需要一些指导。Java Webstart Truststore SSL
我有java webstart应用程序,我希望它通过SSL连接到服务器。只需添加如下属性:System.setProperty(“javax.net.ssl.trustStore”,“my.keystore”);但既然从服务器下载的JAWS程序无法正常工作,并且本地文件系统上没有my.keystore。所以决定将证书分发给所有的客户。我做了以下工作。
- 以流的形式读取此信任存储(使用getResourceAsStream方法)。
- 将其保存在客户机上的任何文件中(sometemp)
- 调用System.setProperty(“javax.net.ssl.trustStore”,trustStorePath);
但我相信肯定有比这更好的解决方案..任何想法,使其更好?
-Padur =========================== ** =========== ==
/**
* */
package util;
/**
* @author spaduri
*
*/
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
public class CustomSSLSocketFactory extends SSLSocketFactory {
private SSLSocketFactory factory;
public CustomSSLSocketFactory() {
try {
SSLContext sslcontext = null;
// Call getKeyManagers to get suitable key managers
KeyManager[] kms=getKeyManagers();
if (sslcontext == null) {
sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(kms,
new TrustManager[] { new CustomTrustManager() },
new java.security.SecureRandom());
}
factory = (SSLSocketFactory) sslcontext.getSocketFactory();
} catch (Exception ex) {
ex.printStackTrace();
}
}
public static SocketFactory getDefault() {
return new CustomSSLSocketFactory();
}
public Socket createSocket(Socket socket, String s, int i, boolean flag) throws IOException {
return factory.createSocket(socket, s, i, flag);
}
public Socket createSocket(InetAddress inaddr, int i, InetAddress inaddr1, int j) throws IOException {
return factory.createSocket(inaddr, i, inaddr1, j);
}
public Socket createSocket(InetAddress inaddr, int i) throws IOException {
return factory.createSocket(inaddr, i);
}
public Socket createSocket(String s, int i, InetAddress inaddr, int j) throws IOException {
return factory.createSocket(s, i, inaddr, j);
}
public Socket createSocket(String s, int i) throws IOException {
return factory.createSocket(s, i);
}
public String[] getDefaultCipherSuites() {
return factory.getSupportedCipherSuites();
}
public String[] getSupportedCipherSuites() {
return factory.getSupportedCipherSuites();
}
protected KeyManager[] getKeyManagers()
throws IOException, GeneralSecurityException
{
// First, get the default KeyManagerFactory.
String alg=KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmFact=KeyManagerFactory.getInstance(alg);
// Next, set up the KeyStore to use. We need to load the file into
// a KeyStore instance.
ClassLoader cl = CustomSSLSocketFactory.class.getClassLoader();
// read the file someTrustStore from the jar file from a classpath
InputStream in = cl.getResourceAsStream("ssl/someTruststore.jks");
//FileInputStream fis=new FileInputStream(adentTruststore.jks);
KeyStore ks=KeyStore.getInstance("jks");
ks.load(in, null);
in.close();
// Now we initialise the KeyManagerFactory with this KeyStore
kmFact.init(ks, null);
// And now get the KeyManagers
KeyManager[] kms=kmFact.getKeyManagers();
return kms;
}
}
package util;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class CustomTrustManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] cert, String authType) {
return;
}
public void checkServerTrusted(X509Certificate[] cert, String authType) {
return;
}
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
拉兹感谢您的耐心,努力学习,当我得到一些时间。 我开始写我自己的CustomSSLSocketFactory ..现在我正在绕过安全......基于白金解决方案的例子。如果我这样做......将信息作为网络上的明文传递?
现在我想知道我应该如何处理信任库文件“sometruststore.jks”文件。我应该怎么做..我有我自己的定制信任管理软件吗? 请指导我正确的方向。
-padur
该信息不会是明文。它将被加密,但未经过验证,因为此代码认为所有证书都是可信的。 您不必编写自己的信任管理器来处理.jks文件。看看下面的答案,看看你可以传递一个KeyStore实例到SSLSocketFactory子类。您可以通过加载(如果不在类路径中),以与原始代码中相同的方式获取该实例。 – laz 2010-06-08 18:49:57