使用 SSL java 密钥存储问题进行自动测试
我正在尝试使用 Play 插件设置 Jenkins CI,该插件使用 play 自动测试来运行应用程序。
问题是我也有 SSL 作为要求,但 firephoque java 测试浏览器没有正确的密钥/证书可供使用。
我最初使用 OpenSSL 创建了一个密钥/证书对,但现在需要弄清楚如何将这些密钥导入到全局默认 Java 密钥存储中(大概在 $HOME/.keystore 中)。
我以不同的顺序尝试了这些资源,但无济于事:
我开始的原始播放谷歌小组线程: http://bit .ly/yZBezu
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
http://www.agentbob.info/agentbob/79-AB.html
http://docs.oracle.com/javase/1.3/docs/tooldocs /win32/keytool.html
当 play 运行程序从 application.conf 中的条目获取密钥库位置时,我能够通过 SSL 运行应用程序,但是当自动测试运行 firephoque 浏览器时,我得到:
The application does not start. There are errors:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
会喜欢为了找到一种简洁的方法来做到这一点,我的大脑充满了 DER 和 PEM 以及 keytool 的乐趣,现在我无法正常思考。
最终目标是一个自签名证书,它将在播放自动测试以及运行应用程序的任何其他方式下进行验证。
我的 application.conf 文件具有以下不同的组合:
# SSL - localhost default
# original way worked fine before auto-test came into play (so to speak :))
# certificate.key.file=conf/play_host.key
# certificate.file=conf/play_host.crt
# Keystore
ssl.KeyManagerFactory.algorithm=SunX509
trustmanager.algorithm=JKS
keystore.password=passw0rd
keystore.file=conf/keystore.jks
https.port=9443
更新 conf/keystore.jks 的输出:
# keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
localhost, Jan 31, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): 36:EF:63:4E:53:23:18:22:13:8C:2C:DB:F1:72:2C:93
但是在自动测试中运行的浏览器无法访问此文件,它是 firephoque,这是一个查看默认密钥库的 java 应用程序 - 做了更多挖掘并开始查看
/Library/Java/Home/lib/security/
符号链接到
/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security
查找任何应用程序都能够找到密钥库的位置。但是,如果我将另一个密钥库放在上面的 security 文件夹中,我仍然会得到相同的结果。
更新2:也尝试过
play auto-test -Xmx1g -Djavax.net.ssl.trustStore=/path/to/keystore.jks
但我不确定我'我做得对。如何启动播放自动测试以在显式位置查找密钥库?
I am trying to set up Jenkins CI with the Play plugin, which uses play auto-test to run the app.
The problem is I've also got SSL as a requirement, but the firephoque java test browser doesn't have the proper key/cert to use.
I originally created a key/cert pair with OpenSSL, but now need to figure out how to import those keys into the global default Java Key Store (presumably in $HOME/.keystore).
I've tried these resources in varying order to no avail:
The original play google group thread that I started with: http://bit.ly/yZBezu
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
http://www.agentbob.info/agentbob/79-AB.html
http://docs.oracle.com/javase/1.3/docs/tooldocs/win32/keytool.html
I am able to run the app over SSL when the play runner picks up the keystore location from an entry in application.conf, but when auto-test runs the firephoque browser I get:
The application does not start. There are errors:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
Would love to be pointed in the direction of a concise way to do this, my brain is fried with visions of DER and PEM and keytool fun right now I can't think straight.
End goal is a self-signed certificate that will validate under play auto-test, as well as any other ways of running the app.
My application.conf file has had varying combinations of the following:
# SSL - localhost default
# original way worked fine before auto-test came into play (so to speak :))
# certificate.key.file=conf/play_host.key
# certificate.file=conf/play_host.crt
# Keystore
ssl.KeyManagerFactory.algorithm=SunX509
trustmanager.algorithm=JKS
keystore.password=passw0rd
keystore.file=conf/keystore.jks
https.port=9443
UPDATE
The output of conf/keystore.jks:
# keytool -list -keystore keystore.jks
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
localhost, Jan 31, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): 36:EF:63:4E:53:23:18:22:13:8C:2C:DB:F1:72:2C:93
But this file is not accessed by the browser that runs inside the auto-test, it's firephoque, which is a java app that looks through the default keystore - did some more digging and started to look in
/Library/Java/Home/lib/security/
which symlinks to
/System/Library/Java/Support/CoreDeploy.bundle/Contents/Home/lib/security
to find a location where any app would be able to find a keystore. But I still get the same result if I put another keystore in the security folder above.
UPDATE 2: also tried
play auto-test -Xmx1g -Djavax.net.ssl.trustStore=/path/to/keystore.jks
but I'm not sure I'm doing it right. How can I get the launch of play auto-test to look for the keystore in an explicit place?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
虽然不太优雅,但随着 1.2.5 版本的推出,修补 1.2.4 来使其正常工作并不是什么大问题。
谢谢
到德尔托尼。
Not elegant but with play 1.2.5 on the horizon it's not a big deal to patch 1.2.4 to get this working.
https://github.com/playframework/play/commit/52f3c165cba1ea62e91a6c26ed62979b90da99c
Thanks to dertoni.
假设您按照以下链接中的步骤操作,您的密钥库应该具有正确的信息。
http://www .sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
您知道您的应用程序是否正在获取密钥库吗?
您可以指定密钥库文件位置的完整路径(即 keystore.file=/home/some_user/conf/keystore.jks)吗?
另外,您可以发送密钥库的输出吗?
Assuming you followed the steps from the following link, your keystore should have the correct information.
http://www.sslshopper.com/article-how-to-create-a-self-signed-certificate-using-java-keytool.html
Do you know if your app is picking up the keystore ?
Can you specify the full path to the keystore file location (ie keystore.file=/home/some_user/conf/keystore.jks) ?
Also, can you send the output of the keystore ?