62,623
社区成员
发帖
与我相关
我的任务
分享java安全套接字编程访问tomcat出现问题
package org.sklse.interoperation.http;
import java.io.FileInputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
/**
* 该类用来测试tomcat的ssl
*
* @author PENGTAO
*
*/
public class TestSSL {
public static void main(String[] args) throws Exception {
SSLSocketFactory factory = null;
SSLContext ctx = null;
KeyManagerFactory kmf = null;
TrustManagerFactory tmf = null;
KeyStore ks;
KeyStore ts;
char[] passphrase = "changeit".toCharArray();
ts = KeyStore.getInstance("JKS");
ks = KeyStore.getInstance("JKS");
ts.load(new FileInputStream("e:\\keystore\\client.keystore"), passphrase);
ks.load(new FileInputStream("e:\\keystore\\client.keystore"), passphrase);
// System.setProperty("javax.net.ssl.trustStore",
// "e:\\client.keystore");
ctx = SSLContext.getInstance("SSL");
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
// 使用HttpURLConnection亦可
HttpURLConnection connection = (HttpsURLConnection) new URL(
"https://127.0.0.1:443").openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setUseCaches(false);
connection.setDefaultUseCaches(false);
connection.connect();
int responseCode = connection.getResponseCode();
String responseMessage = connection.getResponseMessage();
System.out.println("rc: " + responseCode);
System.out.println("rm: " + responseMessage);
}
}
server.xml部分代码如下:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="changeit"/>
//443端口要对客户端进行验证
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="changeit"/>
server.keystore内容为:
client, 2007-12-14, trustedCertEntry,
认证指纹 (MD5): 4D:D2:31:0D:AD:4A:F2:EA:8A:85:09:1B:55:E0:CF:8D
tomcat, 2007-12-12, PrivateKeyEntry,
认证指纹 (MD5): DC:77:BB:67:5B:49:A3:65:98:D3:C3:8F:4C:07:A0:B0
client.keystore内容为:
client, 2007-12-14, PrivateKeyEntry,
认证指纹 (MD5): 4D:D2:31:0D:AD:4A:F2:EA:8A:85:09:1B:55:E0:CF:8D
tomcat, 2007-12-14, trustedCertEntry,
认证指纹 (MD5): DC:77:BB:67:5B:49:A3:65:98:D3:C3:8F:4C:07:A0:B0
其中,server.keystore放在tomcat下,访问8443端口没有问题,但是访问443端口就有问题,抛出异常:
Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:722)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1368)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:606)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at org.sklse.interoperation.http.TestSSL.main(TestSSL.java:66)
我的分不多,所以给不了那么多,但恳请指点!!!十分感谢。
import java.io.FileInputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
/**
* 该类用来测试tomcat的ssl
*
* @author PENGTAO
*
*/
public class TestSSL {
public static void main(String[] args) throws Exception {
SSLSocketFactory factory = null;
SSLContext ctx = null;
KeyManagerFactory kmf = null;
TrustManagerFactory tmf = null;
KeyStore ks;
KeyStore ts;
char[] passphrase = "changeit".toCharArray();
ts = KeyStore.getInstance("JKS");
ks = KeyStore.getInstance("JKS");
ts.load(new FileInputStream("e:\\keystore\\client.keystore"), passphrase);
ks.load(new FileInputStream("e:\\keystore\\client.keystore"), passphrase);
// System.setProperty("javax.net.ssl.trustStore",
// "e:\\client.keystore");
ctx = SSLContext.getInstance("SSL");
kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, passphrase);
tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ts);
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = ctx.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
// 使用HttpURLConnection亦可
HttpURLConnection connection = (HttpsURLConnection) new URL(
"https://127.0.0.1:443").openConnection();
connection.setRequestMethod("POST");
connection.setDoInput(true);
connection.setDoOutput(true);
connection.setUseCaches(false);
connection.setDefaultUseCaches(false);
connection.connect();
int responseCode = connection.getResponseCode();
String responseMessage = connection.getResponseMessage();
System.out.println("rc: " + responseCode);
System.out.println("rm: " + responseMessage);
}
}
server.xml部分代码如下:
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="changeit"/>
//443端口要对客户端进行验证
<Connector protocol="org.apache.coyote.http11.Http11Protocol"
port="443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="server.keystore"
keystorePass="changeit"/>
server.keystore内容为:
client, 2007-12-14, trustedCertEntry,
认证指纹 (MD5): 4D:D2:31:0D:AD:4A:F2:EA:8A:85:09:1B:55:E0:CF:8D
tomcat, 2007-12-12, PrivateKeyEntry,
认证指纹 (MD5): DC:77:BB:67:5B:49:A3:65:98:D3:C3:8F:4C:07:A0:B0
client.keystore内容为:
client, 2007-12-14, PrivateKeyEntry,
认证指纹 (MD5): 4D:D2:31:0D:AD:4A:F2:EA:8A:85:09:1B:55:E0:CF:8D
tomcat, 2007-12-14, trustedCertEntry,
认证指纹 (MD5): DC:77:BB:67:5B:49:A3:65:98:D3:C3:8F:4C:07:A0:B0
其中,server.keystore放在tomcat下,访问8443端口没有问题,但是访问443端口就有问题,抛出异常:
Exception in thread "main" java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:129)
at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:722)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1368)
at com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:103)
at com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:606)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:808)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:734)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:197)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:511)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:449)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:817)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1029)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1056)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1040)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at org.sklse.interoperation.http.TestSSL.main(TestSSL.java:66)
我的分不多,所以给不了那么多,但恳请指点!!!十分感谢。
...全文
请发表友善的回复…
发表回复
pptt418345584 2008-03-09
- 打赏
- 举报
结贴,问题已经找到了,还需要配置tomcat的truststoreFile
