如何將.crt文件添加到密鑰庫和信任庫

Question

我有一個.crt文件，我想使用java導入到密鑰庫和信任庫（首先創建密鑰庫和信任庫然后導入）。

以下是我使用的代碼：

import org.glassfish.tyrus.client.ClientManager;
import org.glassfish.tyrus.client.ClientProperties;
import org.glassfish.tyrus.client.SslContextConfigurator;
import org.glassfish.tyrus.client.SslEngineConfigurator;

@ClientEndpoint
public class test {

    private static CountDownLatch latch;

    private Logger logger = Logger.getLogger(this.getClass().getName());

    @OnOpen
    public void onOpen(Session session) {
        logger.info("Connected ... " + session.getId());
        try {
            session.getBasicRemote().sendText("start");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnMessage
    public String onMessage(String message, Session session) {
        BufferedReader bufferRead = new BufferedReader(new InputStreamReader(System.in));
        try {
            logger.info("Received ...." + message);
            String userInput = bufferRead.readLine();
            return userInput;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @OnClose
    public void onClose(Session session, CloseReason closeReason) {
        logger.info(String.format("Session %s close because of %s", session.getId(), closeReason));
    }

    public static void main(String[] args) {
        latch = new CountDownLatch(1);
        ClientManager client = ClientManager.createClient();

        try {
            client.connectToServer(test.class, new URI("wss://x.x.x.x:8085"));
            latch.await();

        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

}

我正在使用tyrus websocket客戶端，所以我需要添加以下屬性：

    final ClientManager client = ClientManager.createClient();
    System.getProperties().put("javax.net.debug", "all");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_FILE, "...");
    System.getProperties().put(SSLContextConfigurator.KEY_STORE_PASSWORD, "...");
    System.getProperties().put(SSLContextConfigurator.TRUST_STORE_PASSWORD, "...");
    final SSLContextConfigurator defaultConfig = new SSLContextConfigurator();

    defaultConfig.retrieve(System.getProperties());
        // or setup SSLContextConfigurator using its API.

    SSLEngineConfigurator sslEngineConfigurator =
        new SSLEngineConfigurator(defaultConfig, true, false, false);
    client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
        sslEngineConfigurator);
    client.connectToServer(... , ClientEndpointConfig.Builder.create().build(),
        new URI("wss://localhost:8181/sample-echo/echo"));
    }

那么，我如何創建密鑰庫和信任庫並將.crt導入其中。

Answer 1

我通過直接將.crt文件導入java密鑰庫來解決了上述問題：

用於導入java密鑰庫

keytool -trustcacerts -keystore "/jdk/jre/lib/security/cacerts" -storepass changeit -importcert -alias testalias -file "/opt/ssl/test.crt"

通過使用上面的命令，服務器證書將被驗證並且將獲得連接但是如果要創建新的密鑰庫並將.crt導入到它意味着使用以下命令它將創建類型為.jks的密鑰庫。

用於創建密鑰庫並導入.crt

keytool -import -alias testalias -file test.crt -keypass keypass -keystore test.jks -storepass test@123

這里

keystore password : test@123
keypass : keypass

由於某些代碼將驗證，如果您使用wss / https，它將要求密鑰庫/信任庫配置，那么您可以使用步驟2中提到的上述配置（創建密鑰庫並導入.crt）。 否則step1（導入到java密鑰庫）就足夠了。