是否可以仅在 Java 中为本地主机创建安全 Websocket?
[英]Possible to create Secure Websocket in Java for localhost only?
问题描述
Is it possible to create a Java SSL Websocket, so peers can connect using wss://127.0.0.1 ?
是否可以创建一个 Java SSL Websocket,以便同行可以使用wss://127.0.0.1连接?
My current implementation is using org.java_websocket.server.DefaultSSLWebSocketServerFactory :我当前的实现是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory :
WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
// Make it secure
char[] passphrase = tempPassword.toCharArray();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(keystoreFile)) {
keystore.load(fis, passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
throw e;
}
But when I try to use this, I get the following error from OkHttp3: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed .但是当我尝试使用它时,我从 OkHttp3 收到以下错误: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed 。 This is the full stack-trace: https://pastebin.com/raw/Y3RvqRrt这是完整的堆栈跟踪: https://pastebin.com/raw/Y3RvqRrt
1 个解决方案
解决方案1
0 2022-01-26 19:40:14
Yes, insecurely you can use https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/是的,您可以不安全地使用https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/
See the answer here Websocket Secure error: Hostname not verified在此处查看答案Websocket 安全错误:未验证主机名
But assuming you want it securely, you will need to define the trusted certificates in the client.但是假设您希望它安全,您将需要在客户端中定义受信任的证书。
https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java
HandshakeCertificates certificates = new HandshakeCertificates.Builder()
.addTrustedCertificate(letsEncryptCertificateAuthority)
.addTrustedCertificate(entrustRootCertificateAuthority)
.addTrustedCertificate(comodoRsaCertificationAuthority)
// Uncomment if standard certificates are also required.
//.addPlatformTrustedCertificates()
.build();
client = new OkHttpClient.Builder()
.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
.build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.