[英]Java - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
我正在嘗試使用自己的SSL客戶端連接到我自己的SSL服務器,但是我收到以下錯誤:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:420) at server.run(Server.java:70) at server.main(Server.java:22)
我在stackoverflow上搜索了同樣的問題,但我只能找到在Apache或其他HTTPS“系統”中使用它的人。
這是我的服務器代碼:
/* Server SSL */
import javax.net.ssl.*;
import java.io.*;
import java.net.InetAddress;
import java.security.KeyStore;
//import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.cert.X509Certificate;
class server {
ObjectOutputStream out;
ObjectInputStream in;
public static void main(String[] args) {
new server().run();
}
void run() {
Date date = new Date();
try {
// Security test (to avoid starting from the command line)c
char[] passphrase = "password".toCharArray();
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("/home/ME/CERT/keystore"), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, passphrase);
SSLContext context = SSLContext.getInstance("TLS");
KeyManager[] keyManagers = kmf.getKeyManagers();
context.init(keyManagers, null, null);
// -- End of security test
// 1. Create a server Socket
SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory.createServerSocket(9999);
// TBH im not sure what the following code does, but I need it?
String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
sslserversocket.setEnabledCipherSuites(enabledCipherSuites);
// 2. Wait for connection.
System.out.println("Waiting for connection. ");
SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
SSLSession session = sslsocket.getSession();
X509Certificate cert = (X509Certificate)session.getPeerCertificateChain()[0];
String subject = cert.getSubjectDN().getName();
System.out.println(subject);
// 2.1 Prints information about client, this could be (very) valuable to save in a file.
System.out.println("Connection received: ");
System.out.println(" Hostname: " + sslsocket.getInetAddress().getHostName());
sslsocket.getInetAddress();
System.out.println(" IP: " + InetAddress.getLocalHost().getHostAddress());
System.out.println(" @ " + date.toString());
System.out.println();
// 3. Create input and output streams.
// for some reason i cant make the out/in-variable without using it as global?
out = new ObjectOutputStream(sslsocket.getOutputStream());
out.flush();
in = new ObjectInputStream(sslsocket.getInputStream());
sendMessage("Connection successful");
// 4. Client and server talks via the input and output streams
String message;
do {
message = (String)in.readObject();
System.out.println(" Client says: " + message);
if (message.equals("bye")) {
sendMessage("bye");
}
}while(!message.equals("bye"));
// 5. Closing connection
in.close();
out.close();
sslsocket.close();
System.out.println("Server terminated. ");
} catch (Exception exception) {
exception.printStackTrace();
}
}
void sendMessage(String msg) throws Exception
{
out.writeObject(msg);
out.flush();
System.out.println(" You(server) says: " + msg);
}
}
這是我的客戶代碼:
/* Java SSL Client */
import javax.net.ssl.*;
import java.io.*;
import java.security.KeyStore;
import java.util.*;
class client {
String message;
ObjectOutputStream out;
ObjectInputStream in;
public static void main(String[] args) {
new client().run();
}
void run() {
System.out.println();
int port = 9999;
String host = "127.0.0.1";
try {
// Security test (to avoid starting with the command line)
char[] passphrase = "trustword".toCharArray();
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(new FileInputStream("/home/ME/CERT/truststore"), passphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keystore);
SSLContext context = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = tmf.getTrustManagers();
context.init(null, trustManagers, null);
// --- End of security test
System.out.println("Connecting to " + host + " on port " + port);
// 1. Create a client socket.
SSLSocketFactory sslFactory = (SSLSocketFactory)SSLSocketFactory.getDefault();
SSLSocket sslSocket = (SSLSocket)sslFactory.createSocket(host, port);
// TBH im not sure what the following code does, but I need it?
