个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
24
4
请帮助了解如何向 SSL 上下文提供证书链。
简介:我正在使用 EWSJavaAPI 1.2 连接到 ms Exchange。它使用带有双向身份验证的 TLS 连接,基于我自己的公司颁发的证书,该证书由派生自 my-root-cert 的 my-CA 签名。所有这些实体都存在,但我只使用 PFX。
我使用一个 PFX key 初始化 SLLcontext,并使用信任管理器的 TRUST-ALL 实现。
我的项目依赖项:
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>commons-httpclient</groupId>
<artifactId>commons-httpclient</artifactId>
<version>3.1</version>
</dependency>
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.7</version>
</dependency>
<dependency>
<groupId>jcifs</groupId>
<artifactId>jcifs</artifactId>
<version>1.3.17</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
<classifier>adapters</classifier>
</dependency>
<dependency>
<groupId>EWSJavaAPI</groupId>
<artifactId>EWSJavaAPI</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
我要连接的示例:
package mail.msexchangetest;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import microsoft.exchange.webservices.data.ClientCertificateCredentials;
import microsoft.exchange.webservices.data.EmailMessage;
import microsoft.exchange.webservices.data.ExchangeCredentials;
import microsoft.exchange.webservices.data.ExchangeService;
import microsoft.exchange.webservices.data.ExchangeVersion;
import microsoft.exchange.webservices.data.Folder;
import microsoft.exchange.webservices.data.FolderId;
import microsoft.exchange.webservices.data.Mailbox;
import microsoft.exchange.webservices.data.MessageBody;
import microsoft.exchange.webservices.data.ServiceLocalException;
import microsoft.exchange.webservices.data.WebCredentials;
import microsoft.exchange.webservices.data.WellKnownFolderName;
\/**
*
*
*\/
public class App \{
private static TrustManagerFactory tmf;
private static SSLContext ctx ;
private static TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager(){
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType){
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType){
}
}};
// The trust all certs.
private static void setSSLConfigManual() throws Exception
{
KeyStore ks=KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream("/home/user/Documents/private/mail-cert/compUser.pfx"),"mypass".toCharArray());
System.out.println("init Stores...");
KeyManagerFactory kmf=KeyManagerFactory.getInstance("SunX509");
kmf.init(ks,"mypass".toCharArray());
ctx= SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), trustAllCerts, new SecureRandom());
SSLContext.setDefault(ctx);
}
public static void main( String[] args ) throws URISyntaxException, Exception
{
setSSLConfigManual();
System.out.println("=============BEGIN HANDSHAKE=============");
testConnect();
System.out.print(">");
System.in.read();
System.out.println("=============END HANDSHAKE=============");
System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
System.out.println("=============BEGIN EXCHANGE_2007 MESSAGE SEND=============");
try{
send2007Message();
} catch (Exception ex){
System.out.println("=============ERROR EXCHANGE_2007 MESSAGE SEND=============");
System.out.print(">");
System.in.read();
ex.printStackTrace();
System.out.print(">");
System.in.read();
}
System.out.println("=============END EXCHANGE_2007 MESSAGE SEND=============");
System.out.println("~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~");
System.out.println("=============BEGIN EXCHANGE_2010 MESSAGE SEND=============");
try{
send2010Message();
} catch (Exception ex){
System.out.println("=============ERROR EXCHANGE_2010 MESSAGE SEND=============");
System.out.print(">");
System.in.read();
ex.printStackTrace();
System.out.print(">");
System.in.read();
}
System.out.println("=============END EXCHANGE_2010 MESSAGE SEND=============");
}
private static void send2010Message() throws ServiceLocalException, Exception, URISyntaxException {
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
ExchangeCredentials credentials = new WebCredentials(
"username",
"userpass","DOMAIN");
