我正在尝试在嵌入式码头 v9(使用 Java 8)上配置对称密钥密码套件。
测试服务器类如下:
import iaik.security.provider.IAIK;
import java.io.IOException;
import java.security.Security;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.server.Connector;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.servlet.ServletHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class TestJettyServer {
public static void main(String[] args) throws Exception {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setIncludeProtocols(new String[] { "TLSv1" });
Security.addProvider(new IAIK()); // third party provider for cipher suite "TLS_PSK_WITH_AES_128_GCM_SHA256"
sslContextFactory.setIncludeCipherSuites(new String[] { "TLS_PSK_WITH_AES_128_GCM_SHA256" });
HttpConfiguration https = new HttpConfiguration();
https.addCustomizer(new SecureRequestCustomizer());
Server server = new Server();
ServerConnector sslConnector = new ServerConnector(server, new SslConnectionFactory(sslContextFactory, "http/1.1"),
new HttpConnectionFactory(https));
sslConnector.setPort(9997);
Connector[] connectors = { sslConnector };
server.setConnectors(connectors);
ServletHandler handler = new ServletHandler();
server.setHandler(handler);
handler.addServletWithMapping(HelloServlet.class, "/*");
server.start();
server.join();
}
public static class HelloServlet extends HttpServlet {
/** The serialVersionUID. */
private static final long serialVersionUID = 1L;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.setContentType("text/html");
response.setStatus(HttpServletResponse.SC_OK);
response.getWriter().println("<h1>Hello SimpleServlet</h1>");
}
}
}
测试客户端类如下:
import iaik.security.provider.IAIK;
import java.security.Security;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.util.ssl.SslContextFactory;
public class TestJettyClient {
public static void main(String[] args) throws Exception {
SslContextFactory sslContextFactory = new SslContextFactory();
sslContextFactory.setIncludeProtocols(new String[] { "TLSv1" });
Security.addProvider(new IAIK()); // third party provider for cipher suite "TLS_PSK_WITH_AES_128_GCM_SHA256"
sslContextFactory.setIncludeCipherSuites(new String[] { "TLS_PSK_WITH_AES_128_GCM_SHA256" });
HttpClient httpClient = new HttpClient(sslContextFactory);
httpClient.setFollowRedirects(false);
httpClient.start();
httpClient.GET("https://localhost:9997");
}
}
正在运行的服务器上的日志是:
2014-12-17 13:00:55.056:INFO:oejs.Server:main: jetty-9.2.1.v20140609
2014-12-17 13:00:55.275:INFO:oejs.ServerConnector:main: 启动 ServerConnector@3fee9989{SSL-http/1.1}{0.0.0.0:9997}
2014-12-17 13:00:55.275:INFO:oejs.Server:main: 开始@598ms
在运行客户端上,服务器和客户端的日志是:
2014-12-17 13:01:01.509:WARN:oeji.SelectorManager:qtp94438417-19-selector-ServerConnectorManager@3131cfe0/0:通知连接时出现异常 SslConnection@436b1df3{NEED_WRAP,eio=-1/-1,di=- 1} -> HttpConnection@6a9d584{IDLE}
org.eclipse.jetty.io.RuntimeIOException:javax.net.ssl.SSLHandshakeException:没有适当的协议
在 org.eclipse.jetty.io.ssl.SslConnection.onOpen(SslConnection.java:151)
在 org.eclipse.jetty.io.SelectorManager.connectionOpened(SelectorManager.java:259) ...
引起:javax.net.ssl.SSLHandshakeException:没有适当的协议
在 sun.security.ssl.Handshaker.activate(Handshaker.java:483) ...
在我继续配置对称密钥存储之前,我想摆脱这个错误 - 没有适当的协议。