[英]Possible to create Secure Websocket in Java for localhost only?
Is it possible to create a Java SSL Websocket, so peers can connect using wss://127.0.0.1
?是否可以创建一个 Java SSL Websocket,以便同行可以使用wss://127.0.0.1
连接?
My current implementation is using org.java_websocket.server.DefaultSSLWebSocketServerFactory
:我当前的实现是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory
:
WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
// Make it secure
char[] passphrase = tempPassword.toCharArray();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(keystoreFile)) {
keystore.load(fis, passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
throw e;
}
But when I try to use this, I get the following error from OkHttp3: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed
.但是当我尝试使用它时,我从 OkHttp3 收到以下错误: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed
。 This is the full stack-trace: https://pastebin.com/raw/Y3RvqRrt这是完整的堆栈跟踪: https://pastebin.com/raw/Y3RvqRrt
Yes, insecurely you can use https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/是的,您可以不安全地使用https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/
See the answer here Websocket Secure error: Hostname not verified在此处查看答案Websocket 安全错误:未验证主机名
But assuming you want it securely, you will need to define the trusted certificates in the client.但是假设您希望它安全,您将需要在客户端中定义受信任的证书。
https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java
HandshakeCertificates certificates = new HandshakeCertificates.Builder()
.addTrustedCertificate(letsEncryptCertificateAuthority)
.addTrustedCertificate(entrustRootCertificateAuthority)
.addTrustedCertificate(comodoRsaCertificationAuthority)
// Uncomment if standard certificates are also required.
//.addPlatformTrustedCertificates()
.build();
client = new OkHttpClient.Builder()
.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
.build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.