添加trustStore以进行客户端身份验证[重复](Add trustStore for client authentication [duplicate])

添加trustStore以进行客户端身份验证[重复](Add trustStore for client authentication [duplicate])

这个问题在这里已有答案：

SSLHandshakeException：没有共同的密码套件 2个答案

服务器和相应的客户端支持客户端身份验证，但如下所示： SSLHandshakeException：没有共同的密码套件 ，没有trustStore引用，即它们使用默认的trustStore。 如何指定trustStore？

ClassFileServer：

private static ServerSocketFactory getServerSocketFactory(String type) { if (type.equals("TLS")) { SSLServerSocketFactory ssf = null; Properties systemProps = System.getProperties(); systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks"); systemProps.put( "javax.net.ssl.trustStorePassword", "p@ssw0rd"); System.setProperties(systemProps); try { // set up key manager to do server authentication SSLContext ctx; KeyManagerFactory kmf; KeyStore ks; char[] passphrase = "p@ssw0rd".toCharArray(); ctx = SSLContext.getInstance("TLS"); kmf = KeyManagerFactory.getInstance("SunX509"); ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("keystore.jks"), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); ssf = ctx.getServerSocketFactory(); return ssf; } catch (Exception e) { e.printStackTrace(); } }

SSLSocketClientWithClientAuth：

try { /* * Set up a key manager for client authentication * if asked by the server. Use the implementation's * default TrustStore and secureRandom routines. */ Properties systemProps = System.getProperties(); systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks"); systemProps.put( "javax.net.ssl.trustStorePassword", "changeit"); System.setProperties(systemProps); SSLSocketFactory factory = null; try { SSLContext ctx; KeyManagerFactory kmf; KeyStore ks; char[] passphrase = "changeit".toCharArray(); ctx = SSLContext.getInstance("TLS"); kmf = KeyManagerFactory.getInstance("SunX509"); ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("keystore.jks"), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); factory = ctx.getSocketFactory(); } catch (Exception e) { throw new IOException(e.getMessage()); } SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

This question already has an answer here:

SSLHandshakeException: no cipher suites in common 3 answers

A server and respective client support client authentication but as noted here: SSLHandshakeException: no cipher suites in common, do not have trustStore reference, i.e. they use the default trustStore. How can the trustStore be specified?

ClassFileServer:

private static ServerSocketFactory getServerSocketFactory(String type) { if (type.equals("TLS")) { SSLServerSocketFactory ssf = null; Properties systemProps = System.getProperties(); systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks"); systemProps.put( "javax.net.ssl.trustStorePassword", "p@ssw0rd"); System.setProperties(systemProps); try { // set up key manager to do server authentication SSLContext ctx; KeyManagerFactory kmf; KeyStore ks; char[] passphrase = "p@ssw0rd".toCharArray(); ctx = SSLContext.getInstance("TLS"); kmf = KeyManagerFactory.getInstance("SunX509"); ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("keystore.jks"), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); ssf = ctx.getServerSocketFactory(); return ssf; } catch (Exception e) { e.printStackTrace(); } }

SSLSocketClientWithClientAuth:

try { /* * Set up a key manager for client authentication * if asked by the server. Use the implementation's * default TrustStore and secureRandom routines. */ Properties systemProps = System.getProperties(); systemProps.put( "javax.net.ssl.trustStore", "cacerts.jks"); systemProps.put( "javax.net.ssl.trustStorePassword", "changeit"); System.setProperties(systemProps); SSLSocketFactory factory = null; try { SSLContext ctx; KeyManagerFactory kmf; KeyStore ks; char[] passphrase = "changeit".toCharArray(); ctx = SSLContext.getInstance("TLS"); kmf = KeyManagerFactory.getInstance("SunX509"); ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream("keystore.jks"), passphrase); kmf.init(ks, passphrase); ctx.init(kmf.getKeyManagers(), null, null); factory = ctx.getSocketFactory(); } catch (Exception e) { throw new IOException(e.getMessage()); } SSLSocket socket = (SSLSocket)factory.createSocket(host, port);

最满意答案

通过设置系统属性来指定trustStore ：

System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");

或通过命令行调用：

-Djavax.net.ssl.keyStore=path/to/keystore.jks

Specify the trustStore by setting the system properties:

System.setProperty("javax.net.ssl.trustStore", "cacerts.jks");

or via command line invocation:

-Djavax.net.ssl.keyStore=path/to/keystore.jks