Hy, basically I want to get SslRMIServerSocketFactory/SslRMIClientSocketFactory to secure my RMI calls. What is the common way to get these when client authentication is also necessary (keystores, certificates, ..)? What do I need to generate/ship?
edit: I successfully secured the communication now with RMI with server and client authentication and self-signed certificates. This works now on my machine. I submitted the certificates, truststores and keystores to the repository, but it won't work on other machines.
It was suggested that the migration broke the keystore, but I can't figure out why? Does anyone have an idea? edit: Here is the complete stacktracejava.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
java.rmi.ConnectIOException: Exception creating connection to: localhost; nested exception is:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:614) at
sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:198) at
sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:184) at
sun.rmi.server.UnicastRef.newCall(UnicastRef.java:322) at
sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source) at
com.uc4.webui.sla.monitoring.SLAMonitoringAccessService.<init>(SLAMonitoringAccessService.java:40) at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at
java.lang.reflect.Constructor.newInstance(Constructor.java:513) at
java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at
org.eclipse.equinox.internal.ds.model.ServiceComponent.createInstance(ServiceComponent.java:457) at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.createInstance(ServiceComponentProp.java:264) at
org.eclipse.equinox.internal.ds.model.ServiceComponentProp.build(ServiceComponentProp.java:325) at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponent(InstanceProcess.java:588) at
org.eclipse.equinox.internal.ds.InstanceProcess.buildComponents(InstanceProcess.java:196) at
org.eclipse.equinox.internal.ds.Resolver.buildNewlySatisfied(Resolver.java:441) at
org.eclipse.equinox.internal.ds.Resolver.enableComponents(Resolver.java:213) at
org.eclipse.equinox.internal.ds.SCRManager.performWork(SCRManager.java:800) at
org.eclipse.equinox.internal.ds.SCRManager$QueuedJob.dispatch(SCRManager.java:767) at
org.eclipse.equinox.internal.ds.WorkThread.run(WorkThread.java:89) at
java.lang.Thread.run(Thread.java:662) Caused by:
java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179) at
javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:192) at
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:105) at
sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:595
) ... 22 more Caused by:
java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl) at
java.security.Provider$Service.newInstance(Provider.java:1245) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:220) at
sun.security.jca.GetInstance.getInstance(GetInstance.java:147) at
javax.net.ssl.SSLContext.getInstance(SSLContext.java:125) at
javax.net.ssl.SSLContext.getDefault(SSLContext.java:68) at
javax.net.ssl.SSLSocketFactory.getD开发者_StackOverflowefault(SSLSocketFactory.java:102) at
javax.rmi.ssl.SslRMIClientSocketFactory.getDefaultClientSocketFactory(SslRMIClientSocketFactory.java:192) at
javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:102) ... 23 more Caused by:
java.io.IOException: Invalid keystore format at
sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633) at
sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at
java.security.KeyStore.load(KeyStore.java:1185) at
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150) at
com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40) at
sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) at
java.lang.reflect.Constructor.newInstance(Constructor.java:513) at
java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at
java.security.Provider$Service.newInstance(Provider.java:1221) ... 30 more
My platform is Windows 7 and
java version "1.6.0_22"
Java(TM) SE Runtime Environment (build 1.6.0_22-b04)
Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)
Here are the keytool command which I used for the generation:
keytool -genkeypair -keyalg RSA -validity 3650 -keystore bundlekeystore.jks
keytool -export -keystore bundlekeystore.jks -rfc -file bundlecertificate.cer
keytool -import -file standalonecertificate.cer -keystore truststore.jks
- Your need to export your remote objects using instances of each of those classes, configured appropriately according to your special requirements about enabled protocols and cipher suites if any.
- Your server needs a private key and signed certificate in its keystore.
- If it's a self-signed certificate, it needs to be exported from there and imported into the client's truststore.
- Your client needs a private key and signed certificate in its keystore.
- If it's a self-signed certificate, it needs to be exported from there and imported into the servers's truststore.
- If the certificates are signed by a recognized CA you can omit the parts involving truststores.
- If your client has any special requirements about protocols or cipher suites it needs to set the system properties described for SslRMIClientSocketFactory.
- If you also want a secure Registry you have to take several additional steps which I will post here if you ask, but they are fairly obvious if you have a look at the LocateRegistry.createRegistry()/getRegistry() overloads that take socket factory parameters.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论