堆棧內存溢出
  簡體   English   中英

是否可以僅在 Java 中為本地主機創建安全 Websocket?

[英]Possible to create Secure Websocket in Java for localhost only?

 原文  2022-01-26 13:35:47       java/ ssl/ websocket/ okhttp/ java-websocket

問題描述

是否可以創建一個 Java SSL Websocket,以便同行可以使用wss://127.0.0.1連接?

我當前的實現是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory

        WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
        // Make it secure
        char[] passphrase = tempPassword.toCharArray();
        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        try (FileInputStream fis = new FileInputStream(keystoreFile)) {
            keystore.load(fis, passphrase);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keystore, passphrase);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keystore);
            SSLContext ctx = SSLContext.getInstance("TLS");
            ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
        } catch (Exception e) {
            System.out.println(e.getMessage());
            throw e;
        }

但是當我嘗試使用它時,我從 OkHttp3 收到以下錯誤: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed 這是完整的堆棧跟蹤: https://pastebin.com/raw/Y3RvqRrt

1 個解決方案

解決方案1
 0  2022-01-26 19:40:14

是的,您可以不安全地使用https://square.github.io/okhttp/4.x/okhttp-tls/okhttp3.tls/-handshake-certificates/-builder/add-insecure-host/

在此處查看答案Websocket 安全錯誤:未驗證主機名

但是假設您希望它安全,您將需要在客戶端中定義受信任的證書。

https://github.com/square/okhttp/blob/master/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java

    HandshakeCertificates certificates = new HandshakeCertificates.Builder()
        .addTrustedCertificate(letsEncryptCertificateAuthority)
        .addTrustedCertificate(entrustRootCertificateAuthority)
        .addTrustedCertificate(comodoRsaCertificationAuthority)
        // Uncomment if standard certificates are also required.
        //.addPlatformTrustedCertificates()
        .build();

    client = new OkHttpClient.Builder()
            .sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
            .build();

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 Java Websocket與tomcat本地主機 如何創建僅限localhost的Java套接字? 是否可以在桌面上創建從手機到 java 的連接(websocket?)? 如何在Java EE中保護WebSocket端點? 如何使用 Java 公開 WSS“安全 websocket” 用Java創建安全的Websocket(wss)服務器 如何為本地主機上的安全Web服務創建Web服務客戶端 如何創建僅在本地主機上提供服務的Java Socket對象? 是否可以僅將NanoHttpd限制為localhost? Java8安全WebSocket握手問題(Tyrus和Jetty)
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM