web-dev-qa-db-ja.com

Webソケットサーバーに接続しようとすると、X509TrustManager実装が利用できないというエラーが表示され続ける

セキュアWebソケットを使用するJavaアプリケーションに、Webソケットサーバーに接続するための次のコードがあります。

_private boolean openConnection(boolean tried) {
    String sslFile = 
        ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslfile"); 
    String sslPassword = 
        ConfigMgr.getValue(Constants.SSL_CFG_NAME, "sslpassword"); 
    try {
        System.setProperty("javax.net.ssl.trustStore",
                //sslFile);
        System.setProperty("javax.net.ssl.trustStorePassword", sslPassword);
        System.out.println(System.getProperty("javax.net.ssl.trustStore"));
        System.out.println(System.getProperty("javax.net.ssl.trustStorePassword"));
    } catch (Exception e) {
        if (!tried) {
            logger.error("unable to get certificates", e);
        }
        return false;
    }
    try {
        WebSocketContainer container = ContainerProvider
                .getWebSocketContainer();
        container.connectToServer(this, new URI(websocketServer));
    } catch (Exception e) {
        // only log error trying to connection to web application first
        // time
        if (!tried) {
            logger.error("error while trying to connect daemon to websocket"
                    + " server", e);
        }
        return false;
    }
    return true;
}
_

私のプリントステートメントから見ることができます

_ System.setProperty("javax.net.ssl.trustStorePassword", sslPassword);
_

そして

_System.out.println(System.getProperty("javax.net.ssl.trustStore"));
_

正しいパスワードと証明書(この場合は_.cer_)と内容

_-----BEGIN CERTIFICATE-----
MIIDmTCCAoGgAwIBAgIEB/pKmDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCUEExGDAWBgNVBAcTD0ZvcnQgV2FzaGluZ3RvbjEXMBUGA1UE
ChMOTWlrcm9zIFN5c3RlbXMxFzAVBgNVBAsTDk1pa3JvcyBTeXN0ZW1zMRUwEwYD
VQQDEwxKYXNvbiBSaWNsZXMwHhcNMTYwNjIyMTcwOTQ0WhcNMTYwOTIwMTcwOTQ0
WjB9MQswCQYDVQQGEwJVUzELMAkGA1UECBMCUEExGDAWBgNVBAcTD0ZvcnQgV2Fz
aGluZ3RvbjEXMBUGA1UEChMOTWlrcm9zIFN5c3RlbXMxFzAVBgNVBAsTDk1pa3Jv
cyBTeXN0ZW1zMRUwEwYDVQQDEwxKYXNvbiBSaWNsZXMwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCsha/dfnWIibmtySZuE8H+3AOa8/QuARKsFgmZJmWZ
ZErjlzN6liUO1Q9pzYXoka69tiIOw0KDWwGAHCAK8mjNpdcs9XiYq3QMZjNAUhqP
rRU5oDn9jwCwQnpepBhH6uiMaBcvrMsvLTaD4HvwoVyMROEhIWywBYMdHk86gcGr
ALz+iMhE8017CAA2n/35fqwDjxeGxDgY3Ove/fTKoeA+ItKOwsYeFZUeej9omTz+
UcdXJ6fu312At/Sh7YZpgP3LsX+rMfdD9sHn80UTy46UoT5UNW0Me40+S47/oh4H
VeOeR5XpcBPHnqbAJAvPAqD/sF9xbvhESwfoSkMB26drAgMBAAGjITAfMB0GA1Ud
DgQWBBQ7YV0yIawkjCCp0crz52BGwMPHnzANBgkqhkiG9w0BAQsFAAOCAQEAdmwo
8ZXZMxKzyfolVKj2UQBzkeSies133nRns0jFbkzm8N4lNtcWiShfLtlTQAuUZNMl
JK7Eax+weLq7tNMZyBdLWse8E4oe8m3XY/Xe7oQGs2EzdlHVZk7JuDHU63mC33cz
xvoNutE+y1Zonce9WaxACuNNMuxyYTVg6yqz/psjYE2YOajc1MmXjI38FkfmQ1bL
ByeNEvnLT1IcQ0OmaSuk2ESj144y/EtkN9/GKFOTPjSRL3zIStNBytn7WNlFV/ch
qaF/eOJRQMlHDosX40IrkHHIoc/pbTKYmjoreC/+biMKc0gUk+EN/uBrcJrVRFnl
dXTNJe6/sNzvkTc/IA==
-----END CERTIFICATE-----
_

