContext sslcontext = null; 

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 
    KeyStore trustks = KeyStore.getInstance("JKS"); 
    File trustcert = new File("path to truststore"); 
    InputStream truststream = new FileInputStream(trustcert); 
    trustks.load(truststream, "password".toCharArray()); 
    truststream.close(); 
    tmf.init(trustks); 

    try { 
     sslcontext = SSLContext.getInstance("TLS"); 

     sslcontext.init(new KeyManager[0], 
       tmf.getTrustManagers() , 
       new SecureRandom()); 
    } catch (NoSuchAlgorithmException e) { 
     System.out.println("Exception :"+e);  
    } catch (KeyManagementException e) { 
     System.out.println("Exception :"+e); 
    } 

    SSLSocketFactory factory = sslcontext.getSocketFactory(); 

    return factory; 
}

來源

2015-02-06 09:03:11

相關問題

 相關問題