[英]Possible to create Secure Websocket in Java for localhost only?
是否可以创建一个 Java SSL Websocket,以便同行可以使用wss://127.0.0.1
连接?
我当前的实现是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory
:
WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
// Make it secure
char[] passphrase = tempPassword.toCharArray();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(keystoreFile)) {
keystore.load(fis, passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
throw e;
}
但是当我尝试使用它时,我从 OkHttp3 收到以下错误: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed
。 这是完整的堆栈跟踪: https://pastebin.com/raw/Y3RvqRrt
在此处查看答案Websocket 安全错误:未验证主机名
但是假设您希望它安全,您将需要在客户端中定义受信任的证书。
HandshakeCertificates certificates = new HandshakeCertificates.Builder()
.addTrustedCertificate(letsEncryptCertificateAuthority)
.addTrustedCertificate(entrustRootCertificateAuthority)
.addTrustedCertificate(comodoRsaCertificationAuthority)
// Uncomment if standard certificates are also required.
//.addPlatformTrustedCertificates()
.build();
client = new OkHttpClient.Builder()
.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
.build();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.