我正在从事软件项目,我的任务是制作一个像客户端一样工作的 Proxi。此 Clientproxi 在 win10 上以 java 运行并与嵌入式 Serviceregistry Yocto-Linux 通信,并且必须通过 HTTP(s) 与 certivicateexchange TLS1.2 建立安全的外部连接。我正在实现和使用 bouncycaSTLelibraries,并完成了以下工作:
UnsecureHttpExecutor unsecureHttpExecutor = new UnsecureHttpExecutor();// Connection for external Clientservices
logger.debug("Try to connect!");
HttpRequest httpRequest = new BasicHttpRequest("GET", "/auth");// simple GET /auth -for REST
logger.debug("http.request: \n" + httpRequest.toString());
try {
HttpResponse httpResponse = unsecureHttpExecutor.executeRequest(httpRequest);// createHttpClient(); connectHttpClient();
String mibIdentifierJson = EntityUtils.toString(httpResponse.getEntity());
logger.debug("This is MIBIdentifierJson:\n" + mibIdentifierJson);
ResponseObject responseObject = JsonUtils.objectMapper().readValue(mibIdentifierJson, ResponseObject.class);
logger.debug("JSONUtils" + JsonUtils.objectMapper().readValue(mibIdentifierJson, ResponseObject.class).toString());
ClientContext clientContext = null;
RegistrationProcess registrationProcess = new RegistrationProcess();
logger.debug("Here is all ok!?");
RegistrationResult registrationResult = registrationProcess.registerNewClient(); //<-- Here are the question
//__________________________________________________________________________
public RegistrationResult registerNewClient(ClientContext clientContext) {
RegistrationResult registrationResult = null;
try {
createHttpClient();
// create KeyPair, CSR and Self-Signed certificate which will be send to server during tls handshake (see MSC_002)
KeyPair keyPair = CertificateUtils.generateKeyPair();
//L.d("KeyPair abgeschlossen");
logger.debug("KeyPair abgeschlossen KeyPair: " + keyPair.toString());
PKCS10CertificationRequest certificationRequest = CertificateUtils.createCertificationRequest(/*clientContext.getAppName()*/"Testapp", keyPair);
logger.debug("PKCS10CertificationRequest erfolgreich abgeschlossen");
//L.d("PKCS10CertificationRequest erfolgreich abgeschlossen"
X509CertificateHolder selfSignedCertificate = CertificateUtils.selfSignCertificate(certificationRequest, keyPair.getPrivate());
//L.d("X509 Selbstsigniertes");
logger.debug("X509 Selbstsigniertes Certifikat erstellt" + selfSignedCertificate.toString());
openTlsConnect(selfSignedCertificate, keyPair.getPrivate());
我得到以下日志
08:30:15.264 [main] DEBUG [main][connect()] - Try to connect!
08:30:15.268 [main] DEBUG [main][connect()] - http.request: GET /auth []
08:30:15.296 [main] DEBUG [main][connect()] - Das ist der MIBIdentifierJson: {"data":[{"id":"","name":"this is the auth-service of ViWi-ServiceRegistry","uri":"auth\/"}],"status":"ok","timestamp":1002380}
08:30:15.401 [main] DEBUG [main][connect()] - JSONUtilsCommunication.ResponseObject@6321e813
08:30:15.402 [main] DEBUG [main][connect()] - Hier noch alles gut!
08:30:15.598 [main] DEBUG [Registrationprocess] - KeyPair abgeschlossen KeyPair: java.security.KeyPair@77167fb7
08:30:15.619 [main] DEBUG [Registrationprocess] - PKCS10CertificationRequest erfolgreich abgeschlossen
08:30:15.626 [main] DEBUG [Registrationprocess] - X509 Selbstsigniertes Certifikat erstelltorg.bouncycastle.cert.X509CertificateHolder@ad1a4e8d Registration started RegistrationSocked erstellt
08:30:15.627 [main] DEBUG Registrationsocked] - Connect registration socket using timeout: 3000
08:30:15.638 [main] DEBUG Registrationsocked] - Client Inputstream: %s
08:30:15.638 [main] DEBUG Registrationsocked] - Client Outputstream: %s
08:30:15.639 [main] DEBUG Registrationsocked] - TlsClientProtocol
08:30:15.639 [main] DEBUG Registrationsocked] - connect now via tls
08:30:15.639 [main] DEBUG Registrationsocked] - TLS Client: Registration.RegistrationTlsClient@441772e
08:30:15.639 [main] DEBUG Registrationsocked] - TLS Client: Registration.RegistrationTlsClient$1@14dd9eb7 java.io.IOException: Internal TLS error, this could be an attackCould not perform registration process.
问题出在 openTLSConnection 方法上,我不知道我做错了什么。也许它提供了另一种获取 TLS 连接或客户端连接的方法。感谢转发评论!
我是一名优秀的程序员,十分优秀!