如何在 java SSL 中加載本地客戶端證書？

Question

我嘗試使用需要使用此客戶端進行客戶端身份驗證的 TLS 連接到服務器的套接字。java代碼

import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;


public class Client {
    public static void main(String[] args){
        System.setProperty("javax.net.ssl.trustStore", "/home/toni/.keystore");
        System.setProperty("javax.net.ssl.trustStorePassword", "jOk<>123");
        
        String host = "localhost";
        Integer port = 8000;
        byte[] data = new byte[4096];
     
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
        try(
            SSLSocket socket = (SSLSocket) factory.createSocket(host, port);
            InputStream in = socket.getInputStream();
            OutputStream out = socket.getOutputStream();
        ){
            out.write("Hi, I am client".getBytes());
            in.read(data);
            System.out.println(new String(data));
        } catch (IOException ex) {
            Logger.getLogger(Client.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
}

但似乎client.java沒有將本地客戶端證書發送到服務器，因此服務器返回錯誤：

ssl.SSLError: [SSL: PEER_DID_NOT_RETURN_A_CERTIFICATE] peer did not return a certificate (_ssl.c:852)

這是我的keytool -list

Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

client, Aug 20, 2020, PrivateKeyEntry, 
Certificate fingerprint (SHA-256): 41:36:F0:A5:38:DA:99:D1:6A:B1:44:87:9C:00:CF:73:FC:96:48:22:79:B5:3A:9A:ED:44:C8:AA:CA:97:45:5E
localhost, Aug 20, 2020, trustedCertEntry, 
Certificate fingerprint (SHA-256): 1A:CB:DA:E3:ED:BF:E0:C8:C1:13:13:8C:A4:FB:20:48:53:54:80:D3:36:14:35:9C:EF:AF:5B:16:E2:54:97:B8

如何讓我的client.java在上面加載client別名證書並在與服務器握手時使用它？

Answer 1

我只是了解了 keyStore 和 trustStore 之間的區別。 實際上在 java 我不需要在客戶端顯式指定客戶端證書。 我只需要像這樣聲明我的 KeyStore：

        String file = "/home/toni/.keystore";
        String password = "jOk<>123";
        System.setProperty("javax.net.ssl.trustStore", file);
        System.setProperty("javax.net.ssl.trustStorePassword", password);
        System.setProperty("javax.net.ssl.keyStore", file);
        System.setProperty("javax.net.ssl.keyStorePassword", password);