[英]How to establish a one way SSL connection to mail.google.com?
I am trying to establish a one way SSL connection to mail.google.com through java. 我正在尝试通过java与mail.google.com建立单向SSL连接。 I supposed mail.google.com is the same as gmail, so I created a certificate for gmail.com using the instructions provided here . 我认为mail.google.com与gmail相同,因此我使用此处提供的说明为gmail.com创建了证书。
I created the cert as follows - 我创建了如下证书:
$ openssl s_client -connect smtp.gmail.com:465
Then I copied the 然后我复制了
-----BEGIN CERTIFICATE-----
...
...
-----END CERTIFICATE-----
section into a file called "gmail.cert". 部分放入名为“ gmail.cert”的文件中。
After that, I created my own keystore using the following command, setting the password to "password" - 之后,我使用以下命令创建了自己的密钥库,并将密码设置为“密码”-
$ keytool -import -alias smtp.gmail.com -keystore simpleKS.jks -file gmail.cert
I used the Java code provided at this link, with minor modifications: 我使用了此链接提供的Java代码,并进行了一些小的修改:
System.setProperty("javax.net.ssl.trustStore", "simpleKS.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
//connect to google
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
SSLSocket sslSock = (SSLSocket) factory.createSocket("mail.google.com",443);
System.out.println("Sending request...");
//send HTTP get request
BufferedWriter wr = new BufferedWriter(new OutputStreamWriter(sslSock.getOutputStream(), "UTF8"));
wr.write("GET /mail HTTP/1.1\r\nhost: mail.google.com\r\n\r\n");
wr.flush();
System.out.println("Reading response...");
// read response
BufferedReader rd = new BufferedReader(new InputStreamReader(sslSock.getInputStream()));
String string = null;
while ((string = rd.readLine()) != null) {
System.out.println(string);
System.out.flush();
}
rd.close();
wr.close();
// Close connection.
sslSock.close();
The class file and the keystore (and all other files) are in the same directory, so I am pretty sure it is not an issue with finding the actual keystore file. 类文件和密钥库(以及所有其他文件)在同一目录中,因此我很确定查找实际的密钥库文件不是问题。
However, when I execute this code, I get 但是,当我执行此代码时,我得到
Sending request...
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
What am I doing wrong? 我究竟做错了什么?
Guess this is because the certs differ a bit for each protocol used see . 猜猜这是因为每种使用的协议的证书有所不同, 请参阅 。 So you might have to play arround with openssl to convert the cert to be used for another protocol. 因此,您可能必须与openssl一起玩才能将证书转换为用于其他协议。
Your error message states the same, it doesn't find a cert for mail.google.com since you only provided one for smtp.gmail.com. 您的错误消息表示相同,因为您仅为smtp.gmail.com提供了证书,所以找不到mail.google.com的证书。
(disclaimer i'm no ssl guru, just trying to point in a hopefully right direction) (免责声明我不是ssl专家,只是试图指出希望正确的方向)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.