service.setCredentials(credentials);
service.setTraceEnabled(true);
service.setUrl(new URI("https://mail.server.country/"));
service.setTimeout(100*1000);
Folder myFolder = new Folder(service);
myFolder.setDisplayName("My EWS Test Folder");
FolderId rootFolderId = new FolderId(WellKnownFolderName.Root, new Mailbox("user@server.country" ));
myFolder.save(rootFolderId);
EmailMessage msg= new EmailMessage(service);
msg.setSubject("Test message "+System.currentTimeMillis());
msg.setBody(MessageBody.getMessageBodyFromText("Sent using the EWS Managed API."));
msg.getToRecipients().add("User@gmail.com");
msg.send();
}
private static void send2007Message() throws ServiceLocalException, Exception, URISyntaxException {
ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);
ExchangeCredentials credentials = new WebCredentials(
"user",
"pass","DOMAIN");
service.setCredentials(credentials);
service.setTraceEnabled(true);
service.setUrl(new URI("https://legacy.server.country"));
service.setTimeout(100*1000);
EmailMessage msg= new EmailMessage(service);
msg.setSubject("Test message "+System.currentTimeMillis());
msg.setBody(MessageBody.getMessageBodyFromText("Sent using the EWS Managed API."));
msg.getToRecipients().add("User@gmail.com");
msg.send();
}
private static void testConnect() throws IOException {
SSLSocketFactory factory = ctx.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) factory.createSocket(
"mail.server.country",443);
sslsocket.setUseClientMode(true);
sslsocket.setSoTimeout(100000);
sslsocket.addHandshakeCompletedListener(new MyHandshakeListener());
sslsocket.startHandshake();
}
public static class MyHandshakeListener implements HandshakeCompletedListener {
public void handshakeCompleted(HandshakeCompletedEvent e) {
System.out.println("Handshake succesful!");
System.out.println("Using cipher suite: " + e.getCipherSuite());
}
}
}
MS Exchange 响应:
403 Forbidden. The page requires a client certificate as part of the authentication process. If you are using a smart card, you will need to insert your smart card to select an appropriate certificate. Otherwise, contact your server administrator. (12213)
握手日志:
counrtrycoden:
init Stores...
***
found key for : inertnal-signed-user-alias-key-bla-bla-bla
chain [0] = [
[
Version: V3
Subject: CN=mycompuser, O=MYCOMP
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: BLABLABLA30690710815572912647945BLABLABLALABLA41197645359BLABLABLA883372709604731441625160BLABLABLA76697727043202584363067604BLABLABLA343388760502527327190704030612675772856546529931228983792825447712271
public exponent: 65537
Validity: [From: Thu Oct 25 09:44:41 MSK 2012,
To: Mon Sep 01 15:04:44 MSK 2014]
Issuer: CN=mycompany External CA, O=mycompany, C=counrtrycode
SerialNumber: [ 13bla267 00bla00 bla]
Certificate Extensions: 9
[1]: ObjectId: 1.bla13549.bla15 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 37 30 35 30 0E 06 08 2A 86 48 86 F7 0D 03 02 .7050...*.H.....
BLABLABLA
[2]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 0C 06 0A 2B 06 01 04 01 82 37 0A .(0&0...+.....7.
BLABLABLA
[3]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 31 30BLABLABLA06 01 04 01 82 37 15 08 84 .10/.'+.....7...
0010: F3 D1 3C 87 F2 87 61 87 BD 9B BLABLABLA01 64 ..5.*...;...>..d
BLABLABLA
[4]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://pki.mycompany.counrtrycode/pki/aia/Cert01.glupka-and-tupka.mcmp.counrtrycode_mycompany%20External%20CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=mycompany%20External%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?cACertificate?base?objectClass=certificationAuthority
,
accessMethod: ocsp
accessLocation: URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/Cert01.glupka-and-tupka.mcmp.counrtrycode_mycompany%20External%20CA.crt
]
]
[5]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: DB F3 38 88 08 D3 25 A2 D6 3E 5A C2 28 6D 21 09 ..8...%..>Z.(m!.
