JSSE中的连接重置

Question

我试着做基于客户端服务器的ssl，

以下是我的服务器代码：

 public static void main(String arg[]){

 try {
 KeyStore keyStore = KeyStore.getInstance("jks");

 InputStream inputStream;
 try {
 inputStream = new FileInputStream(ITestEncryptionConstants.SSLKEYSTORE);
 keyStore.load(inputStream,
 ITestEncryptionConstants.SSLPASSWORD.toCharArray());
 TrustManagerFactory trustManagerFactory =
 TrustManagerFactory.getInstance("PKIX", "SunJSSE");
 trustManagerFactory.init(keyStore);

 X509TrustManager x509TrustManager = null;
 for (TrustManager trustManager : trustManagerFactory.getTrustManagers())
 {
 if (trustManager instanceof X509TrustManager) {
 x509TrustManager = (X509TrustManager) trustManager;
 break;
 }
 }

 KeyManagerFactory keyManagerFactory =
 KeyManagerFactory.getInstance("SunX509", "SunJSSE");
 keyManagerFactory.init(keyStore,
 ITestEncryptionConstants.SSLPASSWORD.toCharArray());

 X509KeyManager x509KeyManager = null;
 for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
 if (keyManager instanceof X509KeyManager) {
 x509KeyManager = (X509KeyManager) keyManager;
 break;
 }
 }

 SSLContext sslContext = SSLContext.getInstance("TLS");

 sslContext.init(new KeyManager[]{x509KeyManager},
 new TrustManager[]{x509TrustManager}, null);

 SSLServerSocketFactory factory =
 sslContext.getServerSocketFactory();//(SSLServerSocketFactory )
 SSLServerSocketFactory .getDefault();

 SSLServerSocket sslSock =
 (SSLServerSocket)factory.createServerSocket(8096);
 SSLSocket c = (SSLSocket)sslSock.accept();
 PrintWriter out =new PrintWriter(c.getOutputStream(),true);
 InputStream in = c.getInputStream();
in.close();
 out.close();


 } catch (FileNotFoundException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (NoSuchAlgorithmException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (CertificateException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (IOException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (NoSuchProviderException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (UnrecoverableKeyException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 } catch (KeyManagementException e) {
 // TODO Auto-generated catch block
 e.printStackTrace();
 }

 } catch (KeyStoreException e1) {
 // TODO Auto-generated catch block
 e1.printStackTrace();
 }



 }

这是我的客户代码：

 public static void main(String[] args) {

 try{
 // // register a https protocol handler - this may be required for previous JDK versions
 //
 System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");



 System.out.println("Ok passed.");
 //connect to google
 SSLSocketFactory factory = (SSLSocketFactory)
 SSLSocketFactory.getDefault();
 SSLSocket sslSock = (SSLSocket) factory.createSocket("localhost",8096);

 //send HTTP get request
 PrintWriter out = new PrintWriter(sslSock.getOutputStream(), true);
 BufferedReader in = new BufferedReader(new
 InputStreamReader(sslSock.getInputStream()));

 out.println("--------------------------> It works!!!");
 System.out.println("Written to server.");

 // read response
 StringBuffer buf = new StringBuffer();
 String line = "";
 while ((line = in.readLine()) != null) {
 System.out.println("Received : " + line);
 buf.append(line);
 }
 System.out.println("Read from server: " + buf.toString());

 in.close();
 out.close();
 // Close connection.
 sslSock.close();

 }catch(Exception ex){
 ex.printStackTrace();
 }
 }

但是，我在客户端得到了以下错误：

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset

有人能帮助我的代码出了什么问题吗？

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
    at sun.security.ssl.SSLSocketImpl.checkEOF(Unknown Source)
    at sun.security.ssl.AppInputStream.read(Unknown Source)
    at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
    at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
    at sun.nio.cs.StreamDecoder.read(Unknown Source)
    at java.io.InputStreamReader.read(Unknown Source)
    at java.io.BufferedReader.fill(Unknown Source)
    at java.io.BufferedReader.readLine(Unknown Source)
    at java.io.BufferedReader.readLine(Unknown Source)
    at ripl.jing.security.encryptor.tlsservice.TestJingClient.main(TestJingClient.java:85)
Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset

Answer 1

(对不起，我只是想对EJP现在删除的答案发表评论。)

服务器代码说：

SSLSocket c = (SSLSocket)sslSock.accept();
PrintWriter out =new PrintWriter(c.getOutputStream(),true);
InputStream in = c.getInputStream();
in.close();
out.close();

也就是说，I/O流(以及套接字)在接受套接字后立即关闭。因此，客户端上出现了一条错误消息，表示连接已被远程方关闭，这并不令人感到意外。

这与this question中的问题大致相同:只获取I/O流，不尝试从它们读取/写入流，也不尝试任何其他隐式触发握手(从流读取或尝试获取SSLSession)或显式(调用startHandshake)的操作，这意味着握手不会在服务器上启动。因此，客户端抛出此异常，因为连接在其启动的握手过程中中断。

Answer 2

我不知道你说的是什么证书，或者是什么更改，但这里唯一的问题是，您从客户端发送了一条从来不被读取的行，并且在客户机中读取一条从未发送过的行。当对等点已经关闭连接时，发送从未读取的数据将导致连接重置。

注:从十多年前的Java1.4开始，您就不需要设置java.protocol.handler.pkgs了。您可以通过以下方式完成服务器代码中的所有设置

System.setProperty("javax.net.ssl.keyStore", ITestEncryptionConstants.SSLKEYSTORE);
System.setProperty("javax.net.ssl.keyStorePassword", ITestEncryptionConstants.SSLPASSWORD);
SSLContext sslContext = SSLContext.getDefault();
SSLServerSocketFactory factory =
    sslContext.getServerSocketFactory();//(SSLServerSocketFactory )

这句话：

SSLServerSocketFactory .getDefault();

什么都不做。