Java和C＃應用程序之間的SSL通信

Question

我的目標是在用C＃編寫的Java服務器和客戶端之間建立安全通信。

java服務器代碼：

  System.setProperty("javax.net.ssl.keyStore","cert/mySrvKeystore");
  System.setProperty("javax.net.ssl.keyStorePassword","myPassword");

  SSLServerSocketFactory sslserversocketfactory =
            (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
  SSLServerSocket sslserversocket =  = (SSLServerSocket) sslserversocketfactory.createServerSocket(2389);

    while(true) {
    System.err.println("server w8 new connection");
     try {

            SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();
            //sslsocket.startHandshake();

            in = sslsocket.getInputStream();
            out = sslsocket.getOutputStream();
            out.flush();

            String response = new String(receiveMessage());
            while (response != "end") {
                System.out.println("Server recv="+response);
                response = new String(receiveMessage());
                sendMessage(("echo="+response).getBytes());
            }
        } catch (Exception exception) {
            exception.printStackTrace();
        }
    }

和用c＃編寫的客戶端：

        client = new TcpClient() { SendTimeout = 5000, ReceiveTimeout = 5000 };
        IPEndPoint serverEndPoint = new IPEndPoint(IPAddress.Parse(host), port);

        client.Connect(serverEndPoint);
        client.NoDelay = true;
        Console.WriteLine("Client connected.");

        // Create an SSL stream that will close the client's stream.
        SslStream sslStream = new SslStream(client.GetStream(), false, ValidateServerCertificate, null);
        // The server name must match the name on the server certificate.
        try
        {
            sslStream.AuthenticateAsClient("someName");
        }
        catch (AuthenticationException error)
        {
            Console.WriteLine("Exception: {0}", error.Message);
            if (error.InnerException != null)
            {
                Console.WriteLine("Inner exception: {0}", error.InnerException.Message);
            }
            Console.WriteLine("Authentication failed - closing the connection.");
            client.Close();
            return;
        }

        ASCIIEncoding ascii = new ASCIIEncoding();
        SendData(ascii.GetBytes("Hello World"));     

和

    public static bool ValidateServerCertificate(
          object sender,
          X509Certificate certificate,
          X509Chain chain,
          SslPolicyErrors sslPolicyErrors)
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);

        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }

我得到以下錯誤：在c＃中

 A first chance exception of type "System.Security.Authentication.AuthenticationException" occurred in System.dll
 Certificate error: RemoteCertificateChainErrors
 Exception: The remote certificate is invalid according to the validation procedure.
 Authentication failed - closing the connection.

我知道問題可能是我使用不同類型的證書，但我不知道如何在java中使用X509Certificate制作標准的sslServerSocket。 有人可以幫助我，有很好的例子，或者一些建議我怎樣才能實現我的目標？

PS我正在尋找bouncycastle庫，因為它既有java又有c＃實現，但我想使用標准庫，以及語言的內置功能。

Answer 1

從您的示例中，您看起來不需要以編程方式生成證書和私鑰。 您可以使用keytool在服務器密鑰庫中生成證書：

keytool -genkey -alias myalias -keystore mykeystore.jks -dname "CN=www.example.com"

或者更好的是，如果您正在使用Java 7的keytool ，那么使用SAN擴展：

keytool -genkey -alias myalias -keystore mykeystore.jks -dname "CN=www.example.com" -ext san=dns:www.example.com

在這里， www.example.com是客戶端看到的主機名。 您可以在主題DN（ dname ）中添加其他內容，但請確保CN是主機名。

生成后，使用以下方法導出自簽名證書：

keytool -export myservercert.crt -alias myalias -keystore mykeystore.jks

然后，您應該能夠將其作為受信任的證書導入Windows證書存儲區，而不是使用C＃。