BLABLABLA
]
]
[6]: ObjectId: BLABLABLA.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.mycompany.counrtrycode/pki/cdp/mycompany%20External%20CA.crl, URIName: ldap:///CN=mycompany%20External%20CA,CN=Cert01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/mycompany%20External%20CA.crl]
]]
[7]: ObjectId: BLABLABLA Criticality=false
ExtendedKeyUsages [
1.3.6.1.4.1.311.10.3.4
emailProtection
clientAuth
]
[8]: ObjectId: BLABLABLA Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Data_Encipherment
]
[9]: ObjectId: BLABLABLA Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A4 AD 53 4BLABLABLA8 56 FB 4B 52 E3 09 AD 01 .BLABLABLA.KR....
BLABLABLA X...
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 9A C3 A3 3CBLABLABLAB9 80 8D F9 7CBLABLABLA8 11 EC ...<.S......a...
BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA
SUPERLONGBLABLABLA
...
BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA
BLA0: DA 8FBLABLABLACC 96 B5 69 B2 BLABLABLADB 56 ...o`...i.V..h.V
]
***
trigger seeding of SecureRandom
done seeding SecureRandom
=============BEGIN HANDSHAKE=============
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: tcounrtrycodee
Is initial handshake: tcounrtrycodee
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: tcounrtrycodee
Is initial handshake: tcounrtrycodee
Is secure renegotiation: false
main, setSoTimeout(100000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1362721181 bytes = { 236, 175, 168, 239, 233, 179, 57, 191, 201, 185, 133, 27, 224, 105, 83, 227, 128, 210, 87, 189, 75, 234, 192, 181, 96, 94, 243, 25 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: services.mycompany.counrtrycode]
***
main, WRITE: TLSv1 Handshake, length = 174
main, READ: TLSv1 Handshake, length = 5660
*** ServerHello, TLSv1
RandomCookie: GMT: 1362721181 bytes = { 237, 63, 191, 247, 95, 109, 54, 253, 237, 198, 229, 127, 137, 49, 141, 141, 138, 20, 157, 117, 43, 124, 8, 94, 102, 171, 72, 136 }
Session ID: {8, 30, 0, 0, 253, 200, 140, 197, 123, 73, 65, 166, 251, 106, 43, 119, 244, 46, 193, 144, 144, 57, 178, 24, 197, 204, 154, 63, 191, 102, 249, 105}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=ol.mycompany.counrtrycode, OU=IT, O=mycompany, L=supercity, ST=counrtrycode, C=counrtrycode
Signature Algorithm: SHA1withRSA, OID = BLA.2.BLABLA.BLA.49.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA890852115164310867BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA2675606906943672823219951400362124850736118214751967190281153250333278526809862357346858437645387972960703158481657469928478498122472555889883930655301090187944200780810614568244173675337773013453127652176661961716518027910113380649734092379900012537169502795030097799607532413142973889150997564045268730052023211864684133008169849100098476577268849374370540710200206831212156277099733103668127156062641899305BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA
public exponent: 65537
Validity: [From: Thu Nov 15 08:56:19 MSK 2012,
To: Mon Sep 01 15:04:44 MSK 2014]
Issuer: CN=mycompany External CA, O=mycompany, C=counrtrycode
SerialNumber: [ 221f33ee 00000000 8011]
Certificate Extensions: 9
[1]: ObjectId: 1.3.BLABLA311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0BLA06 08 2B BLA05 BLA3 01 ..BLA...+BLA....
[2]: ObjectId: BLABLA.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: BLA30 2F 06 27 2B 06 01 04 01 82BLA 08 84 .10/.'+.....7...
BLABLA ...
[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://pki.mycompany.counrtrycode/pki/aia/Cert01.glupka-and-tupka.mcmp.counrtrycode_mycompany%20External%20CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=mycompany%20External%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?cACertificate?base?objectClass=certificationAuthority
,
accessMethod: ocsp
accessLocation: URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/Cert01.glupka-and-tupka.mcmp.counrtrycode_mycompany%20External%20CA.crt
]
]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: DB F3 38 88 08 D3 25 A2 D6 3E 5A C2 28 6D 21 09 ..8...%..>Z.(m!.
