是否可以仅在 Java 中为本地主机创建安全 Websocket?

【问题标题】:Possible to create Secure Websocket in Java for localhost only?是否可以仅在 Java 中为本地主机创建安全 Websocket?
【发布时间】:2022-01-27 03:40:14
【问题描述】:

是否可以创建 Java SSL Websocket,以便对等方可以使用wss://127.0.0.1 进行连接?

我目前的实现是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory:

        WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
        // Make it secure
        char[] passphrase = tempPassword.toCharArray();
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        try (FileInputStream fis = new FileInputStream(keystoreFile)) {
            keystore.load(fis, passphrase);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keystore, passphrase);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keystore);
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
        } catch (Exception e) {
            System.out.println(e.getMessage());
            throw e;
        }

但是当我尝试使用它时,我从 OkHttp3 收到以下错误: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed。 这是完整的堆栈跟踪:https://pastebin.com/raw/Y3RvqRrt

【问题讨论】:

  • 通常异常堆栈跟踪更广泛并且包含更多信息。请编辑问题以包含异常的整个堆栈跟踪。
  • @PresidentJamesK.Polk 添加了堆栈跟踪 :)

标签: java ssl websocket okhttp java-websocket


【解决方案1】:

是的,你可以不安全地使用https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/

在这里查看答案Websocket Secure error: Hostname not verified

但假设您希望它安全,您将需要在客户端中定义受信任的证书。

https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java

    HandshakeCertificates certificates = new HandshakeCertificates.Builder()
        .addTrustedCertificate(letsEncryptCertificateAuthority)
        .addTrustedCertificate(entrustRootCertificateAuthority)
        .addTrustedCertificate(comodoRsaCertificationAuthority)
        // Uncomment if standard certificates are also required.
        //.addPlatformTrustedCertificates()
        .build();

    client = new OkHttpClient.Builder()
            .sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
            .build();

【讨论】:

    猜你喜欢
    • 2013-10-28
    • 2022-10-07
    • 2012-08-29
    • 1970-01-01
    • 2023-01-05
    • 2011-03-30
    • 1970-01-01
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode