已更新
当我尝试运行服务器时,我收到了一个SSL握手异常(javax.net.ssl.SSLHandshakeException: no cipher suites in common)。远程方法只添加两个整数,并且应该返回结果。
这是调试设置为"全部"的例外(这是出于学术目的):
f4e@ubuntu:~/src$ java -cp /home/f4e/src:/home/f4e/public_html/classes/compute.jar -Djavax.net.debug=all JavaMainServer
keyStore is : /home/f4e/src/serverkeystore
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : server
chain [0] = [
[
Version: V3
Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 18523315733382648428919797254180215121918680143007156020237354938904591444431012172536331570011181574721085963241699242853767649174345376352591591448005435254849892937718191287509551368398704906969172147973698519659824622806121999239096092356467792628227325721217980719230231762025485862089668075844884800711903665577397049161291123872070216055386733370538028317923384382556173303479769656151061580819536871500370959735685963256143202392828062573471002182934694101563872088260168888834961204862115930106248918201069963020941120542510624155122918649342520758653875037471445162406226513752022792866552462931171741371669
public exponent: 65537
Validity: [From: Sun Oct 12 07:56:20 PDT 2014,
To: Mon Oct 12 07:56:20 PDT 2015]
Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
SerialNumber: [ 66990436]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AB FB BA 6D C8 1E 01 C7 AF E7 4D F4 EC A2 A5 68 ...m......M....h
0010: D0 86 49 74 ..It
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 64 5D 21 4A 7F 0A 6E 2C FA 84 53 E2 32 C0 CF 0E d]!J..n,..S.2...
0010: 02 4E DE 2E 59 B2 5F 43 BF 5F A8 95 65 1C 28 02 .N..Y._C._..e.(.
0020: 50 C7 9A 4A E0 CF 88 5B 62 6E C6 97 92 64 13 F0 P..J...[bn...d..
0030: CE BA FD C9 51 1F 02 D3 02 05 93 2B 93 C1 35 0E ....Q......+..5.
0040: C2 1B 5F BA 97 63 B3 85 06 17 72 23 74 EA 40 04 .._..c....r#t.@.
0050: 40 31 36 AB 6D 93 DE 5B 6F 4F BB A1 0E 7A 55 AD @16.m..[oO...zU.
0060: AE C6 C2 07 D1 2D 36 CF E8 93 B1 1E 36 F6 6E E8 .....-6.....6.n.
0070: FE 37 7B 88 E8 B5 3E 01 62 5F 2D 0F D6 7E 6D 41 .7....>.b_-...mA
0080: 01 48 09 61 87 2E 29 4F E8 73 D5 D1 5F 09 43 D4 .H.a..)O.s.._.C.
0090: 88 0C 10 01 33 E7 5E 70 1D E9 54 0F 21 39 09 0F ....3.^p..T.!9..
00A0: E6 A9 43 64 B9 9C 09 BC 9B 5D 87 82 C0 70 58 60 ..Cd.....]...pX`
00B0: 84 56 E9 4B 48 76 CF 31 0F E9 33 5C 63 09 6B AA .V.KHv.1..3c.k.
00C0: 7D 2E C8 72 84 8D 7A 59 6C A1 CA E0 85 31 C5 CA ...r..zYl....1..
00D0: 37 55 6D E7 3A B6 12 FE 7E 06 FA 9D CB 74 BE 52 7Um.:........t.R
00E0: 12 17 41 B6 41 E8 06 97 21 C3 29 A0 C6 50 D3 6A ..A.A...!.)..P.j
00F0: 42 99 22 CC F8 52 79 01 91 B1 6A 5B 81 3C 78 F6 B."..Ry...j[.<x.
]
***
trustStore is: /home/f4e/src/servertruststore
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Issuer: CN=Server, OU=Security, O=UA, L=Aveiro, ST=Aveiro, C=PT
Algorithm: RSA; Serial number: 0x66990436
Valid from Sun Oct 12 07:56:20 PDT 2014 until Mon Oct 12 07:56:20 PDT 2015
trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256%% No cached client session
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
*** ClientHello, TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
RandomCookie: GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71
, Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false115, 180, 83, 192, 38, 54
, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes: len = 119
0000: 01 00 00 73 03 01 54 3C 51 5A 39 F5 F3 44 F9 A5 ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB 4E 28 6F C6 E5 33 92 1B Gs.S.&6.N(o..RMI TCP Connection(2)-192.168.190.129, setSoTimeout(7200000) called3..
0020:
57 0D 21 61 86 EF 00 00 38 C0 0A C0 14 00 35 C0 W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 12 00 0A 00 08 00 06 00 17 00 18 00 ................
