Folgender code (außenherum ist das exception handling):
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(" ... keystore.jks ... "), "selfsigned23pass".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, "selfsigned23pass".toCharArray());
for (KeyManager keyManager : kmf.getKeyManagers()) {
System.out.println("keyManager = " + keyManager);
}
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(kmf.getKeyManagers(), null, null);
System.out.println("context.getProtocol() = " + context.getProtocol());
System.out.println("");
SSLServerSocketFactory factory = context.getServerSocketFactory();
// for (String supportedCipherSuite : factory.getSupportedCipherSuites()) {
// System.out.println("supportedCipherSuite = " + supportedCipherSuite);
// }
SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(8117);
// socket.setSSLParameters(null);
SSLParameters sslParameters = socket.getSSLParameters();
System.out.println(sslParameters.getAlgorithmConstraints());
System.out.println("");
System.out.println(Arrays.toString(sslParameters.getCipherSuites()));
System.out.println("");
System.out.println(Arrays.toString(sslParameters.getProtocols()));
System.out.println("");
// for (String enabledProtocol : socket.getEnabledProtocols()) {
// System.out.println("enabledProtocol = " + enabledProtocol);
// }
// for (String enabledCipherSuite : socket.getEnabledCipherSuites()) {
// System.out.println("enabledCipherSuite = " + enabledCipherSuite);
// }
for (int i = 0; i < 100; i++) {
try (Socket accept = socket.accept(); BufferedReader reader = new BufferedReader(new InputStreamReader(accept.getInputStream()))) {
// ...
Folgende ausgabe:
keyManager = sun.security.ssl.SunX509KeyManagerImpl@...
context.getProtocol() = TLSv1.2
null
[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, uvm....]
[SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2]
Folgende fehlermeldungen:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
...
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Vorher Keytool-Genkey:
keytool -genkey -keyalg RSA -alias selfsigned23 -keypass selfsigned23pass
-keystore keystore.jks -storepass selfsigned23pass -validity 1000 -keysize 2048
Hat jemand Rat?
Das Zertifikat scheint ja mit dem Keytool korrekt erstellt worden zu sein…