如何在不使用System.setProperty()的情况下设置密钥库和信任库

Question

如何在不使用System.setProperty()的情况下设置密钥库和信任库

4

我有一个客户端证书存储在我的密钥库中，同时服务器的公共证书存储在我的信任库中。

目前，我正在设置我的密钥库和信任库：

System.setProperty("javax.net.ssl.keyStoreType", "pkcs12");
System.setProperty("javax.net.ssl.keyStore", Constants.APPLICATION_HOME + File.separatorChar + this.certificateName);
System.setProperty("javax.net.ssl.keyStorePassword", certificatePass);

System.setProperty("javax.net.ssl.trustStore", Constants.APPLICATION_HOME + File.separatorChar + "jssecacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStoreType", "JKS");

不过我希望在不使用System.setProperty()的情况下完成。至少对于密钥库部分，信任库可以保持不变。我尝试了以下代码：

keyStore = KeyStore.getInstance("PKCS12");

InputStream keyStoreData = new FileInputStream(Constants.APPLICATION_HOME + File.separatorChar + this.certificateName);
this.keyStore.load(keyStoreData, certificatePass.toCharArray());

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(this.keyStore);

TrustManager[] trustManagers = trustFactory.getTrustManagers();

sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustManagers, null);
SSLContext.setDefault(sslContext);

但是，就我所看到的，那是将信任库设置为客户端证书，因此我的握手失败了，因为现在我的信任库中只有客户端证书，没有来自我的jssecacerts文件的服务器证书。它会显示以下错误：

http-bio-8080-exec-10，处理异常： javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException：PKIX路径构建失败： sun.security.provider.certpath.SunCertPathBuilderException：无法找到请求目标的有效认证路径

我该如何实现这个？

- lovrodoe

1个回答

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Hrvoje · Accepted Answer

这个例子可以帮助你：

import java.io.File;
import java.io.FileInputStream;
import java.net.InetAddress;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;

import java.security.KeyStore;

import org.java_websocket.server.DefaultSSLWebSocketServerFactory;

public class EventWebSocketSecureServer extends EventWebSocketServer {

    private static EventWebSocketSecureServer instance;

    public static EventWebSocketSecureServer instance() {
        return instance;
    }

    public EventWebSocketSecureServer(int port, InetAddress ip) {
        this(port, null, null, ip);
    }

    public EventWebSocketSecureServer(int port, String keystorepath, String keystorepassword, InetAddress ip) {
        super(port, ip);

        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            char ksPassword[] = keystorepassword.toCharArray();
            if (!keystorepath.equals("")) {
                KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(new FileInputStream(new File(keystorepath)), ksPassword);

                KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
                kmf.init(ks, ksPassword);
                TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
                tmf.init(ks);

                sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            } else {
                sslContext.init(null, null, null);
            }
            this.setWebSocketFactory(new DefaultSSLWebSocketServerFactory(sslContext));
        } catch (Exception e) {
            com.gmt2001.Console.out.println("Secure EventSocketServer failed: " + e);
            e.printStackTrace();
        }
    }
}

https://www.programcreek.com/java-api-examples/?code=GloriousEggroll/quorrabot/quorrabot-master/src/com/simeonf/EventWebSocketSecureServer.java