Java - 独立 SSL Web 服务 - JAX-WS、JRE、无 Web 服务器
Java - Standalone SSL Web Service - JAX-WS, JRE, no web server
我使用 wsgen 开发了一个简单的 Web 服务,它在 http(非 SSL)下运行良好。我现在需要让它在 https (SSL) 下工作。我遵循位于 here 的代码。所以 SSL 进程现在运行...我是 运行 作为 Eclipse 中的 Java 应用程序。但是,当我尝试访问它时,我得到 "Secure Connection Failed" - "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified".
也就是说,我是 SSL 的中间人,所以我可能在这里做错了什么。我使用 Keystore Explorer 工具执行了以下操作:
- 创建了一个新的 JKS 密钥库。
- 生成了一个新的密钥对
- 将密钥对导出为 *.pk12 文件。
- 打开我的浏览器并导入 *.pk12。我尝试了 *.cer,但浏览器不会接受未签名的证书。
所以 *.jks 直接在 Java 代码中打开并且有效,我在 Eclipse 中使用调试进行了验证。 SSL 服务启动正常,但我仍然在浏览器中遇到相同的错误...另一个困难是我似乎无法找到任何类型 exception/error 的日志文件,甚至无法开始跟踪问题。我不认为这是一个 Java 问题...我认为这是一个 SSL 问题,但我不知道从哪里开始。
如有任何帮助,我们将不胜感激!
public static void main(String[] args) throws Exception {
Endpoint endpoint = Endpoint.create(new RapidCommandService());
SSLContext ssl = SSLContext.getInstance("SSLv3");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
getLog().debug ( SHORT_NAME + ".main() - Java User Directory..........................[" + System.getProperty ( "user.dir" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Home Directory..........................[" + System.getProperty ( "java.home" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Version.................................[" + System.getProperty ( "java.version" ) + "]" );
//Load the JKS file (located, in this case, at D:\keystore.jks, with password 'test'
store.load(new FileInputStream("C:\usr\apps\java\jre-170-65\lib\security\rapid-command-service.jks"), "changeit".toCharArray());
//init the key store, along with the password 'test'
kmf.init(store, "changeit".toCharArray());
KeyManager[] keyManagers = new KeyManager[1];
keyManagers = kmf.getKeyManagers();
//Init the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
//It will reference the same key store as the key managers
tmf.init(store);
TrustManager[] trustManagers = tmf.getTrustManagers();
ssl.init(keyManagers, trustManagers, new SecureRandom());
getLog().debug ( SHORT_NAME + ".main() - Java SSL Truststore..........................[" + System.getProperty ( "javax.net.ssl.trustStore" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java SSL Keystore............................[" + System.getProperty ( "javax.net.ssl.keyStore" ) + "]" );
//Init a configuration with our SSL context
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
System.setProperty("javax.net.debug", "ssl");
//Create a server on localhost, port 443 (https port)
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 443), 443);
httpsServer.setHttpsConfigurator(configurator);
//Create a context so our service will be available under this context
HttpContext context = httpsServer.createContext("/rapidCommandService");
httpsServer.start();
//Finally, use the created context to publish the service
endpoint.publish(context);
}
尝试
SSLContext ssl = SSLContext.getInstance("TLSv1.2");
众所周知,SSLv3 现在容易受到攻击,您的浏览器可能不会接受这样配置的服务器。
另一个选项尝试 curl 和 -k 选项连接到服务器。
我使用 wsgen 开发了一个简单的 Web 服务,它在 http(非 SSL)下运行良好。我现在需要让它在 https (SSL) 下工作。我遵循位于 here 的代码。所以 SSL 进程现在运行...我是 运行 作为 Eclipse 中的 Java 应用程序。但是,当我尝试访问它时,我得到 "Secure Connection Failed" - "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified".
也就是说,我是 SSL 的中间人,所以我可能在这里做错了什么。我使用 Keystore Explorer 工具执行了以下操作: - 创建了一个新的 JKS 密钥库。 - 生成了一个新的密钥对 - 将密钥对导出为 *.pk12 文件。 - 打开我的浏览器并导入 *.pk12。我尝试了 *.cer,但浏览器不会接受未签名的证书。
所以 *.jks 直接在 Java 代码中打开并且有效,我在 Eclipse 中使用调试进行了验证。 SSL 服务启动正常,但我仍然在浏览器中遇到相同的错误...另一个困难是我似乎无法找到任何类型 exception/error 的日志文件,甚至无法开始跟踪问题。我不认为这是一个 Java 问题...我认为这是一个 SSL 问题,但我不知道从哪里开始。
如有任何帮助,我们将不胜感激!
public static void main(String[] args) throws Exception {
Endpoint endpoint = Endpoint.create(new RapidCommandService());
SSLContext ssl = SSLContext.getInstance("SSLv3");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
getLog().debug ( SHORT_NAME + ".main() - Java User Directory..........................[" + System.getProperty ( "user.dir" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Home Directory..........................[" + System.getProperty ( "java.home" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java Version.................................[" + System.getProperty ( "java.version" ) + "]" );
//Load the JKS file (located, in this case, at D:\keystore.jks, with password 'test'
store.load(new FileInputStream("C:\usr\apps\java\jre-170-65\lib\security\rapid-command-service.jks"), "changeit".toCharArray());
//init the key store, along with the password 'test'
kmf.init(store, "changeit".toCharArray());
KeyManager[] keyManagers = new KeyManager[1];
keyManagers = kmf.getKeyManagers();
//Init the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
//It will reference the same key store as the key managers
tmf.init(store);
TrustManager[] trustManagers = tmf.getTrustManagers();
ssl.init(keyManagers, trustManagers, new SecureRandom());
getLog().debug ( SHORT_NAME + ".main() - Java SSL Truststore..........................[" + System.getProperty ( "javax.net.ssl.trustStore" ) + "]" );
getLog().debug ( SHORT_NAME + ".main() - Java SSL Keystore............................[" + System.getProperty ( "javax.net.ssl.keyStore" ) + "]" );
//Init a configuration with our SSL context
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
System.setProperty("javax.net.debug", "ssl");
//Create a server on localhost, port 443 (https port)
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 443), 443);
httpsServer.setHttpsConfigurator(configurator);
//Create a context so our service will be available under this context
HttpContext context = httpsServer.createContext("/rapidCommandService");
httpsServer.start();
//Finally, use the created context to publish the service
endpoint.publish(context);
}
尝试
SSLContext ssl = SSLContext.getInstance("TLSv1.2");
众所周知,SSLv3 现在容易受到攻击,您的浏览器可能不会接受这样配置的服务器。
另一个选项尝试 curl 和 -k 选项连接到服务器。