0070: 19 00 0B 00 02 01 00 .......
main, WRITE: TLSv1 Handshake, length = 119
[Raw write]: length = 124[Raw read]: length = 5
0000: 16 03 01 00 77
0000: 16 03 01 .00 ..77 .01 w
[Raw read]: length = 11900 00
0000: 73 03 01 54 3C 51 5A 39 01 00 .00 .73 .03 .01 w.54 .3C . s.51 .5A T<QZ9
0010: 39 F5 F3 F5 44 F3 F9 44 F9 A5 A5 47 .73 .B4 . s.53 .T<QZ9.C0 .26 D.36 .EB
0010: 4E 47 28 73 6F B4 .53 .C0 D.26 .36 Gs.EB S. &6.4E N(o
0020: 28 C6 6F E5 C6 33 E5 92 33 92 1B 1B 57 Gs.0D S.&6.21 N(o. .61 3.86 .EF
0020: 00 57 00 0D 38 21 C0 61 0A 86 EF 00 .00 . 3.38 .C0 W.0A !a.C0 14 .00 .35 .C0 8. .W.
!a.0030: .C0 ..14 8.00 .35 .C0 ..05 5.C0
0F 0030: 05 00 C0 39 0F 00 00 38 39 00 C0 38 09 C0 C0 13 09 C0 13 00 2F C0 ...04 5.C0 . ......9..8.9..8......
0040: 00 .2F /.C0 ..04
C0 0040: 0E 0E 00 00 33 33 00 00 32 32 C0 07 C0 C0 07 11 00 05 C0 C0 02 11 C0 0C 00 C0 05 .../.3.2.........3...2..........
0050: 0050: 08 C0 C0 02 12 C0 00 0A 0C C0 C0 03 08 C0 C0 12 0D 00 00 16 00 13 00 0A 04 C0 00 03 C0 ..0D .00 ..16 . .....................
.0060: .FF .01 .00 .00
12 0060: 00 00 0A 13 00 00 04 08 00 00 FF 06 01 00 00 17 00 18 00 00 12 .00 .0A .00 ..08 .00 .06 .. ..............
.0070: .19 .00 .0B .00 .02 .01 .00 .
0070: 00 17 00 .18 .00 .19 ..00 .0B .
RMI TCP Connection(2)-192.168.190.129, READ: TLSv1 Handshake, length = 11900 02 01 00
*** ClientHello, TLSv1 ............
RandomCookie: GMT: 1413239130 bytes = { 57, 245, 243, 68, 249, 165, 71, 115, 180, 83, 192, 38, 54, 235, 78, 40, 111, 198, 229, 51, 146, 27, 87, 13, 33, 97, 134, 239 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 119
0000: 01 00 00 73 03 01 54 3C 51 5A 39 F5 F3 44 F9 A5 ...s..T<QZ9..D..
0010: 47 73 B4 53 C0 26 36 EB 4E 28 6F C6 E5 33 92 1B Gs.S.&6.N(o..3..
0020: 57 0D 21 61 86 EF 00 00 38 C0 0A C0 14 00 35 C0 W.!a....8.....5.
0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...
0040: 0E 00 33 00 32 C0 07 C0 11 00 05 C0 02 C0 0C C0 ..3.2...........
0050: 08 C0 12 00 0A C0 03 C0 0D 00 16 00 13 00 04 00 ................
0060: FF 01 00 00 12 00 0A 00 08 00 06 00 17 00 18 00 ................
0070: 19 00 0B 00 02 01 00 .......
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
%% Invalidated: [Session-2, SSL_NULL_WITH_NULL_NULL]
RMI TCP Connection(2)-192.168.190.129, SEND TLSv1 ALERT: fatal, description = handshake_failure
RMI TCP Connection(2)-192.168.190.129, WRITE: TLSv1 Alert, length = 2
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
JavaMainServer exception
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:304)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202)
at sun.rmi.server.UnicastRef.newCall(UnicastRef.java:341)
at sun.rmi.registry.RegistryImpl_Stub.rebind(Unknown Source)
at JavaMainServer.main(JavaMainServer.java:38)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at java.io.DataOutputStream.flush(DataOutputStream.java:123)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:229)
... 4 more
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
RMI TCP Connection(2)-192.168.190.129, called closeSocket()
RMI TCP Connection(2)-192.168.190.129, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
RMI TCP Connection(2)-192.168.190.129, called close()
RMI TCP Connection(2)-192.168.190.129, called closeInternal(true)这3个.java文件被更新,并解决了我的问题:
JavaMainServer.java
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
import java.rmi.RemoteException;
import java.net.*;
import java.util.*;
/**
*
* @author João
*/
public class JavaMainServer extends UnicastRemoteObject implements Compute {
public JavaMainServer() throws RemoteException {
super(0,
new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory(null, null, true));
}
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
try {
setSettings();
if (System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
String name = "Compute";
Compute add = new JavaMainServer();
Registry reg = LocateRegistry.getRegistry(null, 1099,
new SslRMIClientSocketFactory());
reg.rebind(name, add);
System.out.println("JavaMainServer bound");
} catch (Exception e) {
System.err.println("JavaMainServer exception");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "ssfbpwks";
System.setProperty("java.security.policy", "server.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
System.setProperty("java.rmi.server.hostname", "192.168.190.129");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/serverkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/servertruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
@Override
public int addCalculation(int a, int b) {
return a + b;
}
}JavaMainClient.java
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import javax.rmi.ssl.SslRMIClientSocketFactory;
/**
*
* @author João
*/
public class JavaMainClient {
/**
* @param args the command line arguments
*/
public static void main(String[] args) {
try {
setSettings();
if(System.getSecurityManager() == null) {
System.setSecurityManager(new SecurityManager());
}
String name = "Compute";
Registry reg = LocateRegistry.getRegistry(args[0], 1099,
new SslRMIClientSocketFactory());
Compute comp = (Compute) reg.lookup(name);
comp.addCalculation(Integer.parseInt(args[1]), Integer.parseInt(args[2]));
System.out.println(comp.addCalculation(Integer.parseInt(args[1]),
Integer.parseInt(args[2])));
} catch(Exception e) {
System.err.println("JavaMainClient exception:");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "csfbpwks";
System.setProperty("java.security.policy", "client.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntux/~f4e/classes/");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/clientkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/clienttruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
}RmiRegistry.java
import javax.rmi.ssl.SslRMIClientSocketFactory;
import javax.rmi.ssl.SslRMIServerSocketFactory;
import java.rmi.registry.LocateRegistry;
public class RmiRegistry {
public static void main(String[] args) {
try {
setSettings();
LocateRegistry.createRegistry(1099, new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory(null, null, true));
Thread.sleep(Long.MAX_VALUE);
} catch(Exception e) {
System.err.println("RmiRegistry exception:");
e.printStackTrace();
}
}
private static void setSettings() {
String pass = "rsfbpwks";
//System.setProperty("java.security.policy", "server.policy");
System.setProperty("java.rmi.server.codebase", "http://ubuntu/~f4e/classes/compute.jar");
System.setProperty("java.rmi.server.hostname", "192.168.190.129");
System.setProperty("javax.net.ssl.keyStore", "/home/f4e/src/regkeystore");
System.setProperty("javax.net.ssl.keyStorePassword", pass);
System.setProperty("javax.net.ssl.trustStore", "/home/f4e/src/regtruststore");
System.setProperty("javax.net.ssl.trustStorePassword", pass);
}
}我使用了以下UPDATED命令来创建密钥库、证书和信任库:
keytool -genkeypair -alias server -keyalg RSA -validity 365 -keystore serverkeystore
keytool -export -alias server -keystore serverkeystore -rfc -file server.cer
keytool -import -alias servercert -file server.cer -keystore servertruststore
keytool -genkeypair -alias client -keyalg RSA -validity 365 -keystore clientkeystore
keytool -export -alias client -keystore clientkeystore -rfc -file client.cer
keytool -import -alias clientcert -file client.cer -keystore clienttruststore
keytool -genkeypair -alias reg -keyalg RSA -validity 365 -keystore regkeystore
keytool -export -alias reg -keystore regkeystore -rfc -file reg.cer
keytool -import -alias regcert -file reg.cer -keystore regtruststore
keytool -import -alias regcert -file reg.cer -keystore servertruststore
keytool -import -alias clientcert -file client.cer -keystore servertruststore
keytool -import -alias regcert -file reg.cer -keystore clienttruststore
keytool -import -alias servercert -file server.cer -keystore clienttruststore
keytool -import -alias clientcert -file client.cer -keystore regtruststore
keytool -import -alias servercert -file server.cer -keystore regtruststore
谢谢你的帮助。
KeyStore与trustStore不同。同一个文件不能同时用作两者。您需要查看JSSE参考指南。在每种情况下,私钥和由此生成的证书都会进入您自己的KeyStore。导出的证书在每种情况下都会进入另一方的信任库,如果它是自签名的,否则两方都应该使用默认的信任库。
好吧,经过思考,我终于解决了自己的问题(我终于明白了SSL和证书的作用)。因此,首先,由于SSL,我正在运行自定义RmiRegistry,因此我需要在RmiRegistry上设置我在JavaMainServer上设置的属性,当然,还需要为其创建证书、密钥库和信任库。
在这之后,我得到了一个PKIX例外。经过思考,我意识到我必须将JavaMainServer证书导入RmiRegistry信任库,并将RmiRegistry证书导入到JavaMainServer信任库。此外,在客户端和服务器之间也要执行同样的操作。以前,我将JavaMainClient证书导入JavaMainClient信任库,将JavaMainServer证书仅导入JavaMainServer信任库,如果我正确理解该机制,这是愚蠢的。用我的最终代码更新了问题。