Jersey/Jetty REST SSL HTTPS Problem z keystore.jks

0

Mam serwer a restami oparty na Jersey plus SSL, gdy podłaczam klienta z tym samym keystore.jks wywala taki błąd:

com.sun.jersey.api.client.ClientHandlerException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:149)
	at com.sun.jersey.api.client.Client.handle(Client.java:648)
	at com.sun.jersey.api.client.WebResource.handle(WebResource.java:670)
	at com.sun.jersey.api.client.WebResource.get(WebResource.java:191)
	at clientrest.aa.main(aa.java:43)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
	at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
	at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
	at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
	at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:240)
	at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:147)
	... 4 more
Caused by: java.security.cert.CertificateException: No name matching localhost found
	at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
	at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
	at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:200)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
	... 19 more

Kod serwera:

	int serverPort = ServerConfiguration.configuration.getServerPort();
		SslContextFactory sslContextFactory = new SslContextFactory();
		sslContextFactory.setKeyStorePath("src/main/resources/keystore.jks");
		sslContextFactory.setKeyStorePassword("3354363465");
		SslConnectionFactory sslConne = new SslConnectionFactory(sslContextFactory, HttpVersion.HTTP_1_1.toString());
		
		HttpConfiguration http_config = new HttpConfiguration(); 
		http_config.setSecureScheme("https");
		http_config.setSecurePort(serverPort);
		http_config.setOutputBufferSize(Integer.MAX_VALUE);
		http_config.setRequestHeaderSize(8192);
		http_config.setResponseHeaderSize(8192);
		
		HttpConfiguration https_config = new HttpConfiguration(http_config);
		https_config.addCustomizer(new SecureRequestCustomizer());
		
		HttpConnectionFactory cf = new HttpConnectionFactory(https_config);
				
		ServletHolder jerseyServlet2 = new ServletHolder(new ServletContainer(new RestApplication()));
        //rest
        ServletContextHandler servletContext = new ServletContextHandler(ServletContextHandler.SESSIONS);
        servletContext.setContextPath("/");
        servletContext.addServlet(jerseyServlet2, "/*");

        ContextHandlerCollection contextHandlers = new ContextHandlerCollection();
        contextHandlers.setHandlers(new Handler[]
        {servletContext});
		
		Server server = new Server();
		ServerConnector connector = new ServerConnector(server, sslConne, cf);
		connector.setPort(serverPort);
		server.addConnector(connector);
		server.setHandler(contextHandlers);

		try {
			server.start();
			server.dump(System.err);
			server.join();
		} catch (Exception e) {
		}

Kod clienta:

	SSLContext ctx = null;
        try {
            KeyStore trustStore;
            trustStore = KeyStore.getInstance("JKS");
            trustStore.load(new FileInputStream("keystore/keystore.jks"),
                    "159357258456".toCharArray());
            TrustManagerFactory tmf = TrustManagerFactory
                    .getInstance("SunX509");
            tmf.init(trustStore);
            ctx = SSLContext.getInstance("SSL");
            ctx.init(null, tmf.getTrustManagers(), null);
        } catch (Exception e){
        }

        ClientConfig config = new DefaultClientConfig();
        config.getProperties().put(HTTPSProperties.PROPERTY_HTTPS_PROPERTIES,
                new HTTPSProperties(null, ctx));

        WebResource service = Client.create(config).resource(
                "https://localhost:6036/");

        // Attempt to view the user's page.
        try {
            String out = service.path("user/getInfo").get(String.class);
            System.out.println(out);
        } catch (Exception e) {
            e.printStackTrace();
        }

O co może chodzić?

0

Dodałem coś takiego przed wywołaniem resta:
Teoretycznie zadziałąło pytanie czy jest to dopuszczalne?

   javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(
        		new javax.net.ssl.HostnameVerifier(){

        		    public boolean verify(String hostname,
        		            javax.net.ssl.SSLSession sslSession) {
        		        return hostname.equals("localhost");
        		    }
        		});

0

Czy Ty próbujesz testować certyfikaty wydane przez jakieś CA u siebie lokalnie czy masz to self-signed ?
O javovym supportcie dla SSL/TLS można powiedzieć dużo (złego) ale logi ma spoko : System.setProperty("javax.net.debug", "all");

Jersey/Jetty REST SSL HTTPS Problem z keystore.jks

1 użytkowników online, w tym zalogowanych: 0, gości: 1

Praca dla programistów

Forum dyskusyjne

Sprawy administracyjne

O nas

Skontaktuj się z nami