BLABLA ....
]
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.mycompany.counrtrycode/pki/cdp/mycompany%20External%20CA.crl, URIName: ldap:///CN=mycompany%20External%20CA,CN=Cert01,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/mycompany%20External%20CA.crl]
]]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
]
[8]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: services.mycompany.counrtrycode
DNSName: autodiscover.mycompany.counrtrycode
DNSName: post.mycompany.counrtrycode
]
[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 22 4D BLABLA 68 FB FA 94 BLABLAEE 12 "M.L.h...9Y.....
BLABLA
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 1C B5 34 B8 79 83 40 8F 65 0F 22 63 46 EC F5 C4 ..4.y.@.e."cF...
0010: 71 01 19 B1 2D 08 D5 0A 0E 5C 01 C4 68 A8 E9 7D q...-....\..h...
0020: EC 29 65 F5 DD 7C C5 75 4F 51 D2 07 3D 14 44 E5 .)e....uOQ..=.D.
0030: E5 4E 7C 39 F3 50 CA 69 FF 44 3E 01 0F A7 BF BF .N.9.P.i.D>.....
BLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLABLA
...
BLABLABLABLABLABLABLABLA
01F0: CB EF A7 1C 85 77 91 AF AF 5C C3 E9 40 20 24 6E .....w...\..@ $n
]
chain [1] = [
[
Version: V3
Subject: CN=mycompany External CA, O=mycompany, C=counrtrycode
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: BLABLABLABLABLABLABLABLABLABLABLABLA98237839144558867BLABLA952659709867024101076930335BLABLA3611BLABLA3074298630BLABLA
Validity: [From: Wed Sep 01 14:54:44 MSD 2010,
To: Mon Sep 01 15:04:44 MSK 2014]
Issuer: CN=mycompany Root CA, O=mycompany, C=counrtrycode
SerialNumber: [ 6BLABLAe5f 00000000 000a]
Certificate Extensions: 8
[1]: ObjectId: BLABLA.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 0BLABLAA 00 53 00 75 00 62 BLABLA3 00 41 .....S.u.b.C.A
[2]: ObjectId: BLABLA1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04BLABLA1 00 .....
[3]: ObjectId: BLABLA7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: caIssuers
accessLocation: URIName: http://pki.mycompany.counrtrycode/pki/aia/mycompany%20Root%20CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=mycompany%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?cACertificate?base?objectClass=certificationAuthority
,
accessMethod: caIssuers
accessLocation: URIName: ldap:///CN=mycompany%20Root%20CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=ca,DC=mcmp,DC=counrtrycode?cACertificate?base?objectClass=certificationAuthority
,
accessMethod: caIssuers
accessLocation: URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/rootca_mycompany%20Root%20CA.crt
,
accessMethod: caIssuers
accessLocation: URIName: http://intpki.ca.mcmp.counrtrycode/CertEnroll/rootca_mycompany%20Root%20CA.crt
]
]
[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4BLABLAF2 BB 22 B0 DB 4E ACBLABLA85 20 A..@<.."..N....
0010: BLABLA 02 .*..
]
]
[5]: ObjectId: BLABLA.19 Criticality=tcounrtrycodee
BasicConstraints:[
CA:tcounrtrycodee
PathLen:0
]
[6]: ObjectId: BLABLA.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://pki.mycompany.counrtrycode/pki/cdp/mycompany%20Root%20CA.crl, URIName: ldap:///CN=mycompany%20Root%20CA,CN=rootca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=glupka-and-tupka,DC=mcmp,DC=counrtrycode?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: ldap:///CN=mycompany%20Root%20CA,CN=rootca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=ca,DC=mcmp,DC=counrtrycode?certificateRevocationList?base?objectClass=cRLDistributionPoint, URIName: http://extpki.glupka-and-tupka.mcmp.counrtrycode/CertEnroll/mycompany%20Root%20CA.crl, URIName: http://intpki.ca.mcmp.counrtrycode/CertEnroll/mycompany%20Root%20CA.crl]
]]
[7]: ObjectId: BLABLA29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[8]: ObjectId: BLABLA.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: DB F3 38 88 08 D3 25 A2 D6 3E BLABLAD 21 09 ..8...%..>Z.(m!.
