尝试失败
最后log:握手失败
分析原因:不确定是不是因为没有签名的ca证书,需要正式机构签名。此次尝试只是个人尝试
此次尝试目的:
1、抱着实现TLS认证的心态 30%
2、学习XMPP交互流程引发的
本人想打印Smack 和 Openfire中协议交互的log,客户端和服务端都打印,同时可以自己加log,并不是单单开启Smack jar包中的log。Openfire源码导入eclipse编译成功,但是控制台中文乱码,不影响,可以使用英文。Smack源码 导入Android Studio,网上没有可行的方案(如果有,请告知,小编这里说的不是gradle引入方案,是将Smack源码作为库引入工程,同时可以修改Smack代码的方案),最后小编想到一个办法,从github中下载Smack源码,将工程中使用到的Smack代码 从Smack源中拷贝出来到工程目录下,最后还需要修改拷贝工程中的Smack代码版本,最后XMPP登录的时候必须要TLS验证,就做了这次尝试,这里总结失败经验。
04-01 07:14:58.769 29792-30151/com.wqx.dowa I/SMACK: SENT (0): <stream:stream xmlns='jabber:client' to='192.168.1.102' xmlns:stream='http://etherx.jabber.org/streams' version='1.0' xml:lang='en'>
04-01 07:14:58.776 29792-30152/com.wqx.dowa I/SMACK: RECV (0): <?xml version='1.0' encoding='UTF-8'?><stream:stream xmlns:stream="http://etherx.jabber.org/streams" xmlns="jabber:client" from="127.0.0.1" id="1dysz6zvmb" xml:lang="en" version="1.0">
04-01 07:14:58.782 29792-30152/com.wqx.dowa I/SMACK: RECV (0): <stream:features><starttls xmlns="urn:ietf:params:xml:ns:xmpp-tls"></starttls><mechanisms xmlns="urn:ietf:params:xml:ns:xmpp-sasl"><mechanism>PLAIN</mechanism></mechanisms><compression xmlns="http://jabber.org/features/compress"><method>zlib</method></compression><ver xmlns="urn:xmpp:features:rosterver"/><register xmlns="http://jabber.org/features/iq-register"/></stream:features>
04-01 07:14:58.783 29792-30151/com.wqx.dowa I/SMACK: SENT (0): <starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'></starttls>
04-01 07:14:58.787 29792-30152/com.wqx.dowa I/SMACK: RECV (0): <proceed xmlns="urn:ietf:params:xml:ns:xmpp-tls"/>
04-01 07:14:58.803 29792-30152/com.wqx.dowa W/AbstractXMPPConnection: Connection XMPPTCPConnection[not-authenticated] (0) closed with error
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
04-01 07:14:58.805 29792-30149/com.wqx.dowa E/com.wqx.dowa.smack.SmackImpl: LogUtils:login(): org.jivesoftware.smack.SmackException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1069)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
Caused by: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:563)
at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:444)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:401)
at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:375)
at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:304)
at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:178)
at com.android.org.conscrypt.OpenSSLSocketImpl.verifyCertificateChain(OpenSSLSocketImpl.java:596)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:357)
at com.android.org.conscrypt.OpenSSLSocketImpl.waitForHandshake(OpenSSLSocketImpl.java:682)
at com.android.org.conscrypt.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:644)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
at java.lang.Thread.run(Thread.java:776)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at com.wqx.dowa.smack.SmackImpl.login(SmackImpl.java:420)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.initReaderAndWriter(XMPPTCPConnection.java:650)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.proceedTLSReceived(XMPPTCPConnection.java:800)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection.access$1200(XMPPTCPConnection.java:151)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.parsePackets(XMPPTCPConnection.java:1064)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader.access$300(XMPPTCPConnection.java:993)
04-01 07:14:58.808 29792-30149/com.wqx.dowa W/System.err: at org.jivesoftware.smack.tcp.XMPPTCPConnection$PacketReader$1.run(XMPPTCPConnection.java:1009)
1.4 修改初始密码
进入Openfire安装目录 \resources\security有keystore和truststore 2个文件,初始密码是changit。
修改初始密码,命令:
keytool -storepasswd -keystore keystore -storepass changeit -new 123456
keytool -storepasswd -keystore truststore -storepass changeit -new 123456
keytool -storepasswd -keystore client.truststore -storepass changeit -new 123456
2.准备证书
2.1 导出默认证书
keystore中有2个签名证书,home_rsa,home_dsa, 其中home是你在配置opefire时自定义的服务器域名(我已经修改为127.0.0.1)。使用以下命令将其导出。
keytool -exportcert -alias 127.0.0.1_rsa -file 127.0.0.1_rsa.cer -keystore keystore -storepass 123456
keytool -exportcert -alias 127.0.0.1_dsa -file 127.0.0.1_dsa.cer -keystore keystore -storepass 123456
把证书导入客户端信任证书库,truststore, client.truststore
keytool -importcert -alias 127.0.0.1_rsa -file 127.0.0.1_rsa.cer -keystore truststore -storepass 123456
keytool -importcert -alias 127.0.0.1_dsa -file 127.0.0.1_dsa.cer -keystore truststore -storepass 123456
keytool -importcert -alias 127.0.0.1_dsa -file 127.0.0.1_dsa.cer -keystore client.truststore -storepass 123456
keytool -importcert -alias 127.0.0.1_rsa -file 127.0.0.1_rsa.cer -keystore client.truststore -storepass 123456
2.2 安装java第三方加密jar包
下载bcprov-ext-jdk15on-154.jar
https://downloads.bouncycastle.org/java/bcprov-ext-jdk15on-154.jar
拷贝到 jdkpath\jre\lib\ext下。
2.3 生成Android使用的client.bks
使用导出的证书home_dsa.cer生成client.bks
keytool -importcert -keystore client.bks -storepass 123456 -file 127.0.0.1_dsa.cer -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
3 Android配置SSLContext
3.1 创建SSLContext
将client.bks拷贝至项目raw文件夹中,使用它来创建SSLContext.
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(getClass().getResourceAsStream("/truststore"), ("123456").toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
这里只附上尝试过程参考的资料,总结经验,希望对网友有所帮助
https://blog.csdn.net/u013034750/article/details/51601876
https://blog.csdn.net/fengwind1/article/details/54667208
http://download.igniterealtime.org/openfire/docs/latest/documentation/ssl-guide.html
https://www.cnblogs.com/cavalier-/p/6947723.html
https://stackoverflow.com/questions/30237670/smack-4-1-no-response-within-reply-timeout
https://stackoverflow.com/questions/28281367/smack-and-sasl-authentication-error-no-known-authentication-mechanisims/33495489#33495489
http://www.cnblogs.com/cavalier-/p/6940406.html
https://blog.csdn.net/fengwind1/article/details/54667208
https://blog.csdn.net/fanst_/article/details/53467897
https://xmpp.org/rfcs/rfc3921.html
https://blog.csdn.net/u011026329/article/details/50582957
https://github.com/ge0rg/MemorizingTrustManager
https://blog.csdn.net/coding_me/article/details/39524137