JDK1.6调用https接口报javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 异常

Scroll Down

问题背景

在某个项目中,测试环境调用对方https接口报javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 异常,使用postman等工具调用对方接口可以返回数据,那就是我们这边的问题,第一件事是看有没有导入证书,发现确实导入了证书后还是调用失败,第二步来进行分析了对方接口的协议(查询接口支持协议),但是jdk1.6的不支持TLS1.2,1.1,导致无法请求成功 接口协议 stackoverflow问题类似情况 jdk使用jdk.tls.client.protocols(当时没有试这里面的方法,用其他方法解决了)

1.在测试环境中切换jdk为1.7,并且忽略SSL验证后可解决,但是这个项目太老了,不敢升级jdk,只能找其他办法 2.从官网下载jce安装包,jce下载地址,下载后替换到测试环境,was环境下的服务访问数据库失败,导致无法使用,所以此方法不行 3.在访问求前增加这段代码

System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,SSLv3"); 

此方法发现还是不行 4.使用第三方jar包bcprov-jdk15on,先引入,

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.55</version>
</dependency>

然后修改如下请求代码 新增类TLSSocketConnectionFactory,修改请求方式,解决问题!

package nc.impl.rm.dongruan;
import java.io.ByteArrayInputStream;  
import java.io.ByteArrayOutputStream;  
import java.io.DataOutputStream;  
import java.io.FileInputStream;  
import java.io.IOException;  
import java.io.InputStream;  
import java.io.OutputStream;  
import java.net.InetAddress;  
import java.net.InetSocketAddress;  
import java.net.Socket;  
import java.net.UnknownHostException;  
import java.security.KeyStore;  
import java.security.Principal;  
import java.security.SecureRandom;  
import java.security.Security;  
import java.security.cert.CertificateExpiredException;  
import java.security.cert.CertificateFactory;  
import java.util.Hashtable;  
import java.util.LinkedList;  
import java.util.List;  
  
import javax.net.ssl.HandshakeCompletedListener;  
import javax.net.ssl.SSLPeerUnverifiedException;  
import javax.net.ssl.SSLSession;  
import javax.net.ssl.SSLSessionContext;  
import javax.net.ssl.SSLSocket;  
import javax.net.ssl.SSLSocketFactory;  
import javax.security.cert.X509Certificate;  
  
import org.bouncycastle.crypto.tls.*;  
import org.bouncycastle.crypto.tls.Certificate;  
import org.bouncycastle.jce.provider.BouncyCastleProvider;  
  
/**
 * 
 * @date 20190731
 * @author 
 *
 */ 
public class TLSSocketConnectionFactory extends SSLSocketFactory {  
  
    static {  
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {  
            Security.addProvider(new BouncyCastleProvider());  
        }  
    }  
  
    @Override  
    public Socket createSocket(Socket socket, final String host, int port,  
                               boolean arg3) throws IOException {  
        if (socket == null) {  
            socket = new Socket();  
        }  
        if (!socket.isConnected()) {  
            socket.connect(new InetSocketAddress(host, port));  
        }  
  
        final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());  
  
        return _createSSLSocket(host, tlsClientProtocol);  
    }  
  
    @Override  
    public String[] getDefaultCipherSuites() {  
        return null;  
    }  
  
    @Override  
    public String[] getSupportedCipherSuites() {  
        return null;  
    }  
  
    @Override  
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {  
        throw new UnsupportedOperationException();  
    }  
  
    @Override  
    public Socket createSocket(InetAddress host, int port) throws IOException {  
        throw new UnsupportedOperationException();  
    }  
  
    @Override  
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {  
        return null;  
    }  
  
    @Override  
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {  
        throw new UnsupportedOperationException();  
    }  
  
    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {  
        return new SSLSocket() {  
            private java.security.cert.Certificate[] peertCerts;  
  
            @Override  
            public InputStream getInputStream() throws IOException {  
                return tlsClientProtocol.getInputStream();  
            }  
  
            @Override  
            public OutputStream getOutputStream() throws IOException {  
                return tlsClientProtocol.getOutputStream();  
            }  
  
            @Override  
            public synchronized void close() throws IOException {  
                tlsClientProtocol.close();  
            }  
  
            @Override  
            public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {  
            }  
  
            @Override  
            public boolean getEnableSessionCreation() {  
                return false;  
            }  
  
            @Override  
            public String[] getEnabledCipherSuites() {  
                return null;  
            }  
  
