52

我已经设置了一个自签名证书来测试 ssl java 连接 - 但是,它拒绝找到 java trustStore。除了将类编译到的文件夹(我使用netbeans)和/java/jre6/bin之外,我还在/Java/jre6/lib/security中保存了它的副本,因为以上都不起作用,因为当我运行以下命令时 - trustStore = null。

public class ShowTrustStore {

    public static void main(String[] args) {

        System.setProperty("javax.net.ssl.keyStore", "keystore.jks");
        System.setProperty("javax.net.ssl.trustStrore", "cacerts.jks");
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");



        String trustStore = System.getProperty("javax.net.ssl.trustStore");
        if (trustStore == null) {
            System.out.println("javax.net.ssl.trustStore is not defined");
        } else {
            System.out.println("javax.net.ssl.trustStore = " + trustStore);
        }
    }
}

如何正确设置路径?

************更新************ 使用 getFile() 方法和更多调试数据:

package ssltest;

public class Main {

    public static void main(String[] args) {

//        System.setProperty("javax.net.ssl.keyStore", "/keystore.jks");
//        System.setProperty("javax.net.ssl.trustStrore", "/java.home/cacerts.jks");
//        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
//        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        try {
            Main.class.getResource("trustStore.jks").getFile();
        } catch (Exception e) {
            e.printStackTrace();
        }

        String trustStore = System.getProperty("javax.net.ssl.trustStore");

        if (trustStore == null) {
            String storeLoc;
            storeLoc = System.getProperty("java.class.path");
            System.out.println("classpath: " + storeLoc);
        }

        trustStore = System.getProperty("javax.net.ssl.trustStore");
        if (trustStore == null) {
            System.out.println("javax.net.ssl.trustStore is not defined");
        } else {
            System.out.println("javax.net.ssl.trustStore = " + trustStore);
        }
    }
}

运行:java.lang.NullPointerException 类路径:C:\Users\Main\Documents\NetBeansProjects\sslTest\build\classes;C:\Users\Main\Documents\NetBeansProjects\sslTest\src 在 ssltest.Main.main(Main.java :15) 未定义 javax.net.ssl.trustStore 构建成功(总时间:0 秒)

4

5 回答 5

78

你有一个错字 - 它是trustStore

除了使用 设置变量之外System.setProperty(..),您还可以使用

-Djavax.net.ssl.keyStore=path/to/keystore.jks
于 2010-01-26T10:06:37.800 回答
46

看起来你有一个错字——“trustStrore”应该是“trustStore”,即

System.setProperty("javax.net.ssl.trustStrore", "cacerts.jks");

应该:

System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");
于 2010-01-26T18:12:41.193 回答
13

两个都

-Djavax.net.ssl.trustStore=path/to/trustStore.jks


System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");

做同样的事情,明智地工作没有区别。在你的情况下,你只是有一个错字。你拼错trustStorejavax.net.ssl.trustStore.

于 2013-09-12T14:28:51.160 回答
2

或者,如果使用 javax.net.ssl.trustStore 指定信任库的位置不起作用(就像在我的情况下进行双向身份验证一样),您也可以使用 SSLContextBuilder ,如下例所示。此示例还包括如何创建 httpclient 以及展示 SSL 构建器如何工作。

SSLContextBuilder sslcontextbuilder = SSLContexts.custom();

sslcontextbuilder.loadTrustMaterial(
            new File("C:\\path to\\truststore.jks"), //path to jks file
            "password".toCharArray(), //enters in the truststore password for use
            new TrustSelfSignedStrategy() //will trust own CA and all self-signed certs
            );

SSLContext sslcontext = sslcontextbuilder.build(); //load trust store

SSLConnectionSocketFactory sslsockfac = new SSLConnectionSocketFactory(sslcontext,new String[] { "TLSv1" },null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());

CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsockfac).build(); //sets up a httpclient for use with ssl socket factory 



try { 
        HttpGet httpget = new HttpGet("https://localhost:8443"); //I had a tomcat server running on localhost which required the client to have their trust cert

        System.out.println("Executing request " + httpget.getRequestLine());

        CloseableHttpResponse response = httpclient.execute(httpget);
        try {
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());

            EntityUtils.consume(entity);
        } finally {
            response.close();
        }
    } finally {
        httpclient.close();
    }
于 2019-06-18T10:41:47.833 回答
0

正如其他人指出的那样,该属性存在拼写错误。

检查 JVM 是否使用配置的 trustStore 的另一种方法是添加属性:-Djavax.net.debug=all,这将打开调试消息。

应用程序启动后,它将打印出如下消息:

javax.net.ssl|DEBUG|11|parallel-1|2021-04-17 21:25:13.827 CST|TrustStoreManager.java:112|trustStore is: C:/path/to/the/trustStore

然后我们可以判断它是使用我们想要的还是JDK自带的默认的。

参考
于 2021-04-17T13:34:37.513 回答