我在 JavaRMI 应用程序中的 SSL 握手一开始就遇到了一些麻烦。
我的应用程序可以很好地使用标准 RMI 套接字,但如果我按照本指南将默认套接字更改为 SSL 套接字,它不会完成握手:https://blogs.oracle.com/lmalventosa/entry/using_the_ssl_tls_based
因此,我更改了可激活服务器的构造函数
public MyActivatableServer(ActivationID id, MarshalledObject<MyType> obj)
throws RemoteException
{
// Some code ...
// int port = ...
// Other code ...
Activatable.exportObject(this, id, port);
}
到
public MyActivatableServer(ActivationID id, MarshalledObject<MyType> obj)
throws RemoteException
{
// Some code ...
// int port = ...
// Other code ...
Activatable.exportObject(this, id, port, new SslRMIClientSocketFactory(),
new SslRMIServerSocketFactory());
}
然后我按照本指南创建了一个 keystore 和一个信任库:http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore
此时在服务器端我有这些文件:
- keystore (密码为:“password”);
- truststore(密码为:“trustword”);
- user.cer(自签名证书)。
我在客户端复制了 trustore 和 user.cer。
最后,我将这些属性添加到启动可激活服务器的 JVM 中:
- -Djavax.net.ssl.keyStore=keystore
- -Djavax.net.ssl.keyStorePassword=密码
在我添加的客户端 JVM 上:
- -Djavax.net.ssl.trustStore=truststore
- -Djavax.net.ssl.trustStorePassword=trustword
- -Djavax.net.debug=ssl
这是 ssl 调试的完整输出:http://pastebin.com/sxbLhTnF
我不明白为什么客户端在“ClientHello”之后收到警报:
*** ClientHello, TLSv1
RandomCookie: GMT: 1410959810 bytes = { 20, 172, 181, 158, 246, 172, 183, 30, 232, 42, 80, 36, 77, 5, 67, 56, 30, 191, 170, 142, 14, 2, 113, 241, 183, 154, 213, 24 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
main, WRITE: TLSv1 Handshake, length = 149
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
最佳答案
Finally I added these properties to the JVM which launch the Activatable Server:
-Djavax.net.ssl.keyStore=keystore
-Djavax.net.ssl.keyStorePassword=password
您需要在安装程序的 ActivationGroupDesc 中定义这些属性。
关于java - JavaRMI 应用程序中的 SSL 握手错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/25906942/