            @Override  
            public String[] getEnabledProtocols() {  
                return null;  
            }  
  
            @Override  
            public boolean getNeedClientAuth() {  
                return false;  
            }  
  
            @Override  
            public SSLSession getSession() {  
                return new SSLSession() {  
  
                    public int getApplicationBufferSize() {  
                        return 0;  
                    }  
  
                    public String getCipherSuite() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public long getCreationTime() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public byte[] getId() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public long getLastAccessedTime() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public java.security.cert.Certificate[] getLocalCertificates() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public Principal getLocalPrincipal() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public int getPacketBufferSize() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {  
                        return null;  
                    }  
  
                    public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {  
                        return peertCerts;  
                    }  
  
                    public String getPeerHost() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public int getPeerPort() {  
                        return 0;  
                    }  
  
                    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {  
                        return null;  
                    }  
  
                    public String getProtocol() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public SSLSessionContext getSessionContext() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public Object getValue(String arg0) {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public String[] getValueNames() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public void invalidate() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public boolean isValid() {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public void putValue(String arg0, Object arg1) {  
                        throw new UnsupportedOperationException();  
                    }  
  
                    public void removeValue(String arg0) {  
                        throw new UnsupportedOperationException();  
                    }  
                };  
            }  
  
            @Override  
            public String[] getSupportedProtocols() {  
                return null;  
            }  
  
            @Override  
            public boolean getUseClientMode() {  
                return false;  
            }  
  
            @Override  
            public boolean getWantClientAuth() {  
                return false;  
            }  
  
            @Override  
            public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {  
            }  
  
            @Override  
            public void setEnableSessionCreation(boolean arg0) {  
            }  
  
            @Override  
            public void setEnabledCipherSuites(String[] arg0) {  
            }  
  
            @Override  
            public void setEnabledProtocols(String[] arg0) {  
            }  
  
            @Override  
            public void setNeedClientAuth(boolean arg0) {  
            }  
  
            @Override  
            public void setUseClientMode(boolean arg0) {  
            }  
  
            @Override  
            public void setWantClientAuth(boolean arg0) {  
            }  
  
            @Override  
            public String[] getSupportedCipherSuites() {  
                return null;  
            }  
  
            @Override  
            public void startHandshake() throws IOException {  
                tlsClientProtocol.connect(new DefaultTlsClient() {  
  
                    @SuppressWarnings("unchecked")  
                    @Override  
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {  
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();  
                        if (clientExtensions == null) {  
                            clientExtensions = new Hashtable<Integer, byte[]>();  
                        }  
  
                        //Add host_name  
                        byte[] host_name = host.getBytes();  
  
                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();  
                        final DataOutputStream dos = new DataOutputStream(baos);  
                        dos.writeShort(host_name.length + 3);  
                        dos.writeByte(0);  
                        dos.writeShort(host_name.length);  
                        dos.write(host_name);  
                        dos.close();  
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());  
                        return clientExtensions;  
                    }  
  
                    public TlsAuthentication getAuthentication() throws IOException {  
                        return new TlsAuthentication() {  
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {  
                                try {  
                                    KeyStore ks = _loadKeyStore();  
  
                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");  
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();  
                                    boolean trustedCertificate = false;  
                                    for (org.bouncycastle.asn1.x509.Certificate c : ((org.bouncycastle.crypto.tls.Certificate) serverCertificate).getCertificateList()) {  
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));  
                                        certs.add(cert);  
  
                                        String alias = ks.getCertificateAlias(cert);  
                                        if (alias != null) {  
                                            if (cert instanceof java.security.cert.X509Certificate) {  
                                                try {  
                                                    ((java.security.cert.X509Certificate) cert).checkValidity();  
                                                    trustedCertificate = true;  
                                                } catch (CertificateExpiredException cee) {  
                                                    // Accept all the certs!  
                                                }  
                                            }  
                                        } else {  
                                            // Accept all the certs!  
                                        }  
  
                                    }  
                                    if (!trustedCertificate) {  
                                        // Accept all the certs!  
                                    }  
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);  
                                } catch (Exception ex) {  
                                    ex.printStackTrace();  
                                    throw new IOException(ex);  
                                }  
                            }  
  
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {  
                                return null;  
                            }  
  
                            private KeyStore _loadKeyStore() throws Exception {  
                                FileInputStream trustStoreFis = null;  
                                try {  
                                    KeyStore localKeyStore = null;  
  
                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();  
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";  
  
                                    if (trustStoreType.length() != 0) {  
                                        if (trustStoreProvider.length() == 0) {  
                                            localKeyStore = KeyStore.getInstance(trustStoreType);  
                                        } else {  
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);  
                                        }  
  
                                        char[] keyStorePass = null;  
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";  
  
                                        if (str5.length() != 0) {  
                                            keyStorePass = str5.toCharArray();  
                                        }  
  
                                        localKeyStore.load(trustStoreFis, keyStorePass);  
  
                                        if (keyStorePass != null) {  
                                            for (int i = 0; i < keyStorePass.length; i++) {  
                                                keyStorePass[i] = 0;  
                                            }  
                                        }  
                                    }  
                                    return localKeyStore;  
                                } finally {  
                                    if (trustStoreFis != null) {  
                                        trustStoreFis.close();  
                                    }  
                                }  
                            }  
  
                        };  
                    }  
  
                });  
            } // startHandshake  
        };  
    }  
}  

修改调用类

package nc.impl.rm.dongruan;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
 
import javax.net.ssl.HttpsURLConnection;

/**
 * 调用接口获取入职人员信息
 * @date 20190731
 * @author 
 *
 */ 
public class HttpClientUtil {	 
	
	public static void main(String[] args) {
		
		 StringBuilder sb = new StringBuilder();

		sb.append("{");
		
		sb.append("\"name\":").append("张三");

		sb.append(",\"email\":").append("huangjund@yonyou.com");

		sb.append(",\"phone\":").append("18529167601");

		sb.append(",\"idCardNumber\":").append("333333333");
		
		sb.append("}");
		
		System.out.println(sb.toString());
		
		
		//getAhrPersonInfo();
	}
		
	public static String  getAhrPersonInfo(String ncparam) {
			String url = "";
			String param =ncparam;	
			String result=get(url, param);
			return result;
	}
	
	public HttpURLConnection createConnection(URI uri) throws IOException {
		URL url = uri.toURL();
		URLConnection connection = url.openConnection();
		HttpsURLConnection httpsURLConnection = (HttpsURLConnection) connection;
		httpsURLConnection
				.setSSLSocketFactory(new TLSSocketConnectionFactory());
		return httpsURLConnection;
	}	
	public static String get(String url, String param) {
		HttpClientUtil httpsUrlConnectionMessageSender = new HttpClientUtil();
		HttpURLConnection connection;
		try {
			connection = httpsUrlConnectionMessageSender
					.createConnection(new URI(url));
			connection.setDoOutput(true);
			connection.setDoInput(true);
			connection.setRequestMethod("POST");
			connection.setUseCaches(false);
			connection.setInstanceFollowRedirects(true);
			connection.setRequestProperty("Content-Type",
					"application/x-www-form-urlencoded");
 
			connection.connect();
			// POST请求
			OutputStreamWriter os = null;
			String json = "";
			os = new OutputStreamWriter(connection.getOutputStream());
			os.write(param);
			os.flush();
			json = getResponse(connection);
			if (connection != null) {
				connection.disconnect();
			}
			return json;
		} catch (IOException e) {
			e.printStackTrace();
		} catch (URISyntaxException e) {
			e.printStackTrace();
		}
		return "失败";
 
	}
	public static String getResponse(HttpURLConnection Conn) throws IOException {
		InputStream is;
		if (Conn.getResponseCode() >= 400) {
			is = Conn.getErrorStream();
		} else {
			is = Conn.getInputStream();
		}
		String response = streamToString(is, "utf-8");
		/*
		 * String response = ""; byte buff[] = new byte[2048]; int b = 0; while
		 * ((b = is.read(buff, 0, buff.length)) != -1) { response += new
		 * String(buff, 0, b);
		 * 
		 * }
		 */
		is.close();
		return response;
	}
 
	public static String streamToString(InputStream in, String encoding) {
		ByteArrayOutputStream bos = null;
		try {
			bos = new ByteArrayOutputStream();
			byte[] arr = new byte[1024];
			int len;
			while (-1 != (len = in.read(arr))) {
				bos.write(arr, 0, len);
			}
			return bos.toString(encoding);
		} catch (IOException e) {
			e.printStackTrace();
			throw new RuntimeException("提取 requestBody 异常", e);
		} finally {
			if (null != bos) {
				try {
					bos.close();
				} catch (IOException e) {
					e.printStackTrace();
				}
			}
		}
	}
}