我正在使用 RMI 编写一个客户端服务器应用程序,我想保护客户端和服务器之间的流量。为此,我想使用 SslRMIClientSocketFactory
和 SslRMIServerSocketFactory
。
我已经为客户端和服务器创建了一个 key 对(client.private
和 server.private
),还为客户端和服务器创建了一个证书(client.public
和 server.public
)。
我认为我正确地将 key 对添加到 keystore 并将证书添加到信任库。 我只在导出对象时使用自定义套接字工厂,而不是在创建 RMI 注册表时使用。这是我的代码:
服务器:
public class Server implements ServerProtocol {
public Server() {
super();
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.public");
String passphrase = //
clientKeyStore.load(client, passphrase.toCharArray());
client.close();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.private");
String password = //
serverKeyStore.load(server, password.toCharArray());
server.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(clientKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(serverKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
LocateRegistry.createRegistry(2020).rebind("server", this);
UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
}
public void sayHello() {
System.out.println("Hello");
}
}
客户:
public class Client implements ClientProtocol {
public Client() {
SecureRandom sr = new SecureRandom();
sr.nextInt();
KeyStore serverKeyStore = KeyStore.getInstance("JKS");
FileInputStream server = new FileInputStream("src/server.public");
String passphrase = //
serverKeyStore.load(server, passphrase.toCharArray());
server.close();
KeyStore clientKeyStore = KeyStore.getInstance("JKS");
FileInputStream client = new FileInputStream("src/client.private");
String password = //
clientKeyStore.load(client, password.toCharArray());
client.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(serverKeyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(clientKeyStore, password.toCharArray());
SSLContext SSLC = SSLContext.getInstance("TLS");
SSLC.init(kmf.getKeyManagers(), tmf.getTrustManagers(), sr);
SslRMIClientSocketFactory csf = new SslRMIClientSocketFactory();
SslRMIServerSocketFactory ssf = new SslRMIServerSocketFactory(null, null, true);
Registry reg = LocateRegistry.getRegistry("localhost", 2020);
serverStub = (ServerService) reg.lookup("server");
stub = (ClientService) UnicastRemoteObject.exportObject(this, 2020, csf, ssf);
serverStub.sayHello();
}
}
当我运行它时,我收到以下错误消息:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:211)
at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:110)
at java.rmi.server.RemoteObjectInvocationHandler.invokeRemoteMethod(RemoteObjectInvocationHandler.java:178)
at java.rmi.server.RemoteObjectInvocationHandler.invoke(RemoteObjectInvocationHandler.java:132)
at com.sun.proxy.$Proxy0.sayHello(Unknown Source)
at project.Client.<init>(Client.java:100)
at project.Client.main(Client.java:785)
我使用以下命令创建 key 、导出和导入它们:
keytool -genkey -alias clientprivate -keystore client.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -genkey -alias serverprivate -keystore server.private -storetype JKS -keyalg rsa -storepass * -keypass * -validity 360
keytool -export -alias clientprivate -keystore client.private -file temp.key -storepass *
keytool -import -noprompt -alias clientpublic -keystore client.public -file temp.key -storepass *
keytool -export -alias serverprivate -keystore server.private -file temp.key -storepass *
keytool -import -noprompt -alias serverpublic -keystore server.public -file temp.key -storepass *
我是否需要配置其他东西才能使其正常工作? Eclipse 中有什么东西?
最佳答案
您正在使用 SSL 套接字工厂创建注册表,但没有向 getRegistry() 提供套接字工厂。
关于java - 带 SSL 的 RMI : Failed handshake,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23444004/