如何将.crt文件添加到密钥库和信任库

Question

我有一个.crt文件，我想使用java导入到密钥库和信任库（首先创建密钥库和信任库然后导入）。

以下是我使用的代码：

import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslContextConfigurator;
import org.glassfish.tyrus.client.SslEngineConfigurator;

@ClientEndpoint
public class test {

    private static CountDownLatch latch;

    private Logger logger = Logger.getLogger(this.getClass().getName());

    @OnOpen
    public void onOpen(Session session) {
        logger.info("Connected ... " + session.getId());
        try {
            session.getBasicRemote().sendText("start");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnMessage
    public String onMessage(String message, Session session) {
        BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
        try {
            logger.info("Received ...." + message);
            String userInput = bufferRead.readLine();
            return userInput;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnClose
    public void onClose(Session session, CloseReason closeReason) {
        logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
    }

    public static void main(String[] args) {
        latch = new CountDownLatch(1);
        ClientManager client = ClientManager.createClient();

        try {
            client.connectToServer(test.class, new URI("wss://x.x.x.x:8085"));
            latch.await();

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

}

我正在使用tyrus websocket客户端，所以我需要添加以下属性：

    final ClientManager client = ClientManager.createClient();
    System.getProperties().put("javax.net.debug", "all");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
    final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();

    defaultConfig.retrieve(System.getProperties());
        // or setup SSLContextConfigurator using its API.

    SSLEngineConfigurator sslEngineConfigurator =
        new SSLEngineConfigurator(defaultConfig, true, false, false);
    client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
        sslEngineConfigurator);
    client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
        new URI("wss://localhost:8181/sample-echo/echo"));
    }

那么，我如何创建密钥库和信任库并将.crt导入其中。

Answer 1

我通过直接将.crt文件导入java密钥库来解决了上述问题：

用于导入java密钥库

keytool -trustcacerts -keystore "/jdk/jre/lib/security/cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"

通过使用上面的命令，服务器证书将被验证并且将获得连接但是如果要创建新的密钥库并将.crt导入到它意味着使用以下命令它将创建类型为.jks的密钥库。

用于创建密钥库并导入.crt

keytool -import -alias testalias -file test.crt -keypass keypass -keystore test.jks -storepass test@123

这里

keystore password : test@123
keypass : keypass

由于某些代码将验证，如果您使用wss / https，它将要求密钥库/信任库配置，那么您可以使用步骤2中提到的上述配置（创建密钥库并导入.crt）。 否则step1（导入到java密钥库）就足够了。