BLABLA ....
]
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 62 85 DBLABLAA0 A9 74 3ABLABLA 78 3BLABLA 3A 93 b...h0..t:.x6Q:.
BLABLABLABLABLABLA
01F0: 06 D8 BLABLA 34 28 32 01 6A 4BLABLA E7 EC ......r4BLABLA
]
***
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<CN=CERTBServer, DC=glupka-and-tupka, DC=mcmp, DC=counrtrycode>
<CN=mycompany Root CA, O=mycompany, C=counrtrycode>
<OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US>
<CN=GTE CyberTcounrtrycodest Global Root, OU="GTE CyberTcounrtrycodest Solutions, Inc.", O=GTE Corporation, C=US>
<CN=Symantec Root CA, O=Symantec Corporation>
<CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.>
<CN=Symantec Root 2005 CA, O=Symantec Corporation, C=US>
<CN=Microsoft Root Certificate Authority, DC=microsoft, DC=com>
<CN=NT AUTHORITY>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 269
SESSION KEYGEN:
PreMaster Secret:
0000: 03 BLABLA 57 E5 32 68 13 0F BLABLAD C1 1B ...BLABLA....
0010: 01 DE 2F FD C6 89 8B DF 24 55BLABLA8 DB 8A 2F ../...BLABLA.(../
0020: A1 0BLABLA59 7A 5B 34 2BLABLA6 93 67 1D 43 .....BLABLA.g.C
CONNECTION KEYGEN:
Client Nonce:
0000: 51 39BLABLAA8 EF E9 B3 39 BF BLABLA 85 1B BLABLA9.....
0010: E0 69 53 BLABLA2 57 BD 4B EA C0 B5 60 5E F3 19 .iS.BLABLA..`^..
Server Nonce:
0000: 51 39 BLABLA ED 3F BF F7 5F 6DBLABLA C6 E5 7F Q9z..BLABLA6.....
0010: 89 31 8D 8D 8A 14 9D 75 2B 7C 08 5E 66 AB 48 88 .1....BLABLA.H.
Master Secret:
0000: B5 3BLABLA02 45 BLABLA2A 21 49 B4 .8.BLABLA!I.
0010: DC E7BLABLA36 7E 4E 22 79 60 BLABLA75 CD 26 ....6.BLABLAu.&
0020: 2D 6BLABLAD2 1E 29 7EBLABLA7D 63 9E -h..BLABLA...c.
Client MAC write Secret:
0000: 38 BLABLAB 0D 91 8D 67 8BLABLA40 81 8.BLABLA..b@.
0010: 0D C5 4D D6 ..M.
Server MAC write Secret:
0000: 42BLABLA 79 98 BD 57 50BLABLA D2 25 36 B..BLABLAPm..%6
0010: D4 8F E9 06 ....
Client write key:
0000: CBLABLAF 76 82 31 06 3FBLABLA41 6D ....BLABLA..Am
Server write key:
0000: 1BLABLABLABLA F3 A1 3BLABLABLABLA 24 .BLABLA...<.BLABLA.$
Client write IV:
0000: BLABLA3 28 09 AD 68 AD 1BLABLA7 76 86 .(.BLABLA.h..ugv.
Server write IV:
0000: BLABLAC 8F E2 CC EA 5A BLABLA1 BC BD BC BLABLA.....
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { BLA, 165, 142, 254, 222, BLA, 58, 72, BLA, 131, 19, 122 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data: { 73, BLA, 110, BLA, 55, 62, BLA, 155, 179, BLA, 90, 19 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
>Handshake succesful!