正しく設定されています。

しかし、コードを実行すると、container.connectToServer(this, new URI(websocketServer));が実行されたときに次のエラーが出力されます

_    javax.websocket.DeploymentException: The HTTP request to initiate the WebSocket connection failed
        at org.Apache.Tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.Java:434) ~[Tomcat7-websocket.jar:7.0.68]
        at org.Apache.Tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.Java:184) ~[Tomcat7-websocket.jar:7.0.68]
        at 
cored.web.CoreWebSocket.openConnection(CoreWebSocket.Java:278) [cored.jar:3.0.10.160712122615]
        at cored.web.CoreWebSocket.establishConnection(CoreWebSocket.Java:1150) [cored.jar:3.0.10.160712122615]
        at 
cored.web.CoreWebSocket.access$100(CoreWebSocket.Java:85) [cored.jar:3.0.10.160712122615]
        at 
cored.web.CoreWebSocket$2.execute(CoreWebSocket.Java:138) [cored.jar:3.0.10.160712122615]
        at utils.AThread.run(AThread.Java:51) 
[utils.jar:3.0.10.160712122615]
    Caused by: Java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at org.Apache.Tomcat.websocket.AsyncChannelWrapperSecure$WrapperFuture.get(AsyncChannelWrapperSecure.Java:511) ~[Tomcat7-websocket.jar:7.0.68]
        at org.Apache.Tomcat.websocket.WsWebSocketContainer.connectToServer(WsWebSocketContainer.Java:379) ~[Tomcat7-websocket.jar:7.0.68]
        ... 6 more
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at Sun.security.ssl.Handshaker.checkThrown(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.SSLEngineImpl.writeAppRecord(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.SSLEngineImpl.wrap(Unknown Source) ~[?:1.8.0_92]
        at javax.net.ssl.SSLEngine.wrap(Unknown Source) ~[?:1.8.0_92]
        at org.Apache.Tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.Java:371) ~[Tomcat7-websocket.jar:7.0.68]
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at Sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker.fatalSE(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at Java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[?:1.8.0_92]
        at org.Apache.Tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.Java:397) ~[Tomcat7-websocket.jar:7.0.68]
    Caused by: Java.security.cert.CertificateException: No X509TrustManager implementation available
        at Sun.security.ssl.DummyX509TrustManager.checkServerTrusted(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker.processLoop(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$1.run(Unknown Source) ~[?:1.8.0_92]
        at Java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_92]
        at Sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source) ~[?:1.8.0_92]
        at org.Apache.Tomcat.websocket.AsyncChannelWrapperSecure$WebSocketSslHandshakeThread.run(AsyncChannelWrapperSecure.Java:397) ~[Tomcat7-websocket.jar:7.0.68]
_

私が使用している_.cer_ファイルは、Tomcat Webサーバーでも使用されており、問題がないため、破損していないことがわかっています。

この_No X509TrustManager implementation available_エラーの原因は何ですか?

javasslwebsocketx509certificatejava-security
8
jgr208

.cerファイルは、トラストストアの有効なタイプではありません。システム変数javax.net.ssl.trustStoreTypeを使用してタイプを設定できます。デフォルトではJKSに設定されています。たとえば、PKCS12を使用することもできます。

JKSファイルを作成し、.cerファイルを含める必要があります。 trusttoreのパスワードも構成します

System.setProperty("javax.net.ssl.trustStore", "path/to/truststore");
System.setProperty("javax.net.ssl.trustStorePassword", truststorepassword);

.cerファイルをJKSにインポートするには

keytool -importcert -file certificate.cer -keystore keystore.jks -alias "Alias"
11
pedrofb