解决jdk1.6不支持TLS1.2协议的问题
项目场景:
两个系统对接,A方项目基于jdk1.6,B方项目基于jdk1.8,场景中A项目需要调用B项目的远程接口(https)
问题描述:
发现调用失败(javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure)
原因分析:
B项目使用JDK1.8,https协议支持TLS1.2,而B项目是JDK1.6默认不支持TLS1.2 ,所以导致捂手失败
解决方案:
实际项目通过该方式已解决
引入依赖(jar包下载地址 https://mvnrepository.com/)版本一定跟我保持一致,作者已踩坑
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.54</version>
</dependency>
编写工具类
public class TLSSocketConnectionFactory extends SSLSocketFactory {
static {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}
@Override
public Socket createSocket(Socket socket, final String host, int port,
boolean arg3) throws IOException {
if (socket == null) {
socket = new Socket();
}
if (!socket.isConnected()) {
socket.connect(new InetSocketAddress(host, port));
}
final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());
return _createSSLSocket(host, tlsClientProtocol);
}
@Override public String[] getDefaultCipherSuites() { return null; }
@Override public String[] getSupportedCipherSuites() { return null; }
@Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return null; }
@Override public Socket createSocket(InetAddress host, int port) throws IOException { return null; }
@Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
@Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return null; }
private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
return new SSLSocket() {
private java.security.cert.Certificate[] peertCerts;
@Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
@Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
@Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
@Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
@Override public boolean getEnableSessionCreation() { return false; }
@Override public String[] getEnabledCipherSuites() { return null; }
@Override public String[] getEnabledProtocols() { return null; }
@Override public boolean getNeedClientAuth() { return false; }
@Override
public SSLSession getSession() {
return new SSLSession() {
public int getApplicationBufferSize() {
return 0;
}
public String getCipherSuite() { return null; }
public long getCreationTime() { return 0; }
public byte[] getId() { return null; }
public long getLastAccessedTime() { return 0; }
public java.security.cert.Certificate[] getLocalCertificates() { return null; }
public Principal getLocalPrincipal() { return null; }
public int getPacketBufferSize() { return 0; }
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
public String getPeerHost() { return null; }
public int getPeerPort() { return 0; }
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
public String getProtocol() { return null; }
public SSLSessionContext getSessionContext() { return null; }
public Object getValue(String arg0) { return null; }
public String[] getValueNames() { return null; }
public void invalidate() { return; }
public boolean isValid() { return true; }
public void putValue(String arg0, Object arg1) { return; }
public void removeValue(String arg0) {
return;
}
};
}
@Override public String[] getSupportedProtocols() { return null; }
@Override public boolean getUseClientMode() { return false; }
@Override public boolean getWantClientAuth() { return false; }
@Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
@Override public void setEnableSessionCreation(boolean arg0) { }
@Override public void setEnabledCipherSuites(String[] arg0) { }
@Override public void setEnabledProtocols(String[] arg0) { }
@Override public void setNeedClientAuth(boolean arg0) { }
@Override public void setUseClientMode(boolean arg0) { }
@Override public void setWantClientAuth(boolean arg0) { }
@Override public String[] getSupportedCipherSuites() { return null; }
@Override
public void startHandshake() throws IOException {
tlsClientProtocol.connect(new DefaultTlsClient() {
@SuppressWarnings("unchecked")
@Override
public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
if (clientExtensions == null) {
clientExtensions = new Hashtable<Integer, byte[]>();
}
byte[] host_name = host.getBytes();
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
final DataOutputStream dos = new DataOutputStream(baos);
dos.writeShort(host_name.length + 3);
dos.writeByte(0);
dos.writeShort(host_name.length);
dos.write(host_name);
dos.close();
clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
return clientExtensions;
}
public TlsAuthentication getAuthentication() throws IOException {
return new TlsAuthentication() {
public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
try {
KeyStore ks = _loadKeyStore();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
boolean trustedCertificate = false;
for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
certs.add(cert);
String alias = ks.getCertificateAlias(cert);
if(alias != null) {
if (cert instanceof java.security.cert.X509Certificate) {
try {
( (java.security.cert.X509Certificate) cert).checkValidity();
trustedCertificate = true;
} catch(CertificateExpiredException cee) {
}
}
} else {
}
}
if (!trustedCertificate) {
}
peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException(ex);
}
}
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
return null;
}
private KeyStore _loadKeyStore() throws Exception {
FileInputStream trustStoreFis = null;
try {
KeyStore localKeyStore = null;
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";
if (trustStoreType.length() != 0) {
if (trustStoreProvider.length() == 0) {
localKeyStore = KeyStore.getInstance(trustStoreType);
} else {
localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
}
char[] keyStorePass = null;
String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";
if (str5.length() != 0) {
keyStorePass = str5.toCharArray();
}
localKeyStore.load(trustStoreFis, keyStorePass);
if (keyStorePass != null) {
for (int i = 0; i < keyStorePass.length; i++) {
keyStorePass[i] = 0;
}
}
}
return localKeyStore;
}finally {
if (trustStoreFis != null) {
trustStoreFis.close();
}
}
}
};
}
});
}
};
}
public static JSONObject send(String signData,String signURL,String requestMethod) {
URL myurl = null;
try {
myurl = new URL(signURL);
} catch (Exception e) {
e.printStackTrace();
}
HttpsURLConnection con = null;
try {
con = (HttpsURLConnection) myurl.openConnection();
con.setSSLSocketFactory(new TLSSocketConnectionFactory());
con.setHostnameVerifier(new HostnameVerifier(){
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
System.setProperty("sun.net.client.defaultConnectTimeout","300000");
System.setProperty("sun.net.client.defaultReadTimeout", "300000");
if("POST".equals(requestMethod)){
con.setDoOutput(true);
}
con.setDoInput(true);
con.setUseCaches(false);
con.setInstanceFollowRedirects(true);
System.out.println("start connect");
con.connect();
System.out.println("end connect");
} catch (Exception e) {
e.printStackTrace();
}
if("POST".equals(requestMethod)){
OutputStream out = null;
try {
out = con.getOutputStream();
if(null!=signData){
out.write(signData.getBytes("utf-8"));
}
out.flush();
out.close();
}catch(Exception ex){
ex.printStackTrace();
}
}
StringBuffer buffer = null;
try {
System.out.println("responsecode="+con.getResponseCode());
BufferedReader br = new BufferedReader(new InputStreamReader(con.getInputStream(), "utf-8"));
buffer=new StringBuffer();
String line=null;
while((line=br.readLine())!=null){
buffer.append(line);
}
br.close();
con.disconnect();
} catch (Exception ioex) {
ioex.printStackTrace();
}
System.out.println(buffer!=null?buffer.toString():null);
return buffer!=null?JSONObject.parseObject(buffer.toString()):null;
}
public static void main(String[] args) {
JSONObject jsonObj = send(null,"https://devau33.cnooc.comss.cn/idp/oauth2/getToken?client_id=tmis&grant_type=authorization_code&client_secret=6c4cf0445ccd42ab8eaf63101e7a4602&code=122","POST");
System.out.println(jsonObj.get("message"));
}
}
|