Using cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA
最佳答案
该问题是由于 EWSJavaAPI 的实现和我自己使用客户端证书进行双向身份验证的必要性同时出现的。
首先我们应该正确初始化上下文。EWSJavaAPI 使用不再受支持的 apache commons HttpClient 3.1,已移至另一个包 httpcomponents。但我们使用旧版,看起来很有效。我们初始化SSlContext,然后创建SSL套接字工厂,并向该工厂注册协议(protocol)。
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("cert.pfx"),"pass".toCharArray());
System.out.println("init Stores...");
ctx = SSLContext.getInstance("TLS");
ctx.init(new KeyManager[] { new MyKeyManager(ks, "pass") }, trustAllCerts, new SecureRandom());
SSLContext.setDefault(ctx);
ProtocolSocketFactory psf = new SSLProtocolSocketFactory();
Protocol https = new Protocol("https", psf, 443);
Protocol.registerProtocol("https", https);
MyKeyManager 的样子:
public class MyKeyManager extends X509ExtendedKeyManager {
KeyStore keystore = null;
String password = null;
public MyKeyManager(KeyStore keystore, String password) {
this.keystore = keystore;
this.password = password;
}
@Override
public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
return ""; // can't be null
}
@Override
public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) {
return null;
}
@Override
public X509Certificate[] getCertificateChain(String arg0) {
try {
X509Certificate[] result = new X509Certificate[keystore.getCertificateChain(keystore.aliases().nextElement()).length];
for (int i = 0; i < result.length; i++){
result[i] = (X509Certificate) keystore.getCertificateChain(keystore.aliases().nextElement())[i];
}
return result;
} catch (Exception e) {
}
return null;
}
@Override
public String[] getClientAliases(String arg0, Principal[] arg1) {
try {
return new String[] { keystore.aliases().nextElement() };
} catch (Exception e) {
return null;
}
}
@Override
public PrivateKey getPrivateKey(String arg0) {
try {
return ((KeyStore.PrivateKeyEntry) keystore.getEntry(keystore.aliases().nextElement(),
new KeyStore.PasswordProtection(password.toCharArray()))).getPrivateKey();
} catch (Exception e) {
}
return null;
}
@Override
public String[] getServerAliases(String arg0, Principal[] arg1) {
return null;
}
}
在 EmailMessage.send() 期间,我们将访问 microsoft.exchange.webservices.data.HttpClientWebRequest 。还有......惊喜:
@Override
public void prepareConnection() throws EWSHttpException {
// ...
Protocol.registerProtocol("https",
new Protocol("https", new EwsSSLProtocolSocketFactory(), 443));
// ...
}
我们重新注册套接字工厂,我们的证书将永远不会被填充。让我们看看什么是 EwsSSLProtocolSocketFactory:
public EwsSSLProtocolSocketFactory() {
super();
}
private static SSLContext createEasySSLContext() {
try {
SSLContext context = SSLContext.getInstance("SSL");
context.init(
