虽然我们在内部rpc通信中使用的是基于认证和报文头加密的方式实现安全性,但是有些时候仍然需要使用SSL加密,可能是因为对接的三方系统需要,也可能是由于open的考虑。中午特地测了下netty下集成ssl的功能,关于ssl的握手过程以及java安全框架中的相关组件说明,请参考如下链接:
http://www.cnblogs.com/zhjh256/p/6262620.html
http://www.cnblogs.com/zhjh256/p/6104537.html
网上搜了下,并没有看到完整的netty ssl示例例子,netty in action中也只是匆匆带过。特详细的测试和整理如下。
首先生成服务端证书:
D:\security\server>keytool -genkey -alias securechat -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass sNetty -storepass sNetty -keystore sChat.jks
D:\security\server>keytool -export -alias securechat -keystore sChat.jks -storepass sNetty -file sChat.cer
存储在文件 <sChat.cer> 中的证书
D:\security\server>cd /d ../client
D:\security\client>keytool -genkey -alias smcc -keysize 2048 -validity 365 -keyalg RSA -dname "CN=localhost" -keypass cNetty -storepass cNetty -keystore cChat.jks
D:\security\client>keytool -import -trustcacerts -alias securechat -file ../server\sChat.cer -storepass cNetty -keystore cChat.jks
所有者: CN=localhost
发布者: CN=localhost
序列号: 78384348
有效期开始日期: Wed Mar 01 12:48:48 CST 2017, 截止日期: Thu Mar 01 12:48:48 CST 2018
证书指纹:
MD5: 94:83:6C:6D:4B:0D:0B:E6:BF:39:B7:2C:17:29:E8:3C
SHA1: 9A:29:27:41:BE:71:38:C8:13:99:3A:8F:C6:37:C2:95:31:14:B4:98
SHA256: E9:31:40:C7:FC:EA:EF:24:54:EF:4C:59:50:44:CB:1F:9A:35:B7:26:07:2D:3B:1F:BC:30:8E:C0:63:45:4F:21
签名算法名称: SHA256withRSA
版本: 3
扩展:
#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]
是否信任此证书? [否]: 是
证书已添加到密钥库中
netty服务端源码:
package com.ld.net.spider.server; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import java.net.InetSocketAddress; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderServerBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderServerBusiHandler.class); @Override protected void channelRead0(final ChannelHandlerContext ctx, final Object msg) throws Exception { System.out.println(msg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { logger.error("channel " + ((InetSocketAddress)ctx.channel().remoteAddress()).toString() + " exception:",cause); ctx.close(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.server.SpiderServerBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(false); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderServerBusiHandler", new SpiderServerBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.ServerBootstrap; import io.netty.buffer.PooledByteBufAllocator; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.ServerChannel; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioServerSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import javax.net.ssl.KeyManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketServerHelper { static final Logger logger = LoggerFactory.getLogger(SocketServerHelper.class); private static int WORKER_GROUP_SIZE = Runtime.getRuntime().availableProcessors() * 2; private static EventLoopGroup bossGroup; private static EventLoopGroup workerGroup; private static Class<? extends ServerChannel> channelClass; public static void startSpiderServer() throws Exception { ServerBootstrap b = new ServerBootstrap(); b.childOption(ChannelOption.TCP_NODELAY, true) .childOption(ChannelOption.SO_KEEPALIVE, true) .childOption(ChannelOption.SO_REUSEADDR, true) .childOption(ChannelOption.ALLOCATOR, new PooledByteBufAllocator(false)) .childOption(ChannelOption.SO_RCVBUF, 1048576) .childOption(ChannelOption.SO_SNDBUF, 1048576); bossGroup = new NioEventLoopGroup(1); workerGroup = new NioEventLoopGroup(WORKER_GROUP_SIZE); channelClass = NioServerSocketChannel.class; logger.info("workerGroup size:" + WORKER_GROUP_SIZE); logger.info("preparing to start spider server..."); b.group(bossGroup, workerGroup); b.channel(channelClass); KeyManagerFactory keyManagerFactory = null; KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\server\\sChat.jks"), "sNetty".toCharArray()); keyManagerFactory = KeyManagerFactory.getInstance("SunX509"); keyManagerFactory.init(keyStore,"sNetty".toCharArray()); SslContext sslContext = SslContextBuilder.forServer(keyManagerFactory).build(); b.childHandler(new SslChannelInitializer(sslContext)); b.bind(9912).sync(); logger.info("spider server start sucess, listening on port " + 9912 + "."); } public static void main(String[] args) throws Exception { SocketServerHelper.startSpiderServer(); } public static void shutdown() { logger.debug("preparing to shutdown spider server..."); bossGroup.shutdownGracefully(); workerGroup.shutdownGracefully(); logger.debug("spider server is shutdown."); } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
客户端源码:
package com.ld.net.spider.client; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.SimpleChannelInboundHandler; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SpiderClientBusiHandler extends SimpleChannelInboundHandler<Object> { static final Logger logger = LoggerFactory.getLogger(SpiderClientBusiHandler.class); @Override protected void channelRead0(ChannelHandlerContext ctx, Object origMsg) { System.out.println(origMsg.toString()); } @Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { cause.printStackTrace(); } }
