Java8安全WebSocket握手问题(Tyrus和Jetty)
[英]Java8 Secure WebSocket Handshake Problems (Tyrus and Jetty)
问题描述
I'm attempting to implement a WebSocket Client in an application that supports secure transmissions through SSL. 
我正在尝试在支持通过SSL进行安全传输的应用程序中实现WebSocket客户端。 The application already supports standard SSL connections over HTTP, by implementing custom Key and Trust managers (these custom implementations are in place to prompt the user for a certificate when needed). 该应用程序已经通过实现自定义密钥和信任管理器(通过这些自定义实现来在需要时提示用户输入证书)来支持基于HTTP的标准SSL连接。
I'm having trouble getting a secure connection to our remote WebSocket endpoint. 我无法获得到远程WebSocket端点的安全连接。 The failure is occurring during the handshake. 故障发生在握手期间。 I've tried two different implementations of the WebSocket API (both Tyrus and Jetty), and both fail in the same way, which, of course, leads me to point to our SSL implementation. 我尝试了WebSocket API的两种不同实现(Tyrus和Jetty),但都以相同的方式失败,这当然使我指向了SSL实现。
As I mentioned, the failure is occurring during the handshake. 正如我提到的,失败是在握手期间发生的。 It seems that the connection cannot figure out that there are client certificates that are signed by the supported authorities returned from the server. 似乎该连接无法确定是否有从服务器返回的受支持的权威机构签名的客户端证书。 I'm stumped to figure out if I haven't supplied the client certificates to the WebSocket API correctly, or if our custom Key/Trust managers are even getting used. 我很想知道我是否没有正确地向WebSocket API提供客户端证书,或者我们的自定义键/信任管理器是否正在使用。
Here's a dump of the SSL Debug logs: 这是SSL调试日志的转储:
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
(list of about 15 cert authorities supported by the server)
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** CertificateChain
<empty>
***
I've set breakpoints in our TrustManager implementation, to determine if they are ever getting called, and it seems that they are not being called at this point. 我已经在TrustManager的实现中设置了断点,以确定是否曾经调用过这些断点,并且似乎此时尚未调用它们。
I've been attempting to debug this for a few days now, and am running out of things to try. 我已经尝试调试了几天,但已经用尽了很多东西。
Any suggestions would be greatly appreciated! 任何建议将不胜感激!
Here's a snippet of the Jetty Code: 这是码头代码的片段:
SSLContext context = SSLContext.getInstance("TLS");
// getKeyManagers / getTrustManagers retrieves an
// array containing the custom key and trust manager
// instances:
KeyManager[] km = getKeyManagers();
TrustManager[] tm = getTrustManagers();
context.init(km, tm, null);
SslContextFactory contextFactory = new SslContextFactory();
contextFactory.setContext(context);
WebSocketClient client = new WebSocketClient(contextFactory);
SimpleEchoClient echoClient = new SimpleEchoClient();
try {
client.start();
ClientUpgradeRequest request = new ClientUpgradeRequest();
Future<Session> connection = client.connect(echoClient, uri, request);
Session session = connection.get();
// if everything works, do stuff here
session.close();
client.destroy();
} catch (Exception e) {
LOG.error(e);
}
1 个解决方案
解决方案1
0 2017-06-27 16:28:38
can you try with rejectUnAuthorized:false so that your certificates for which your browser is unable to authorize will skip the authorization. 您可以尝试使用rejectUnAuthorized:false来使您的浏览器无法授权的证书将跳过授权。
var ws = new WebSocket('wss://localhost:xxxx', {
protocolVersion: 8,
origin: 'https://localhost:xxxx',
rejectUnauthorized: false
});
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.