我有一个 .crt 文件,我想使用 java 导入到 keystore 和信任库(首先创建 keystore 和信任库,然后导入)。
下面是我使用的代码:
import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslContextConfigurator;
import org.glassfish.tyrus.client.SslEngineConfigurator;
@ClientEndpoint
public class test {
private static CountDownLatch latch;
private Logger logger = Logger.getLogger(this.getClass().getName());
@OnOpen
public void onOpen(Session session) {
logger.info("Connected ... " + session.getId());
try {
session.getBasicRemote().sendText("start");
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@OnMessage
public String onMessage(String message, Session session) {
BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
try {
logger.info("Received ...." + message);
String userInput = bufferRead.readLine();
return userInput;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
@OnClose
public void onClose(Session session, CloseReason closeReason) {
logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
}
public static void main(String[] args) {
latch = new CountDownLatch(1);
ClientManager client = ClientManager.createClient();
try {
client.connectToServer(test.class, new URI("wss://x.x.x.x:8085"));
latch.await();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
我正在使用 tyrus websocket 客户端,所以我需要添加以下属性:
final ClientManager client = ClientManager.createClient();
System.getProperties().put("javax.net.debug", "all");
System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();
defaultConfig.retrieve(System.getProperties());
// or setup SSLContextConfigurator using its API.
SSLEngineConfigurator sslEngineConfigurator =
new SSLEngineConfigurator(defaultConfig, true, false, false);
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
sslEngineConfigurator);
client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
new URI("wss://localhost:8181/sample-echo/echo"));
}
那么,我如何创建 keystore 和信任库并将 .crt 导入其中。
最佳答案
我通过直接将.crt文件导入java keystore解决了上面的问题:
用于导入 java keystore
keytool -trustcacerts -keystore "/jdk/jre/lib/security/cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"
通过使用上面的命令,将验证服务器证书并实现连接,但是如果您想创建新的 keystore 并将 .crt 导入它,则意味着使用以下命令,它将创建类型为 .jks 的 keystore 。
用于创建 keystore 和导入 .crt
keytool -import -alias testalias -file test.crt -keypass keypass -keystore test.jks -storepass test@123
这里
keystore password : test@123
keypass : keypass
由于某些代码会进行验证,如果您使用的是 wss/https,它会询问 keystore /信任库配置,那么您可以使用上面在第 2 步中提到的配置(创建 keystore 和导入 .crt)。否则第 1 步(导入到 java keystore )就足够了。
关于java - 如何将 .crt 文件添加到 keystore 和信任库,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57453154/