具有自簽名證書錯誤的SSL連接(C#套接字連接到Java Server套接字)
[英]SSL Connection with self-signed certificate error (C# Socket connect to Java Server Socket)
問題描述
起初...該程序只有4個功能,永遠不會發布。 它僅用於測試Socket,因此不必關心此連接的安全性。 我編寫了一個小信使,您可以在其中在文本框中輸入消息,該消息將被發送到服務器,並從服務器發送到所有客戶端。 到現在為止還挺好。 只是為了好玩,我想為此連接使用SSL。 但是,當我嘗試連接到服務器套接字時,它將在ValidateServerCertificate處返回RemoteCertificateNameMismatch。 添加一些調試消息后,我發現Sslstream.LocalCertificate為空。 我該如何解決丟失的證書? 我正在使用自簽名證書。
請幫忙,這是我的代碼...是的...對不起,我的英語不好:/:
C#客戶端
[...]
public bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
//sslPolicyErrors returns RemoteCertificateNameMismatch
return true; //Code shortened
}
public X509CertificateCollection getCertificates()
{
X509CertificateCollection cCollection = new X509CertificateCollection();
cCollection.Add(getCertificate());
return cCollection;
}
private X509Certificate getCertificate()
{
string Certificate = "D:/Wlad/Programmierung/Zertifikat/CA/CertificateAuthority.crt";
string ClientCertificatePassword = "...";
return new X509Certificate(Certificate, ClientCertificatePassword);
}
public X509Certificate SelectLocalCertificate(
object sender,
string targetHost,
X509CertificateCollection localCertificates,
X509Certificate remoteCertificate,
string[] acceptableIssuers)
{
foreach(X509Certificate cer in localCertificates) {
return cer;
}
return getCertificate();
}
public void connect(String username)
{
XMLConfigManager xml = XMLConfigManager.getInstance();
String ip = xml.get("ip");
tc = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); ;
tc.Connect(ip, int.Parse(xml.get("port")));
networdstream = new NetworkStream(tc);
using(sslstream = new SslStream(networdstream, false, new RemoteCertificateValidationCallback(ValidateServerCertificate), new LocalCertificateSelectionCallback(SelectLocalCertificate)))
{
sslstream.AuthenticateAsClient(ip, getCertificates(), SslProtocols.Default, true);
}
sendMessage(username);
t = new Thread(new ThreadStart(checkInput));
t.Start();
tm.addThread(t);
th = new Thread(new ThreadStart(userTimer));
th.Start();
tm.addThread(th);
}
public void disconnect()
{
if(sslstream != null) {
sslstream.Close();
}
if(tc != null) {
tc.Close();
}
}
[...]
static byte[] GetBytes(string str)
{
byte[] bytes = new byte[str.Length * sizeof(char)];
System.Buffer.BlockCopy(str.ToCharArray(), 0, bytes, 0, bytes.Length);
return bytes;
}
public void sendMessage(String s)
{
try
{
if ((s != null) && (s.Length > 0))
{
try
{
sslstream.Write(GetBytes(s));
}
catch (Exception)
{
}
}
}
catch (Exception ex)
{
endError(ex);
return;
}
}
public void userTimer()
{
Thread.Sleep(2000);
sendCommand("usercount");
th = new Thread(new ThreadStart(userTimer));
th.Start();
tm.addThread(th);
}
[...]
static String ReadMessage(SslStream sslStream)
{
byte[] buffer = new byte[2048];
StringBuilder messageData = new StringBuilder();
int bytes = -1;
do
{
bytes = sslStream.Read(buffer, 0, buffer.Length);
// Use Decoder class to convert from bytes to UTF8
// in case a character spans two buffers.
Decoder decoder = Encoding.UTF8.GetDecoder();
char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)];
decoder.GetChars(buffer, 0, bytes, chars, 0);
messageData.Append(chars);
} while (bytes != 0);
return messageData.ToString();
}
public void checkInput()
{
try
{
Form2 f2 = f1.f;
if(!isConnected()) {
t.Abort();
return;
}
String s = ReadMessage(sslstream);
if(s == null) {
t.Abort();
return;
}
CommandHandler ch = new CommandHandler();
Boolean handle = ch.handle(s, f1.f);
if (!handle) {
if (s == "Der Benutzername ist schon vergeben.")