package com.ld.net.spider.channel; import java.nio.charset.Charset; import javax.net.ssl.SSLEngine; import com.ld.net.spider.client.SpiderClientBusiHandler; import io.netty.channel.Channel; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.LengthFieldBasedFrameDecoder; import io.netty.handler.codec.LengthFieldPrepender; import io.netty.handler.codec.string.StringDecoder; import io.netty.handler.codec.string.StringEncoder; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslHandler; public class SslChannelInitializer extends ChannelInitializer<Channel> { private final SslContext context; public SslChannelInitializer(SslContext context) { this.context = context; } @Override protected void initChannel(Channel ch) throws Exception { SSLEngine engine = context.newEngine(ch.alloc()); engine.setUseClientMode(true); ch.pipeline().addFirst("ssl", new SslHandler(engine)); ChannelPipeline pipeline = ch.pipeline(); pipeline.addLast("frameDecoder", new LengthFieldBasedFrameDecoder(Integer.MAX_VALUE, 0, 4, 0, 4)); pipeline.addLast("frameEncoder", new LengthFieldPrepender(4)); //最大16M pipeline.addLast("decoder", new StringDecoder(Charset.forName("UTF-8"))); pipeline.addLast("encoder", new StringEncoder(Charset.forName("UTF-8"))); pipeline.addLast("spiderClientBusiHandler", new SpiderClientBusiHandler()); } }
package com.ld.net.spider.channel; import io.netty.bootstrap.Bootstrap; import io.netty.channel.Channel; import io.netty.channel.ChannelOption; import io.netty.channel.EventLoopGroup; import io.netty.channel.nio.NioEventLoopGroup; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; import java.io.FileInputStream; import java.security.KeyStore; import java.text.MessageFormat; import javax.net.ssl.TrustManagerFactory; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class SocketClientHelper { static final Logger logger = LoggerFactory.getLogger(SocketClientHelper.class); public static void main(String[] args) { Channel channel = SocketClientHelper.createChannel("localhost",9912); try { Thread.sleep(100); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } SocketHelper.writeMessage(channel, "ssh over tcp test 1"); SocketHelper.writeMessage(channel, "ssh over tcp test 2"); SocketHelper.writeMessage(channel, "ssh over tcp test 3"); SocketHelper.writeMessage(channel, "ssh over tcp test 4"); SocketHelper.writeMessage(channel, "ssh over tcp test 5"); } public static Channel createChannel(String host, int port) { Channel channel = null; Bootstrap b = getBootstrap(); try { channel = b.connect(host, port).sync().channel(); logger.info(MessageFormat.format("connect to spider server ({0}:{1,number,#}) success for thread [" + Thread.currentThread().getName() + "].", host,port)); } catch (Exception e) { e.printStackTrace(); } return channel; } public static Bootstrap getBootstrap(){ EventLoopGroup group; Class<? extends Channel> channelClass = NioSocketChannel.class; group = new NioEventLoopGroup(); Bootstrap b = new Bootstrap(); b.group(group).channel(channelClass); b.option(ChannelOption.SO_KEEPALIVE, true); b.option(ChannelOption.TCP_NODELAY, true); b.option(ChannelOption.SO_REUSEADDR, true); b.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000); TrustManagerFactory tf = null; try { KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("D:\\security\\client\\cChat.jks"), "cNetty".toCharArray()); tf = TrustManagerFactory.getInstance("SunX509"); tf.init(keyStore); SslContext sslContext = SslContextBuilder.forClient().trustManager(tf).build(); b.handler(new SslChannelInitializer(sslContext)); return b; } catch(Exception e) { e.printStackTrace(); } return null; } }
package com.ld.net.spider.channel; import java.net.InetSocketAddress; import java.nio.channels.ClosedChannelException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import io.netty.buffer.ByteBuf; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; public class SocketHelper { static final Logger logger = LoggerFactory.getLogger(SocketHelper.class); //仅用于内部通信,不供业务直接使用 public static ChannelFuture writeMessage(Channel channel,String msg) { if(channel!=null){ try { System.out.println("send: " + msg); return channel.writeAndFlush(msg).sync(); } catch (Exception e) { String otherInfo = ""; if(channel.remoteAddress() != null) { otherInfo = "remote address [" + ((InetSocketAddress)channel.remoteAddress()).toString() + "]"; } else { otherInfo = "channel is null."; } if(e instanceof ClosedChannelException) { logger.error("channel to " + otherInfo + " is closed",e); } else { logger.error("timeout occured during channel send msg, " + otherInfo,e); } } }else{ logger.error("send msg failed, channel is disconnected or not connect. channel is null, please see caller log."); } return null; } public static ChannelFuture writeMessage(Channel channel,ByteBuf msg) { if(channel!=null){ try { return channel.writeAndFlush(msg).sync(); } catch (Exception e) { logger.error("timeout occured during channel send msg. remote address is:" + ((InetSocketAddress)channel.remoteAddress()).toString(),e); } }else{ logger.error("send msg failed, channel is disconnected or not connect, channel is null, please see caller log."); } return null; } }
