我正在尝试为我自己的一个个人项目构建一个 HTTPS Web 服务器,以帮助学习 Java 和网络,并且已经卡住了大约 9 个小时,所以我正在寻求帮助。
问题是,每当我实际尝试从输入流中读取数据时,我的 https 服务器都会因错误“ javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate ”而崩溃。我已经尝试在互联网上搜索了几个小时,尝试了不同的方法来生成密钥并尝试了所有这些,但不断收到其他错误消息。
如果重要的话,我正在做的是在我的计算机上运行我的 Java 应用程序,它绑定到端口 443,然后我打开 FireFox 连接到它,然后在它尝试从接受的套接字输入流中读取时进行调试(位置注明在代码中),它会因上面的致命错误而崩溃。如果一切正常,我应该有机会在 Firefox 中选择忽略 SSL 证书显示的 SSL 警告并继续页面,但我不能这样做,因为致命错误导致我的 java ssl 崩溃网络服务器。
我如何生成证书:
#GENERATE KEYS
keytool -genkeypair -alias plainserverkeys -keyalg RSA -dname "CN=Plain Server,OU=kl2217,O=kl2217org,L=Boston,ST=MA,C=US" -keypass password -keystore plainserver.jks -storepass password
keytool -genkeypair -alias plainclientkeys -keyalg RSA -dname "CN=Plain Client,OU=kl2217,O=kl2217org,L=Boston,ST=MA,C=US" -keypass password -keystore plainclient.jks -storepass password
#EXPORT SERVER CERT + IMPORT NEW KEYSTORE
keytool -exportcert -alias plainserverkeys -file serverpub.cer -keystore plainserver.jks -storepass password
keytool -importcert -keystore serverpub.jks -alias serverpub -file serverpub.cer -storepass password
#EXPORT CLIENT CERT + IMPORT NEW KEYSTORE
keytool -exportcert -alias plainclientkeys -file clientpub.cer -keystore plainclient.jks -storepass password
keytool -importcert -keystore clientpub.jks -alias clientpub -file clientpub.cer -storepass password
#EXPORT PLAIN CLIENT CERT + IMPORT TO MAIN JAVA KEYSTORE
keytool -export -alias plainclientkeys -keystore plainclient.jks -rfc -file plainclient.cert
keytool -import -trustcacerts -keystore /usr/java/jdk1.7.0_25/jre/lib/security/cacerts -storepass changeit -noprompt -alias mycert -file plainclient.cert
源代码:
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class Main
{
public static void main(String[] args)
{
SSLContext context;
KeyManagerFactory kmf;
KeyStore ks;
char[] storepass = "password".toCharArray();
char[] keypass = "password".toCharArray();
String storename = "plainserver.jks";
try
{
//KEY MANAGER
context = SSLContext.getInstance("TLS");
kmf = KeyManagerFactory.getInstance("SunX509");
FileInputStream fin = new FileInputStream(storename);
ks = KeyStore.getInstance("JKS");
ks.load(fin, storepass);
kmf.init(ks, keypass);
//TRUST MANAGER
KeyStore clientPub = KeyStore.getInstance("JKS");
clientPub.load(new FileInputStream("clientpub.jks"),"password".toCharArray());
TrustManagerFactory trustManager = TrustManagerFactory.getInstance("SunX509");
trustManager.init(clientPub);
//INIT SERVER STUFF
context.init(kmf.getKeyManagers(), trustManager.getTrustManagers(), null);
SSLServerSocketFactory ssf = context.getServerSocketFactory();
//ServerSocket ss = ssf.createServerSocket(443);
SSLServerSocket ss = (SSLServerSocket) ssf.createServerSocket(443);
while (true)
{
System.out.println("ACCEPT");
Socket s = ss.accept();
System.out.println("PROCESS! (1)");
BufferedReader in = new BufferedReader(new InputStreamReader(s.getInputStream()));
System.out.println("PROCESS! (2)");
String x = in.readLine(); //!!!!!PROGRAM WILL CRASH HERE!!!!
System.out.println("PROCESS! (3)");
System.out.println(x);
s.close();
}
}
catch (KeyStoreException | IOException | NoSuchAlgorithmException | KeyManagementException |
UnrecoverableKeyException | CertificateException e)
{
e.printStackTrace();
}
}
}
我已经坚持了很长时间,并想尝试找出问题所在以及原因。我到处搜索,尝试了大约 15 个关于生成证书、密钥的不同教程,甚至使用其他代码来替换我自己的代码,看看这是否是我的问题的原因。我仍在学习 Java,如果您提供任何帮助(代码或其他),我将不胜感激,所有专家都可以提供。