{
endDuplicatename();
return;
}
f2.Invoke(new Action(() => f2.chat.Items.Add(s)));
f2.Invoke(new Action(() => f2.select_newest()));
}
}
finally
{
t = new Thread(new ThreadStart(checkInput));
t.Start();
tm.addThread(t);
}
}
Java服務器套接字
package de.wladhd.server;
import java.net.Socket;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;
import de.wladhd.client.Client;
import de.wladhd.client.ClientManager;
import de.wladhd.logs.Log;
import de.wladhd.logs.LogType;
public class DateServer {
private SSLServerSocket server;
private boolean running = true;
private String keyStore = "D:/Wlad/Programmierung/Zertifikat/CA/CertificateAuthority.pfx";
private String keyStorePassword = "...";
private String keyStoreType = "PKCS12";
private String trustStore = "D:/Wlad/Programmierung/Zertifikat/CA/CertificateAuthority.pfx";
private String trustStorePassword = "...";
private String trustStoreType = "PKCS12";
public void execute() throws Exception {
//System.setProperty("javax.net.debug","all");
System.setProperty("javax.net.ssl.keyStoreType", keyStoreType);
System.setProperty("javax.net.ssl.keyStore", keyStore);
System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
System.setProperty("javax.net.ssl.trustStoreType", trustStoreType);
System.setProperty("javax.net.ssl.trustStore", trustStore);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
//System.setProperty("javax.net.ssl.trustStore", "de.wladhd.server.Trusting");
SSLServerSocketFactory serverFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
if(serverFactory == null) {
new Log("Error occured... Server Factory == null!", LogType.ERROR);
return;
}
server = (SSLServerSocket) serverFactory.createServerSocket(9090);
running = true;
new Log("Server now running on query: " + server.getInetAddress().getHostAddress() + ":" + server.getLocalPort(), LogType.INFO);
while (running) {
try {
if(server.isClosed()) {
return;
}
new Log("Client connecting...", LogType.DEBUG);
final Socket rawsocket = server.accept();
if(!(rawsocket instanceof SSLSocket)) {
new Log("Client isnt an instance of SSLSocket!", LogType.DEBUG);
return;
}
final SSLSocket socket = (SSLSocket) rawsocket;
try {
socket.startHandshake();
} catch (Exception ex) {
}
new Log("Client - Connected: " + socket.isConnected(), LogType.DEBUG);
new Log("Client - Protocol: " + socket.getSession().getProtocol(), LogType.DEBUG);
new Log("Client - Session valid: " + socket.getSession().isValid(), LogType.DEBUG);
new Log("Client - CipherSuite: " + socket.getSession().getCipherSuite(), LogType.DEBUG);
new Log("Client - NeedClientAuth: " + socket.getNeedClientAuth(), LogType.DEBUG);
new Log("Client - WantClientAuth: " + socket.getWantClientAuth(), LogType.DEBUG);
Client c = new Client(socket);
//socket.getHandshakeSession() returns null and peer not authenticated exception...
} catch (Exception ex) {
ex.printStackTrace();
continue;
}
}
}
public void disconnect() throws Exception {
new Log("Server disconnecting...", LogType.INFO);
setRunning(false);
ClientManager.getInstance().disconnectClients();
if(server != null) {
server.close();
}
new Log("Server successfully disconnected!", LogType.INFO);
}
public boolean isRunning() {
return running;
}
public void setRunning(boolean state) {
running = state;
}
}
如果您需要什么,請告訴我...
1 個解決方案
解決方案1
0 已采納 2015-05-14 00:49:43
RemoteCertificateNameMismatch策略錯誤與丟失的本地證書無關。 此錯誤只是告訴您接收到的服務器證書中的SAN(主題備用名稱),或者,如果沒有SAN,則接收到的服務器證書的使用者名稱的公用名與您連接的主機名不匹配。 如果您不希望在這兩個位置之一中看到證書中的主機名,則可以忽略此錯誤。
我猜您沒有本地證書,因為您正在從文件加載證書,並且Windows私鑰存儲中沒有與此證書對應的私鑰。
嘗試使用MMC導入證書和私鑰(例如,從同時具有證書和私鑰的PFX文件中)導入本地計算機的個人證書存儲,然后在此使用.NET證書存儲API加載該證書。 只要您有權訪問私鑰(如果您是導入PFX的Windows用戶,就可以使用該私鑰),那么您應該可以使用此客戶端證書進行連接。
在您的代碼中,與其從文件中讀取證書,不如從證書存儲中加載它,如下所示:
var store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
try
{
X509Certificate2Collection collection = store.Certificates.Find(X509FindType.FindByThumbprint, thumbprint, false);
return TakeFirstCertificate(collection);
}
finally
{
store.Close();
}
您可以使用其他指紋來尋找它-這只是一個示例。 這就是SelectLocalCertificate返回的內容。
Java服務器自簽名證書+客戶端證書和SSL - 連接重置
[英]Java server self-signed certificate + client certificate and SSL - connection reset
創建從Java客戶端(在Android上)到Python服務器的自簽名SSL套接字
[英]Create self-signed SSL socket from Java client (on Android) to Python server
帶有 Java 11 和自簽名證書的 TLS 1.3 服務器套接字
[英]TLS 1.3 server socket with Java 11 and self-signed certificates
Java SSL / TLS客戶端使用在運行時加載的自簽名證書連接到並驗證服務器?
[英]Java SSL/TLS client to connect to & verify server using self-signed certificate which is loaded at run-time?
具有自簽名證書的Java SSL連接,無需將完整的密鑰庫復制到客戶端
[英]Java SSL connection with self-signed certificate without copying complete keystore to client
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
使用自簽名證書在Android上創建SSL-Socket
Java服務器自簽名證書+客戶端證書和SSL - 連接重置
創建從Java客戶端(在Android上)到Python服務器的自簽名SSL套接字
在 Java 客戶端接受服務器的自簽名 ssl 證書
帶有 Java 11 和自簽名證書的 TLS 1.3 服務器套接字
Java中的SSL自簽名過期證書
在java中使用自簽名證書連接到websocket
具有自簽名證書的SSL
Java SSL / TLS客戶端使用在運行時加載的自簽名證書連接到並驗證服務器?
具有自簽名證書的Java SSL連接,無需將完整的密鑰庫復制到客戶端
相關標簽