javax websocket客户端ssl连接
Posted
技术标签:
【中文标题】javax websocket客户端ssl连接【英文标题】:javax websocket client ssl connection 【发布时间】:2018-04-03 16:52:37 【问题描述】:我对 javax.websocket 有疑问(使用 Eclipse IDE 和 Jetty 9 服务器)。 我写了 ClientEnpdoint (带有所有注释)。此代码适用于“ws://”但我在尝试使用“wss://”时遇到问题。
我正在尝试使用 SSLContext,但不知道如何将 SSLContextFactory 添加到我的会话或套接字容器中。
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.KeyStore;
import java.util.Date;
import java.text.SimpleDateFormat;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import javax.websocket.*;
import javax.websocket.CloseReason.CloseCodes;
import javax.websocket.ClientEndpointConfig;
import javax.websocket.WebSocketContainer;
@ClientEndpoint
public class ScriptSocketJavax extends Thread
final static Logger logger = LogManager.getLogger(ScriptSocketJavax.class);
public int checkWork;
private String type;
private String opertr;
private String client;
private Date date = new Date();
private SimpleDateFormat formatForDateNow = new SimpleDateFormat("MM/dd/yyyy");
private Session session;
private URI uri;
WebSocketContainer container;
ClientEndpointConfig endpointConfig;
public ScriptSocketJavax(String opertr, String client, String type) throws Exception
this.checkWork = 0;
this.uri = URI.create("wss://*****"); //ws://****
this.type = type;
this.client = client;
this.opertr = opertr;
this.container = ContainerProvider.getWebSocketContainer();
this.container.setDefaultMaxTextMessageBufferSize(1024*1024);
this.container.setDefaultMaxBinaryMessageBufferSize(1024*1024);
try
String STORETYPE = "JKS";
String KEYSTORE = "C:\\****";
String STOREPASSWORD = "123456";
String KEYPASSWORD = "123456";
KeyStore ks = KeyStore.getInstance(STORETYPE);
ks.load(new FileInputStream(KEYSTORE), STOREPASSWORD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, KEYPASSWORD.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext sslContext = null;
sslContext = SSLContext.getInstance( "TLS" );
sslContext.init( kmf.getKeyManagers(), tmf.getTrustManagers(), null );
sslContext.getSocketFactory();
SSLSocketFactory factory = sslContext.getSocketFactory();
this.session = this.container.connectToServer(this, this.uri); //obj, not class
或者我怎样才能使所有连接都可信?
堆栈跟踪:
java.io.IOException: Connect failure
at org.eclipse.jetty.websocket.jsr356.ClientContainer.connect(ClientContainer.java:231)
at org.eclipse.jetty.websocket.jsr356.ClientContainer.connectToServer(ClientContainer.java:261)
at com.stepanov.utils.ScriptSocketJavax.<init>(ScriptSocketJavax.java:80)
...
at java.lang.Thread.run(Unknown Source)
Caused by: org.eclipse.jetty.websocket.api.UpgradeException: 0 null
...
at org.eclipse.jetty.websocket.client.WebSocketUpgradeRequest.onComplete(WebSocketUpgradeRequest.java:513)
... 3 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
...
... 15 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 23 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 29 more
【问题讨论】:
所有连接?它被问了很多次,看到这个包含 TrustManager 代码的问题:***.com/q/49454296/7748072。 【参考方案1】:首先,您的 JAVA 应该信任 URI 的证书。要使其受 JAVA 信任,您需要将证书添加到 java 密钥库。
【讨论】:
是的,我做到了。但是我如何将 websocket 与证书相关联? 如果您可以发布错误的完整堆栈跟踪会更好 添加了堆栈跟踪。我认为这是因为我将一个普通的 websocket 放在了参数中,证书没有以任何方式与之绑定 你能用 java -Djavax.net.ssl.trustStore=trustStore 试试这个选项以上是关于javax websocket客户端ssl连接的主要内容,如果未能解决你的问题,请参考以下文章
连接打开后如何从javax websocket服务器获取消息
使用 ClientWebSocket 实现与 Websocket 服务器的安全 (SSL) 连接
在 SSL WebSocket 连接 (wss) 中拦截请求