使用 JacORB (Java/CORBA) 和 SSL 时出现客户端策略错误
我尝试将 SSL 添加到现有 CORBA 应用程序,但不断收到此错误:
org.omg.CORBA.NO_PERMISSION: Client-side policy requires SSL/TLS, but server doesn't support it vmcid: 0x0 minor code: 0 completed: No
at org.jacorb.orb.iiop.ClientIIOPConnection.checkSSL(ClientIIOPConnection.java:535)
at org.jacorb.orb.iiop.ClientIIOPConnection.connect(ClientIIOPConnection.java:144)
at org.jacorb.orb.giop.GIOPConnection.sendMessage(GIOPConnection.java:835)
at org.jacorb.orb.giop.GIOPConnection.sendRequest(GIOPConnection.java:805)
at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:302)
at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:282)
at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:919)
at org.jacorb.orb.Delegate.invoke(Delegate.java:868)
at org.jacorb.orb.Delegate.is_a(Delegate.java:1268)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at databridge.autogen.ILoginManagerHelper.narrow(ILoginManagerHelper.java:57)
at databridge.test.Client.main(Client.java:59)
我已经为客户端和服务器生成了密钥库,并在两者之间交换了密钥。使用此设置,我可以成功运行 JacORB 下载中的演示应用程序。我能看出的唯一区别是我的测试是使用 Tie 方法来获取 POA。有一些政策涉及到这一点,但我找不到任何有关启用 SSL 所需的政策(如果有)的信息。我什至不确定这就是问题所在,因为 JacORB 演示没有在服务器或 poa 上设置任何策略。当我运行 -Djavax.net.debug=ssl 时,我可以看到密钥库在客户端和服务器上加载受信任的证书。我只是不确定这里引用了什么策略,但奇怪的是演示有效并且测试没有使用完全相同的密钥库和属性。
我已经通过电子邮件发送了邮件列表,但我没有抱太大希望,因为这似乎不太活跃。任何帮助将不胜感激。以下是我的属性文件。
服务器道具:
jacorb.security.support_ssl=on jacorb.security.ssl.server.supported_options=60 jacorb.security.ssl.server.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory jacorb.security.keystore=dbserver.jks jacorb.security.keystore_password=dbsslserver_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName
客户道具
jacorb.security.support_ssl=on jacorb.security.ssl.client.supported_options=60 jacorb.security.ssl.client.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.security.keystore=dbclient.jks jacorb.security.keystore_password=dbsslclient_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName
I'm trying to add SSL to an existing CORBA app, and I keep getting this error:
org.omg.CORBA.NO_PERMISSION: Client-side policy requires SSL/TLS, but server doesn't support it vmcid: 0x0 minor code: 0 completed: No
at org.jacorb.orb.iiop.ClientIIOPConnection.checkSSL(ClientIIOPConnection.java:535)
at org.jacorb.orb.iiop.ClientIIOPConnection.connect(ClientIIOPConnection.java:144)
at org.jacorb.orb.giop.GIOPConnection.sendMessage(GIOPConnection.java:835)
at org.jacorb.orb.giop.GIOPConnection.sendRequest(GIOPConnection.java:805)
at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:302)
at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:282)
at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:919)
at org.jacorb.orb.Delegate.invoke(Delegate.java:868)
at org.jacorb.orb.Delegate.is_a(Delegate.java:1268)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at databridge.autogen.ILoginManagerHelper.narrow(ILoginManagerHelper.java:57)
at databridge.test.Client.main(Client.java:59)
I have generated keystores for both client and server and exchanged the keys between the two. Using this setup, I can get the demo application that came in the JacORB download to run successfully. The only difference I can tell is that my test is using the Tie method to get the POA. There are some policies that go into that, but I can't find any information on what policies need to go in there to enable SSL, if any. I'm not even sure that's the problem as the JacORB demo doesn't set any policies on the server or poa. When I run the -Djavax.net.debug=ssl, I can see the keystores load up the trusted certs on both the client and the server. I'm just not sure what policies are being referred to here, but it's odd that the demo works and the test doesn't using the exact same keystores and properties.
I've emailed the mailing list, but I'm not holding out much hope as that doesn't seem to be very active. Any help would be greatly appreciated. Below are my properties files.
Server Props:
jacorb.security.support_ssl=on jacorb.security.ssl.server.supported_options=60 jacorb.security.ssl.server.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory jacorb.security.keystore=dbserver.jks jacorb.security.keystore_password=dbsslserver_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName
client props
jacorb.security.support_ssl=on jacorb.security.ssl.client.supported_options=60 jacorb.security.ssl.client.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.security.keystore=dbclient.jks jacorb.security.keystore_password=dbsslclient_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
好吧,没关系,抱歉。我试图连接到错误的端口。必须使用 OASSLPort 属性。
OK nevermind, sorry. I was trying to connect to the wrong port. Had to use the OASSLPort property.