我将 Restlet 2.1.2 和 2.2 M3 与 Jetty 一起用于 https(也使用了简单框架)。我使用的证书由 Comodo 签名。
我已将 AddTrust 根证书和 Comodo 中间证书添加到jre/lib/security/cacerts
(openjdk 7)。为了确保它们是正确的,我在向服务器发出请求后从 Firefox 导出了它们。我使用 cacerts 作为信任库,并且我有另一个密钥库文件,其中添加了证书和私钥。
正如我所提到的,在向服务器发出 https 请求之前,我最初使用的是 Firefox。Firefox 得到答案,证书有效并被接受。尽管服务器已经发送了答案,但它似乎无法正确处理连接。
这是我认为有趣的日志的一小部分(调试模式):
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=6 lim=6 cap=16921], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL engine result: Status = OK HandshakeStatus = FINISHED
bytesConsumed = 0 bytesProduced = 69
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL connection: OPEN | true | Interest= READ , Ready=READ , Canceling=false | 1d7f705[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | Status = BUFFER_OVERFLOW HandshakeStatus = NEED_WRAP
bytesConsumed = 0 bytesProduced = 0
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 69 bytes filled into buffer
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=69 lim=16921 cap=16921], FILLING, false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=0 lim=69 cap=16921], DRAINING, false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 69 bytes drained from buffer, 0 remaining bytes
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=69 lim=69 cap=16921], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true. Result: 75, try again: false, can loop: true, total filled: 75
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: FINISHED
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way setIoState
FINER: InboundWay#setIoState: INTEREST
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way setIoState
FINER: OutboundWay#setIoState: IDLE
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.OutboundWay onDrain
FINER: 75 bytes written
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 75 bytes drained from buffer at pre-processing, 0 remaining bytes
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true. Result: 75, try again: true, can loop: false, total filled: 0
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: NOT_HANDSHAKING
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Outbound way selected. Done for : IDLE, IDLE, java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: helper.control()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: controlConnections()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController controlConnection
FINEST: Connection status: OPEN | true | Interest= READ , Ready=NONE , Canceling=false | f4af1e[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | null
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController controlConnection
FINEST: Connection status: OPEN | true | Interest= READ , Ready=READ , Canceling=false | 1d7f705[SSLEngine[hostname=null port=-1] TLS_DHE_RSA_WITH_AES_256_CBC_SHA] | null
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Connection updateState
FINEST: Old connection NIO interest: Interest= READ , Ready=READ , Canceling=false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.Connection updateState
FINEST: New connection NIO interest: Interest= READ , Ready=NONE , Canceling=false
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: registerKeys()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: updateKeys()
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController doRun
FINEST: selectKeys(60000)
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController selectKeys
FINER: NIO controller about to sleep 60000 ms, selecting among 3 keys...
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController selectKeys
FINER: NIO controller selected 1 key(s) !
Αυγ 08, 2013 7:38:09 ΜΜ org.restlet.engine.connector.ConnectionController onSelected
FINEST: NIO selection detected for key: Interest= READ , Ready=NONE , Canceling=false
在多行之后,它抛出了众所周知的异常:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
at org.restlet.ext.ssl.internal.SslConnection.getSslClientCertificates(SslConnection.java:186)
at org.restlet.ext.ssl.internal.HttpsInboundRequest.<init>(HttpsInboundRequest.java:71)
at org.restlet.ext.ssl.HttpsServerHelper.createRequest(HttpsServerHelper.java:129)
at org.restlet.engine.connector.ServerInboundWay.readStartLine(ServerInboundWay.java:208)
at org.restlet.engine.connector.InboundWay.onDrain(InboundWay.java:249)
at org.restlet.engine.io.Buffer.process(Buffer.java:557)
at org.restlet.engine.connector.Way.processIoBuffer(Way.java:503)
at org.restlet.engine.connector.InboundWay.processIoBuffer(InboundWay.java:360)
at org.restlet.engine.connector.Way.onSelected(Way.java:456)
at org.restlet.util.SelectionRegistration.onSelected(SelectionRegistration.java:325)
at org.restlet.engine.connector.Connection.onSelected(Connection.java:612)
at org.restlet.util.SelectionRegistration.onSelected(SelectionRegistration.java:325)
at org.restlet.engine.connector.ConnectionController.onSelected(ConnectionController.java:219)
at org.restlet.engine.connector.ServerConnectionController.onSelected(ServerConnectionController.java:99)
at org.restlet.engine.connector.ConnectionController.selectKeys(ConnectionController.java:308)
at org.restlet.engine.connector.ConnectionController.doRun(ConnectionController.java:171)
at org.restlet.engine.connector.Controller.run(Controller.java:159)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)
并且服务器似乎继续使用像这样的几条日志行:FINER:Handling SSL handshake:NOT_HANDSHAKING
之后,我尝试从存折 iPhone 应用程序(这旨在成为存折 Web 服务)进行连接,并且服务器似乎进入了无法退出的循环。
以下是一些日志行:
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true. Result: -1, try again: false, can loop: true, total filled: 0
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: CLOSED
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Connection close
FINER: Closing connection to /83.235.173.2:19708 gracefully
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.OutboundWay onDrain
FINER: -1 bytes written
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: -1 bytes drained from buffer at pre-processing, 0 remaining bytes
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Draining buffer java.nio.HeapByteBuffer[pos=0 lim=0 cap=16916], DRAINING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Ending process of buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true. Result: -1, try again: false, can loop: true, total filled: 0
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslResult
FINER: Handling SSL result: OK
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection handleSslHandshake
FINER: Handling SSL handshake: NOT_HANDSHAKING
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Outbound way selected. Done for : READY, IDLE, java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Connection onSelected
FINEST: Entering into a connection READY loop
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.connector.Way onSelected
FINER: Processing IO for outbound way: READY, IDLE, java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Beginning process of buffer java.nio.HeapByteBuffer[pos=0 lim=16916 cap=16916], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Beginning process of buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: 0 bytes drained from buffer at pre-processing, 16921 remaining bytes
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.engine.io.Buffer process
FINEST: Filling buffer java.nio.HeapByteBuffer[pos=0 lim=16921 cap=16921], FILLING, true
Αυγ 08, 2013 7:50:56 ΜΜ org.restlet.ext.ssl.internal.SslConnection setSslResult
FINER: SSL engine result: Status = CLOSED HandshakeStatus = NOT_HANDSHAKING
而这个循环似乎是无穷无尽的。此外,CPU 负载达到 100%。