服务端日志如下:
2017-03-01 16:58:51,130 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Using SLF4J as the default logging framework
2017-03-01 16:58:51,149 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) java.nio.Buffer.address: available
2017-03-01 16:58:51,152 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.theUnsafe: available
2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) sun.misc.Unsafe.copyMemory: available
2017-03-01 16:58:51,153 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) direct buffer constructor: available
2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.Bits.unaligned: available, true
2017-03-01 16:58:51,156 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.DirectByteBuffer.<init>(long, int): available
2017-03-01 16:58:51,157 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) java.nio.ByteBuffer.cleaner(): available
2017-03-01 16:58:51,158 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Platform: Windows
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) Java version: 8
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noUnsafe: false
2017-03-01 16:58:51,159 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) sun.misc.Unsafe: available
2017-03-01 16:58:51,160 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noJavassist: false
2017-03-01 16:58:51,263 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) Javassist: available
2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.tmpdir: C:\Users\dell\AppData\Local\Temp (java.io.tmpdir)
2017-03-01 16:58:51,264 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.bitMode: 32 (sun.arch.data.model)
2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noPreferDirect: false
2017-03-01 16:58:51,266 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) io.netty.maxDirectMemory: 259522560 bytes
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numHeapArenas: 2
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.numDirectArenas: 2
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.pageSize: 8192
2017-03-01 16:58:51,278 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxOrder: 11
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.chunkSize: 16777216
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.tinyCacheSize: 512
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.smallCacheSize: 256
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.normalCacheSize: 64
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.maxCachedBufferCapacity: 32768
2017-03-01 16:58:51,279 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.allocator.cacheTrimInterval: 8192
2017-03-01 16:58:51,294 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.eventLoopThreads: 16
2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.noKeySetOptimization: false
2017-03-01 16:58:51,317 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:76) -Dio.netty.selectorAutoRebuildThreshold: 512
2017-03-01 16:58:51,321 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) org.jctools-core.MpscChunkedArrayQueue: available
2017-03-01 16:58:51,570 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:87) workerGroup size:16
2017-03-01 16:58:51,571 INFO main com.ld.net.spider.channel.SocketServerHelper.startSpiderServer(SocketServerHelper.java:88) preparing to start spider server...
***
found key for : securechat
chain [0] = [
[
Version: V3
Subject: CN=localhost
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16749831635845125300898772810786851962757363576072630669848767625637449355190291171636880157484930405557737101798725595100430512588580403204298548884735410384206917161679097599345159927427558542606064509105209846308030792251873943022902050593801106402817832005445069333234562380602120679753904732125823381819786751986001753681225980680975385070899047009745899018543699824244522514977436255058760370815937546831611107298564630598608071740306664876690231081590657266029010190622338287792826180634476290558945799344550265622949291069523942227675708770661630527667572593691572695780386271863506537334127274891842041316241
public exponent: 65537
Validity: [From: Wed Mar 01 12:48:48 CST 2017,
To: Thu Mar 01 12:48:48 CST 2018]
Issuer: CN=localhost
SerialNumber: [ 78384348]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 9B 96 0D 50 4A 5E AF 3D 56 25 9C A5 69 C1 3E CC ...PJ^.=V%..i.>.
