我的团队在尝试使用 HTTPS 完成相互握手时遇到以下问题
main, READ: TLSv1.2 Handshake, length = 30
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA256withRSA, Unknown (hash:0x4, signature:0x2), SHA256withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA
Cert Authorities:
<Empty>
main, READ: TLSv1.2 Handshake, length = 4
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
我的JAVA类如下
public class ClientCustomSSL {
@SuppressWarnings("deprecation")
public final static void main(String[] args) throws Exception {
// Trust own CA and all self-signed certs
final String CLIENT_KEYSTORE = "yourkeystore.jks";
final String CLIENT_TRUSTSTORE = "catruststore.jks";
final char[] KEYPASS_AND_STOREPASS_VALUE = "Hello1".toCharArray();
System.setProperty("https.protocols", "TLSv1");
//SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keystore, keyPassword)(YK,"Hello1".toCharArray(),"Hello1".toCharArray()).loadTrustMaterial(CA, "Hello1".toCharArray(), (TrustStrategy) new TrustSelfSignedStrategy()).build();
KeyStore clientTrustStore = getStore(CLIENT_TRUSTSTORE, KEYPASS_AND_STOREPASS_VALUE);
KeyStore clientKeyStore = getStore(CLIENT_KEYSTORE, KEYPASS_AND_STOREPASS_VALUE);
SSLContext sslContext = SSLContexts.custom().loadKeyMaterial(clientKeyStore, "Hello1".toCharArray()).loadTrustMaterial(clientTrustStore,(TrustStrategy) new TrustSelfSignedStrategy()).build();
CloseableHttpClient httpclient = HttpClients.custom().setSSLContext(sslContext).build();
System.out.println("SSLCONETXT **** " + sslContext.getProvider());
try {
HttpGet httpget = new HttpGet("https://myserver:10220");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
System.out.println("Inside TRY blcok");
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
EntityUtils.consume(entity);
} catch (Exception e) {
e.getMessage();
e.printStackTrace();
}
finally {
response.close();
}
} finally {
httpclient.close();
}
}
public static KeyStore getStore(final String storeFileName, final char[] password) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException
{
final String JAVA_KEYSTORE = "jks";
final KeyStore store = KeyStore.getInstance(JAVA_KEYSTORE);
URL url = ClientCustomSSL.class.getClassLoader().getResource(storeFileName);
String workingDir = System.getProperty("user.dir");
System.out.println("Current working directory : " + workingDir);
System.out.println("Value of URL *** " + url);
InputStream inputStream = url.openStream();
try {
store.load(inputStream, password);
} finally {
inputStream.close();
}
return store;
}
}
我正在准备一个 jar 文件并从 UNIX 机器上测试它
使用以下命令 java -Djavax.net.debug=ssl -cp snSSLclientTrustWithStoreCCC.jar cassandra.cass.ClientCustomSSL
我已关注帖子 why doesn't java send the client certificate during SSL handshake? 并完成了 Bruno 提到的所有步骤。
我不确定我在这里遗漏了什么。任何帮助将不胜感激
最佳答案
- 客户端无法在其 keystore 中找到由
CertificateRequest
消息中提到的任何签名者直接或间接签名的证书。 - 原因是服务器没有在该消息中指定任何受信任的签名者。
- 这反过来意味着服务器的信任库是空的。
关于java - 警告 : no suitable certificate found - continuing without client authentication,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37869430/