[英]Possible to create Secure Websocket in Java for localhost only?
是否可以創建一個 Java SSL Websocket,以便同行可以使用wss://127.0.0.1
連接?
我當前的實現是使用org.java_websocket.server.DefaultSSLWebSocketServerFactory
:
WebSocketServerFactory socketFactory = new DefaultWebSocketServerFactory();
// Make it secure
char[] passphrase = tempPassword.toCharArray();
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
try (FileInputStream fis = new FileInputStream(keystoreFile)) {
keystore.load(fis, passphrase);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, passphrase);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
socketFactory = new DefaultSSLWebSocketServerFactory(ctx);
} catch (Exception e) {
System.out.println(e.getMessage());
throw e;
}
但是當我嘗試使用它時,我從 OkHttp3 收到以下錯誤: Transport exception caused by javax.net.ssl.SSLHandshakeException: connection closed
。 這是完整的堆棧跟蹤: https://pastebin.com/raw/Y3RvqRrt
在此處查看答案Websocket 安全錯誤:未驗證主機名
但是假設您希望它安全,您將需要在客戶端中定義受信任的證書。
HandshakeCertificates certificates = new HandshakeCertificates.Builder()
.addTrustedCertificate(letsEncryptCertificateAuthority)
.addTrustedCertificate(entrustRootCertificateAuthority)
.addTrustedCertificate(comodoRsaCertificationAuthority)
// Uncomment if standard certificates are also required.
//.addPlatformTrustedCertificates()
.build();
client = new OkHttpClient.Builder()
.sslSocketFactory(certificates.sslSocketFactory(), certificates.trustManager())
.build();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.