0010: 32 85 0D A8 2...
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 06 75 9F E1 A1 60 22 F9 2A 62 A7 71 42 D5 05 B7 .u...`".*b.qB...
0010: FF CB 2C C9 2D 03 D9 34 37 04 61 F0 C3 5D DF 23 ..,.-..47.a..].#
0020: B8 6C 72 3D 8E 60 CC 13 6E 66 C2 3A 81 E9 82 A4 .lr=.`..nf.:....
0030: FD BD 05 B7 73 B2 6D 15 09 29 D2 9C 1E C1 C2 95 ....s.m..)......
0040: 8A CA DC C7 E7 0A 64 C6 6E 6A 49 B9 29 77 30 84 ......d.njI.)w0.
0050: 4C 76 01 ED 48 AF 69 06 57 95 D5 AD 0D A9 06 7C Lv..H.i.W.......
0060: 3C 92 34 C0 DF 6D 12 B0 61 BA 9D 34 E1 60 58 37 <.4..m..a..4.`X7
0070: 26 54 AB C4 83 00 C7 9D A4 AE 50 2D A5 0F 9C B8 &T........P-....
0080: A3 A7 70 AE 7A FF AE 96 32 EA F0 CB 31 46 96 8C ..p.z...2...1F..
0090: 68 B5 68 4F 6D 7D 63 8D 02 2D 96 75 12 E7 76 01 h.hOm.c..-.u..v.
00A0: 3F 61 46 E3 B9 7B CE E1 77 EC 87 BE B1 ED 3A 9E ?aF.....w.....:.
00B0: B9 86 5E 77 EF 95 9B 17 16 EA 65 A9 59 E2 81 79 ..^w......e.Y..y
00C0: 0E BF B0 E5 18 CE 7A 0B 4A A6 19 1F 60 36 74 32 ......z.J...`6t2
00D0: E3 87 57 8A E0 98 87 DE 94 B0 BA A1 17 0F F2 16 ..W.............
00E0: D2 59 76 08 2F 6D 29 63 DA B9 E2 51 80 E9 85 22 .Yv./m)c...Q..."
00F0: B6 02 FD 8A 9B 44 98 57 44 44 65 B4 CC 42 B3 38 .....D.WDDe..B.8
]
***
2017-03-01 16:58:51,633 DEBUG main io.netty.util.internal.logging.Slf4JLogger.debug(Slf4JLogger.java:71) netty-tcnative not in the classpath; OpenSslEngine will be unavailable.
trustStore is: C:\Java\jdk1.8.0_102\jre\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0xc3517
Valid from Mon Jun 21 12:00:00 CST 1999 until Mon Jun 22 12:00:00 CST 2020
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Wed Nov 08 03:31:18 CST 2006 until Tue Jan 01 03:40:55 CST 2030
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Algorithm: EC; Serial number: 0xa68b79290000000050d091f9
Valid from Tue Dec 18 23:25:36 CST 2012 until Fri Dec 18 23:55:36 CST 2037
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 12:20:49 CST 2003 until Sat Sep 30 12:20:49 CST 2023
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 08:00:00 CST 2006 until Mon Nov 10 08:00:00 CST 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
Valid from Fri Jan 13 02:59:32 CST 2012 until Mon Jan 13 02:59:32 CST 2042
adding as trusted cert:
Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c
Valid from Thu Aug 01 20:00:00 CST 2013 until Fri Jan 15 20:00:00 CST 2038
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 08:00:00 CST 2006 until Thu Jul 17 07:59:59 CST 2036
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 13:00:39 CST 2009 until Tue May 29 13:00:39 CST 2029
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 08:00:00 CST 1998 until Wed Aug 02 07:59:59 CST 2028
adding as trusted cert:
Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
Valid from Mon Dec 20 10:31:27 CST 2004 until Wed Dec 20 10:31:27 CST 2034
adding as trusted cert:
Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7777062726a9b17c
Valid from Fri Jan 29 22:06:06 CST 2010 until Tue Dec 31 22:06:06 CST 2030
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 20:07:37 CST 2008 until Mon Dec 31 20:07:37 CST 2029
adding as trusted cert:
Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US
Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad
Valid from Tue Nov 02 01:14:04 CST 2004 until Mon Jan 01 13:37:19 CST 2035
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
A
最低0.47元/天 解锁文章
6728
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
