我需要什么才能获取 SSL 套接字（SslRMIServerSocketFactory/SslRMIClientSocketFactory）？

发布于 2024-11-24 16:53:03 字数 5592 浏览 0 评论 0原文

嘿，基本上我想要 SslRMIServerSocketFactory/SslRMIClientSocketFactory 来保护我的 RMI 调用。当还需要客户端身份验证时（密钥库、证书等），获取这些信息的常用方法是什么？我需要生成/运送什么？

编辑：我现在通过服务器和客户端身份验证以及自签名证书成功地保护了与 RMI 的通信。这现在可以在我的机器上运行。我已将证书、信任库和密钥库提交到存储库，但它无法在其他计算机上运行。
有人建议迁移破坏了密钥库，但我不明白为什么？有人有想法吗？
编辑：这是完整的堆栈跟踪

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:614)  at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184) at 
sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)  at 
sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)  at 
com.uc4.webui.sla.monitoring.SLAMonitoringAccessService.<init>(SLAMonitoringAccessService.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
org.eclipse.equinox.internal.ds.model.ServiceComponent.createInstance(ServiceComponent.java:457) at 
    org.eclipse.equinox.internal.ds.model.ServiceComponentProp.createInstance(ServiceComponentProp.java:264) at 
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:325) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:588) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:196) at 
org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:441) at 
org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:213) at 
org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:800) at 
org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:767) at 
org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89)  at 
java.lang.Thread.run(Thread.java:662) Caused by: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179) at 
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:105) at 
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595
)  ... 22 more Caused by: 
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
java.security.Provider$Service.newInstance(Provider.java:1245)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:220)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:147)  at 
javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)  at 
javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)  at 
javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)  at 
javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:102) ... 23 more Caused by: 
java.io.IOException: Invalid keystore format  at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)  at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at 
java.security.KeyStore.load(KeyStore.java:1185)  at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150) at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
java.security.Provider$Service.newInstance(Provider.java:1221)  ... 30 more

我的平台是 Windows 7，

java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)

这是我用于生成的 keytool 命令：

keytool -genkeypair -keyalg RSA -validity 3650 -keystore bundlekeystore.jks
keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer
keytool -import -file standalonecertificate.cer -keystore truststore.jks

原文

Hy, basically I want to get SslRMIServerSocketFactory/SslRMIClientSocketFactory to secure my RMI calls. What is the common way to get these when client authentication is also necessary (keystores, certificates, ..)? What do I need to generate/ship?

edit: I successfully secured the communication now with RMI with server and client authentication and self-signed certificates. This works now on my machine. I submitted the certificates, truststores and keystores to the repository, but it won't work on other machines.
It was suggested that the migration broke the keystore, but I can't figure out why? Does anyone have an idea?
edit: Here is the complete stacktrace

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)

java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:614)  at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184) at 
sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322)  at 
sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)  at 
com.uc4.webui.sla.monitoring.SLAMonitoringAccessService.<init>(SLAMonitoringAccessService.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
org.eclipse.equinox.internal.ds.model.ServiceComponent.createInstance(ServiceComponent.java:457) at 
    org.eclipse.equinox.internal.ds.model.ServiceComponentProp.createInstance(ServiceComponentProp.java:264) at 
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:325) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:588) at 
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:196) at 
org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:441) at 
org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:213) at 
org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:800) at 
org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:767) at 
org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89)  at 
java.lang.Thread.run(Thread.java:662) Caused by: 
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179) at 
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:105) at 
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595
)  ... 22 more Caused by: 
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)  at 
java.security.Provider$Service.newInstance(Provider.java:1245)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:220)  at 
sun.security.jca.GetInstance.getInstance(GetInstance.java:147)  at 
javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)  at 
javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)  at 
javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)  at 
javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:192) at 
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:102) ... 23 more Caused by: 
java.io.IOException: Invalid keystore format  at 
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)  at 
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at 
java.security.KeyStore.load(KeyStore.java:1185)  at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150) at 
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40) at 
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)  at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at 
java.lang.reflect.Constructor.newInstance(Constructor.java:513)  at 
java.lang.Class.newInstance0(Class.java:355)  at java.lang.Class.newInstance(Class.java:308)  at 
java.security.Provider$Service.newInstance(Provider.java:1221)  ... 30 more

My platform is Windows 7 and

java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)

Here are the keytool command which I used for the generation:

keytool -genkeypair -keyalg RSA -validity 3650 -keystore bundlekeystore.jks
keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer
keytool -import -file standalonecertificate.cer -keystore truststore.jks

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

初熏 2024-12-01 16:53:03

您需要使用每个类的实例导出远程对象，并根据您对启用的协议和密码套件（如果有）的特殊要求进行适当配置。
您的服务器在其密钥库中需要私钥和签名证书。
如果它是自签名证书，则需要从那里导出并导入到客户端的信任库中。
您的客户端在其密钥库中需要私钥和签名证书。
如果它是自签名证书，则需要从那里导出并导入到服务器的信任库中。
如果证书是由公认的 CA 签署的，您可以省略涉及信任库的部分。
如果您的客户端对协议或密码套件有任何特殊要求，则需要设置 SslRMIClientSocketFactory。
如果您还想要一个安全的注册表，则必须采取几个额外的步骤，如果您要求的话，我将在此处发布这些步骤，但如果您查看采用套接字工厂参数的 LocateRegistry.createRegistry()/getRegistry() 重载，它们是相当明显的。