3

我一直在开发一个 java activemq 客户端软件来连接到一个 ssl 驱动的代理,但是通过以下方式以编程方式设置信任库:

// Configure the secure connection factory.
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
connectionFactory.setTrustStore("/conf/client.ts"); // truststore which includes the certificate of the broaker
connectionFactory.setTrustStorePassword("password");

如此处所示。然而,那抛出一个

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败错误

遵循 QA Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed 错误的响应?通过将代理证书添加到我的 java 安装的受信任证书中,我能够成功地将客户端连接到代理。

但是,在这种情况下,我不希望每个使用应用程序的用户都在他们的 java 发行版中导入证书,而是希望客户端应用程序已经携带了代理证书。我如何最好使用 ActiveMQSslConnectionFactory 类来做到这一点?

4

2 回答 2

1

据我了解,您需要信任所有传入的自签名证书。

您可以尝试这种方式(创建一个不验证的信任管理器,然后注册它:

TrustManager[] trustAllCerts = new TrustManager[] { 
    new X509TrustManager() {     
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
            return null;
        } 
        public void checkClientTrusted( 
            java.security.cert.X509Certificate[] certificates, String authType) {
            } 
        public void checkServerTrusted( 
            java.security.cert.X509Certificate[] certificates, String authType) {
        }
    } 
}; 

try {
    SSLContext sslContext = SSLContext.getInstance("SSL"); 
    sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); 
    HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
} catch (GeneralSecurityException e) {
} 

//then do the ssl conversation.
于 2013-05-25T08:58:30.620 回答
0

我仍然没有设法使用以下setTrustStore方法以编程方式设置信任库ActiveMQSslConnectionFactory

但是根据@Chris 的响应,可以将一个接受所有证书的新信任管理器附加到ActiveMQSslConnectionFactory.

为此,我创建了与他相同的 TrustManager,但使用不同的方法将其链接到ActiveMQSslConnectionFactory

TrustManager[] trustAllCerts = new TrustManager[] { 
    new X509TrustManager() {     
        public java.security.cert.X509Certificate[] getAcceptedIssuers() { 
            return null;
        } 
        public void checkClientTrusted( 
            java.security.cert.X509Certificate[] certificates, String authType) {
            } 
        public void checkServerTrusted( 
            java.security.cert.X509Certificate[] certificates, String authType) {
        }
    } 
}; 

try {
    String connectionString = "ssl://ipaddress:port"
    ActiveMQSslConnectionFactory factory = new  ActiveMQSslConnectionFactory(connectionString);
factory.setKeyAndTrustManagers(null, trustAllCerts, new SecureRandom());
    Connection connection = factory.createConnection(user,password);
    connection.start(); 

} catch (Exception e) {
}
于 2013-05-30T11:59:23.357 回答