2
我试图使用Smack 4.0.5 Api连接到Vines XMPP,作为面向对象的软件的一部分,这些软件指导测试工作示例。我一直在努力寻找描述如何使用TLS进行连接的任何文档。几个线程都呈现样本像下面,但(我认为安全)选项失败,因为:与Smack 4.0的简单示例TLS客户端连接*
ConnectionConfiguration connectionConfig = new ConnectionConfiguration(XMPP_HOSTNAME, 5222);
connectionConfig.setDebuggerEnabled(true);
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLS");
TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s)
throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
sslContext.init(null, new TrustManager[] {tm}, null);
connectionConfig.setCustomSSLContext(sslContext);
this.connection = new XMPPTCPConnection(connectionConfig);
this.connection.connect();
this.connection.login(format(ITEM_ID_AS_LOGIN, itemId), AUCTION_PASSWORD, AUCTION_RESOURCE);
} catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("connecting failed", e);
}
与
org.jivesoftware.smack.sasl.SASLErrorException: SASLError using PLAIN: not-authorized
at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:348)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.login(XMPPTCPConnection.java:244)
at uk.me.paulswilliams.auction.fakes.FakeAuctionServer.<init>(FakeAuctionServer.java:60)
at uk.me.paulswilliams.auction.AuctionSniperEndToEndTest.<init>(AuctionSniperEndToEndTest.java:10)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
at org.junit.runners.BlockJUnit4ClassRunner.createTest(BlockJUnit4ClassRunner.java:195)
at org.junit.runners.BlockJUnit4ClassRunner$1.runReflectiveCall(BlockJUnit4ClassRunner.java:244)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.BlockJUnit4ClassRunner.methodBlock(BlockJUnit4ClassRunner.java:241)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:74)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:211)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
藤呈现自签名证书,我试图实现
try {
ConnectionConfiguration connectionConfig = new ConnectionConfiguration(XMPP_HOSTNAME, 5222);
connectionConfig.setSecurityMode(ConnectionConfiguration.SecurityMode.required);
this.connection = new XMPPTCPConnection(connectionConfig);
this.connection.connect();
this.connection.login(format(ITEM_ID_AS_LOGIN, itemId), AUCTION_PASSWORD, AUCTION_RESOURCE);
}
catch (Exception e) {
e.printStackTrace();
throw new RuntimeException("connection failed");
}
然而,在日:由公共证书复制到客户端,使用OS X上的Java控制面板对其进行注册,并与下面的代码使用它的“安全”的方式是的情况下,我不断收到:
Nov 13, 2014 8:49:11 PM org.jivesoftware.smack.XMPPConnection callConnectionClosedOnErrorListener
WARNING: Connection closed with error
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
我怀疑两者都接近工作,并且,由于这项工作的性质,安全性确实不是一个考虑因素。
编辑:
现在我已经试图导入藤证书到我的JVM梯形校正使用:
sudo /Library/Java/Home/bin/keytool --import --alias "localhost" -file localhost.crt -keystore /Library/Java/Home/lib/security/cacerts
我指定别名相匹配的服务器名的“localhost”虽然服务器也被称为'rails-dev-box',但我没有在java客户端中使用该名称。我是否也需要导入ca-bundle.crt CA? Java是否应该根据服务器名称选择此证书,还是我需要明确指示Java这样做?