null,
new TrustManager[] {new EwsX509TrustManager(null, trustManager)},
null);
return context;
} catch (Exception e) {
System.out.println(e.getMessage()+e);
throw new HttpClientError(e.toString());
}
}
private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createEasySSLContext();
}
return this.sslcontext;
}
将使用 super 容易创建的 SSLContext。它不允许使用自己的 key ,仅检查受信任的证书并且仅来自默认的/usr/local/java/1.7.X/../cacerts 。
幸运的是,提供了源代码,并且我们第一次可以评论“Protocol.registerProtocol”,它解决了问题。
关于java - SSLContext 证书链未填充到上下文中,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/15283682/
24
4
0
我找到了 this excellent question and answer它以 x/y(加上 center x/y 和 degrees/radians)开始并计算旋转- 到 x'/y'。这个计算很
全部: 我已经创建了一个 Windows 窗体和一个按钮。在另一个线程中,我试图更改按钮的文本,但它崩溃了;但是如果我尝试更改按钮的颜色,它肯定会成功。我认为如果您更改任何 Windows 窗体控件属
本网站的另一个问题已证实,C 中没有缩写的字面后缀,并且可以执行以下操作: short Number = (short)1; 但是转换它和不这样做有什么区别: short Number = 1; 您使
我有下表: ID (int) EMAIL (varchar(50)) CAMPAIGNID (int) isSubscribe (bit) isActionByUser (bit) 此表存储了用户对事
也就是说,无需触发Javascript事件即可改变的属性,如何保留我手动选中或取消选中的复选框的状态,然后复制到另一个地方? 运行下面的代码片段并选中或取消选中其中的一些,然后点击“复制”: $('#
我在网上找到的所有关于递增指针导致段错误的示例都涉及指针的取消引用 - 如果我只想递增它(例如在 for 循环的末尾)并且我不在乎它是否最终进入无效内存,因为我不会再使用它。例如,在这个程序中,每次迭
我有一个 Spring MVC REST 服务,它使用 XStream 将消息与 XML 相互转换。 有什么方法可以将请求和响应中的 xml(即正文)打印到普通的 log4j 记录器? 在 Contr
做我的任务有一个很大的挑战,那就是做相互依赖的任务我在这张照片中说的。假设我们有两个任务 A 和 B,执行子任务 A1、A2 和 B1、B2,假设任务 B 依赖于 A。 要理想地执行任务 B,您应该执
通过阅读该网站上的几个答案,我了解到 CoInitialize(Ex) should be called by the creator of a thread 。然后,在该线程中运行的任何代码都可以使
这个问题已经困扰我一段时间了。我以前从未真正使用过 ListViews,也没有使用过 FirebaseListAdapters。我想做的就是通过显示 id 和用户位置来启动列表的基础,但由于某种原因,
我很难解释这两个(看似简单)句子的含义: “受检异常由编译器在编译时检查” 这是什么意思?编译器检查是否捕获了所有已检查的异常(在代码中抛出)? “未经检查的异常在运行时检查,而不是编译时” 这句话中
我有一个包含排除子字符串的文本文件,我想迭代该文件以检查并返回不带排除子字符串的输入项。 这里我使用 python 2.4,因此下面的代码可以实现此目的,因为 with open 和 any 不起作用
Spring 的缓存框架能否了解请求上下文的身份验证状态,或者更容易推出自己的缓存解决方案? 最佳答案 尽管我发现这个用例 super 奇怪,但您可以为几乎任何与 SpEL 配合使用的内容设置缓存条件
我有以下函数模板: template HeldAs* duplicate(MostDerived *original, HeldAs *held) { // error checking omi
如果我的应用程序具有设备管理员/设备所有者权限(未获得 root 权限),我如何才能从我的应用程序中终止(或阻止启动)另一个应用程序? 最佳答案 设备所有者可以阻止应用程序: DevicePolicy
非常简单的问题,但我似乎无法让它正常工作。 我有一个组件,其中有一些 XSLT(用于导航)。它通过 XSLT TBB 使用 XSLT Mediator 发布。 发布后
我正在将一个对象拖动到一个可拖放的对象内,该对象也是可拖动的。放置对象后,它会嵌套在可放置对象内。同样,如果我将对象拖到可放置的外部,它就不再嵌套。 但是,如果我经常拖入和拖出可放置对象,则可拖动对象
我正在尝试为按钮和弹出窗口等多个指令实现“取消选择”功能。也就是说,我希望当用户单击不属于指令模板一部分的元素时触发我的函数。目前,我正在使用以下 JQuery 代码: $('body').click
我从 this question 得到了下面的代码,该脚本用于在 Google tasks 上更改 iframe[src="about:blank"] 内的 CSS使用 Chrome 扩展 Tempe
我有一些 @Mock 对象,但没有指定在该对象上调用方法的返回值。该方法返回 int (不是 Integer)。我很惊讶地发现 Mockito 没有抛出 NPE 并返回 0。这是预期的行为吗? 例如:
我是一名优秀的程序员,十分优秀!