Enable jets3t to support https

Source: Internet
Author: User

I debugged the RT problem today. I got it right after work due to carelessness. Oh, no!

The specific method is:

When Eucalyptu accesses walrus, the default protocol is HTTP and the port number is 8773.

In the jets3t configuration script, HTTP occupies 8773 and HTTPS occupies 8443.ProgramAn error occurred while importing the certificate corresponding to the 8443 port number. Because the port number is inconsistent with that of Eucalyptus when accessing walrus, the access fails.

So comment out the HTTP 8773 of jets3t and change the HTTPS port number to 8773. Note that it is a waste of time to correspond to the IP address!

Restart, OK!

The Java program method is as follows:

When a Java client requests services that implement the HTTPS protocol, an exception occurs: 'unable to find valid certification path to requested target'

Because the certificate at the service end is not authenticated, You need to import the server certificate to Java keystore. It can be implemented using the Java class in the attachment.

Usage:

# Java installcert web_site_hostname: Port

This Java class will open a connection to your specified host and start the handshake process. If an exception occurs, it is printed to the console and the certificate used by the server is displayed. At this time, it will ask if you want to add the certificate to your keystore. Enter "Q" if you do not want to add it. Otherwise, enter "1 ".

After you enter "1", installcert. java will display information about the certificate, and then import the certificate to a keystore named "jssecacerts" (current directory ), copy the file to the $ java_home/JRE/lib/security directory and rename it "cacerts ".

The procedure is as follows:

Import java. Io .*;
Import java.net. url;

 

Import java. Security .*;
Import java. Security. cert .*;

Import javax.net. SSL .*;

Public class installcert {

Public static void main (string [] ARGs) throws exception {
String host;
Int port;
Char [] passphrase;
If (ARGs. Length = 1) | (ARGs. Length = 2 )){
String [] C = ARGs [0]. Split (":");
Host = C [0];
Port = (C. Length = 1 )? 443: integer. parseint (C [1]);
String P = (ARGs. Length = 1 )? "Changeit": ARGs [1];
Passphrase = P. tochararray ();
} Else {
System. Out. println ("Usage: Java installcert Return;
}

file = new file ("jssecacerts");
If (file. isfile () = false) {
char Sep = file. separatorchar;
file dir = new file (system. getproperty ("Java. home ") + Sep
+" lib "+ Sep +" security ");
file = new file (Dir," jssecacerts ");
If (file. isfile () = false) {
file = new file (Dir, "cacerts");
}< BR >}< br> system. out. println ("loading keystore" + file + "... ");
inputstream in = new fileinputstream (File);
keystore Ks = keystore. getinstance (keystore. getdefaulttype ();
Ks. load (in, passphrase);
in. close ();

Sslcontext context = sslcontext. getinstance ("TLS ");
Trustmanagerfactory TMF =
Trustmanagerfactory. getinstance (trustmanagerfactory. getdefaultalgorithm ());
TMF. INIT (KS );
X509trustmanager defaulttrustmanager = (x509trustmanager) TMF. gettrustmanagers () [0];
Savingtrustmanager TM = new savingtrustmanager (defatrutrustmanager );
Context. INIT (null, new trustmanager [] {TM}, null );
Sslsocketfactory factory = context. getsocketfactory ();

System. Out. println ("Opening connection to" + host + ":" + port + "...");
Sslsocket socket = (sslsocket) Factory. createsocket (host, Port );
Socket. setsotimeout (10000 );
Try {
System. Out. println ("Starting SSL handshake ...");
Socket. starthandshake ();
Socket. Close ();
System. Out. println ();
System. Out. println ("no errors, certificate is already trusted ");
} Catch (sslexception e ){
System. Out. println ();
E. printstacktrace (system. Out );
}

X509certificate [] Chain = TM. chain;
If (chain = NULL ){
System. Out. println ("cocould not obtain server certificate chain ");
Return;
}

Bufferedreader reader =
New bufferedreader (New inputstreamreader (system. In ));

system. out. println ();
system. out. println ("server sent" + chain. length + "certificate (s):");
system. out. println ();
messagedigest sha1 = messagedigest. getinstance ("sha1");
messagedigest MD5 = messagedigest. getinstance ("MD5");
for (INT I = 0; I x509certificate Cert = chain [I];
system. out. println
("" + (I + 1) + "subject" + cert. getsubjectdn ();
system. out. println ("issuer" + cert. getissuerdn ();
sha1.update (cert. getencoded ();
system. out. println ("sha1" + tohexstring (sha1.digest ();
md5.update (cert. getencoded ();
system. out. println ("MD5" + tohexstring (md5.digest ();
system. out. println ();
}

System. Out. println ("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
String line = reader. Readline (). Trim ();
Int K;
Try {
K = (line. Length () = 0 )? 0: integer. parseint (line)-1;
} Catch (numberformatexception e ){
System. Out. println ("keystore not changed ");
Return;
}

X509certificate Cert = chain [k];
String alias = Host + "-" + (k + 1 );
KS. setcertificateentry (alias, Cert );

Outputstream out = new fileoutputstream ("jssecacerts ");
KS. Store (Out, passphrase );
Out. Close ();

System. Out. println ();
System. Out. println (CERT );
System. Out. println ();
System. Out. println
("Added certificate to keystore 'jssecacerts' using alias '"
+ Alias + "'");
}

Private Static final char [] hexdigits = "0123456789 abcdef". tochararray ();

Private Static string tohexstring (byte [] bytes ){
Stringbuilder sb = new stringbuilder (bytes. length * 3 );
For (int B: bytes ){
B & = 0xff;
SB. append (hexdigits [B> 4]);
SB. append (hexdigits [B & 15]);
SB. append ('');
}
Return sb. tostring ();
}

Private Static class savingtrustmanager implements x509trustmanager {

Private Final x509trustmanager TM;
Private x509certificate [] chain;

Savingtrustmanager (x509trustmanager TM ){
This. TM = TM;
}

Public x509certificate [] getacceptedissuers (){
Throw new unsupportedoperationexception ();
}

Public void checkclienttrusted (x509certificate [] Chain, string authtype)
Throws certificateexception {
Throw new unsupportedoperationexception ();
}

Public void checkservertrusted (x509certificate [] Chain, string authtype)
Throws certificateexception {
This. Chain = chain;
TM. checkservertrusted (chain, authtype );
}
}

}

 

Another method is as follows:

# Keytool-import-keystore $ java_home/JRE/lib/security/cacerts-file server. CRT-alias myservercrt

After testing this method just now, the result is feasible, that is, to import the Certificate file corresponding to CLC. The default password of keytool is changeit.

Ko!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.