String[] enabledCipherSuites = { "SSL_DH_anon_WITH_RC4_128_MD5" };
sslSocket.setEnabledCipherSuites(enabledCipherSuites);
System.out.println("Connected.");
// 2. Create input and output streams
out = new ObjectOutputStream(sslSocket.getOutputStream());
out.flush();
in = new ObjectInputStream(sslSocket.getInputStream());
// 3. Client and server talks via the input and output streams
Scanner input = new Scanner(System.in);
message = (String)in.readObject();
System.out.println(" Server says: " + message);
sendMessage("Hello Server! ");
do {
// Sends input text
System.out.print("Enter text to send: ");
message = input.nextLine();
sendMessage(message);
if (message.equals("bye")) {
message = (String)in.readObject();
System.out.println(" Server says: " + message);
}
} while(!message.equals("bye"));
// 4. Closing connection
in.close();
out.close();
sslSocket.close();
System.out.println("Client terminated. ");
}
catch (Exception exception) {
exception.printStackTrace();
}
}
void sendMessage(String msg) throws Exception
{
out.writeObject(msg);
out.flush();
System.out.println(" You(client) says: " + msg);
}
}
我非常感謝答案,或者朝着正確的方向努力!
這里有兩個問題。
您將密碼套件限制為SSL_DH_anon_WITH_RC4_128_MD5,這是一個匿名密碼套件,因此沒有身份驗證。 只需刪除它,你不需要它。
您沒有在服務器上調用setWantClientAuth(true)或setNeedClientAuth(true) ,因此永遠不會要求客戶端發送其證書,因此它不會發送證書。 因此讓服務器請求對等證書是沒有意義的。 讓客戶要求它。
此時,您需要確定是否確實需要客戶端身份驗證。 如果這樣做,則必須調用上述方法之一,並且還需要在密鑰庫中為客戶端提供私鑰和簽名證書,並通過導出/導入或安排服務器的信任庫信任此密鑰庫。通過CA簽署客戶端證書。 目前還不清楚你是否需要這些。
過期的證書是我們的“javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated”的原因。
keytool -list -v -keystore filetruststore.ts
Enter keystore password:
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: somealias
Creation date: Jul 26, 2012
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Unknown, OU=SomeOU, O="Some Company, Inc.", L=SomeCity, ST=GA, C=US
Issuer: CN=Unknown, OU=SomeOU, O=Some Company, Inc.", L=SomeCity, ST=GA, C=US
Serial number: 5011a47b
Valid from: Thu Jul 26 16:11:39 EDT 2012 until: Wed Oct 24 16:11:39 EDT 2012
Java 8 javax.net.ssl.SSLPeerUnverifiedException:peer未經過身份驗證,但不是Java 7
[英]Java 8 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated, but not Java 7
Apache HttpClient錯誤:javax.net.ssl.SSLPeerUnverifiedException:對等方未通過身份驗證
[英]Apache HttpClient Error: javax.net.ssl.SSLPeerUnverifiedException: Peer Not Authenticated
javax.net.ssl.SSLPeerUnverifiedException:未在Tomcat中使用Apache HttpClient對等體進行身份驗證
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in Tomcat with Apache HttpClient
javax.net.ssl.SSLPeerUnverifiedException:在netbeans中未對等身份驗證
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in netbeans
JDK 11. javax.net.ssl.SSLPeerUnverifiedException:對等方未通過身份驗證
[英]JDK 11. javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
異常:javax.net.ssl.SSLPeerUnverifiedException:對等端未經過身份驗證
[英]Exception : javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
javax.net.ssl.SSLPeerUnverifiedException:僅在生產服務器上未對等身份驗證
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated only on production server
如何使用Java解決Rally Rest api中的javax.net.ssl.SSLPeerUnverifiedException:對等體未通過身份驗證的異常?
[英]How to solve javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated Exception in Rally Rest api using java?
javax.net.ssl.SSLPeerUnverifiedException:對等方未在jdk7中進行身份驗證,但未在jdk8中進行身份驗證
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in jdk7 but not in jdk8
javax.net.ssl.SSLPeerUnverifiedException: 升級 Spring 從 2.1.0 到 2.2.0.M3 后未通過身份驗證
[英]javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated after upgrading Spring Boot from 2.1.0 to 2.2.0.M3
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.