堆栈内存溢出
  简体   繁体   English

是否可以在不打开套接字的情况下使用Java代码测试双向信任库是否匹配?

[英]Is it possible to test that two-way truststores match using Java code without opening a socket?

 原文  2014-02-18 09:53:44       java/ certificate/ keystore/ truststore

问题描述

Suppose I have have a scenario where I want to do a two-way Trusted connection using keystores and truststores on Java. 假设我有一种情况,我想使用Java上的密钥库和信任库进行双向信任连接。

Imagine I am using the following code: 想象一下我正在使用以下代码: 

import java.io.FileInputStream;
import java.io.PrintStream;
import java.net.ServerSocket;
import java.net.Socket;
import java.security.KeyStore;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocketFactory;

public class MainClass {
  public static void main(String args[]) throws Exception {
    SSLContext context;
    KeyManagerFactory kmf;
    KeyStore ks;
    char[] storepass = "newpass".toCharArray();
    char[] keypass = "wshr.ut".toCharArray();
    String storename = "newstore";

    context = SSLContext.getInstance("TLS");
    kmf = KeyManagerFactory.getInstance("SunX509");
    FileInputStream fin = new FileInputStream(storename);
    ks = KeyStore.getInstance("JKS");
    ks.load(fin, storepass);

    kmf.init(ks, keypass);
    context.init(kmf.getKeyManagers(), null, null);
    SSLServerSocketFactory ssf = context.getServerSocketFactory();

    ServerSocket ss = ssf.createServerSocket(5432);
    while (true) {
      Socket s = ss.accept();
      PrintStream out = new PrintStream(s.getOutputStream());
      out.println("Hi");
      out.close();
      s.close();
    }
  }
}

Now suppose this code used to work - but someone has jumbled the certs for the different servers and now we don't know which client cert (for which box) matches with server truststore. 现在假设此代码曾经可以工作-但是有人混淆了不同服务器的证书,现在我们不知道哪个客户端证书(针对哪个框)与服务器信任库匹配。

I want to validate that a Server and Client KeyStore and Truststore match using Java code without opening a socket. 我想在不打开套接字的情况下使用Java代码验证服务器和客户端密钥库以及信任库是否匹配。

My question is: Is it possible to test that two-way truststores match using Java code without opening a socket? 我的问题是: 是否可以在不打开套接字的情况下使用Java代码测试双向信任库是否匹配? Could you modify the linked Java code to achieve this? 您可以修改链接的Java代码来实现此目的吗?

Assumptions: 假设:

  • I'm looking for some code something like 我正在寻找一些类似的代码

boolean trusted = keyStore1.checkTrust(trustStore2);

1 个解决方案

解决方案1
 0 已采纳  2014-02-18 10:00:29

It is certainly possible, but only by duplicating, or nearly duplicating, all the code that is executed when you do create an SSL socket. 当然可以,但是只能通过复制或几乎复制所有创建SSL套接字时执行的代码来实现。 The point is that you aren't testing anything except your own code, when you should be testing the code that's executed by SSLSocket and friends. 关键是,当您应该测试由SSLSocket和朋友执行的代码时,除了测试自己的代码外,您什么都不会测试。 So it's pointless. 所以这毫无意义。 It's not a useful test. 这不是有用的测试。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Java 两路插座连接 - Java Two-Way Socket Connection 具有云驻留密钥库和信任库(秘密管理器)的相互认证(双向 TLS/SSL)-Spring 启动 - Mutual Authentication(Two-Way TLS/SSL) with cloud residing KeyStores and TrustStores(Secret Manager) -Spring boot android 双向绑定/w LiveData 使用 Java - android two-way binding /w LiveData using Java Java应用程序使用两个单独的信任库 - Java app to use two separate truststores 双向水平继承是否可能? - Is two-way horizontal inheritance possible? 与Salesforce双向同步(Java) - Two-way sync with salesforce (java) Java 两路参数化 class - Java two-way parameterized class 与Java线程的双向通讯 - Two-way communication with a Java thread 使用Java的双向可扩展层次结构 - Two-way extensible hierarchy with Java Java - 编程双向控制台窗口 - Java - programming a two-way console window
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM