jdk1.6 支持 tls1.1 1.2协议 并忽略身份验证

碰到用jdk1.6请求 https接口,接口服务器配置的用tls1.1,请求是就报 Remote host closed connection during handshake错误,百度是说早期的jdk1.6只支持 tls1.0,如果非用jdk1.6需要引入第三方库,以下是百度的解决办法,不过有稍微改动一些代码,因为百度出来的代码请求某些https 会成功 ,但是请求我调的那个接口会出错,由于百度写的代码在出某些情况下会主动抛出一个异常,掩盖掉了真实异常

我的真实异常是java.io.IOException: HTTPS hostname wrong:  should be,

而百度的那份代码抛出的异常只有UnsupportedOperationException,看不出什么问题。具体处理看下面,代码改动的地方我会加注释


jdk1.6不支持tls1.2协议,jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。

引入依赖

<dependency>
    <groupId>org.bouncycastlegroupId>
    <artifactId>bcprov-jdk15onartifactId>
    <version>1.54version>
dependency>
 
  


创建协议工厂

复制代码
import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
                               boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { return null; }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return null; }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    /*原本这些方法都是直接throw UnsupportedOperationException 导致看不到真实异常*/
                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }
                    @Override public String getCipherSuite() { return null; }
                    @Override public long getCreationTime() { return 0; }
                    @Override public byte[] getId() { return null; }
                    @Override public long getLastAccessedTime() { return 0; }
                    @Override public java.security.cert.Certificate[] getLocalCertificates() { return null; }
                    @Override public Principal getLocalPrincipal() { return null; }
                    @Override public int getPacketBufferSize() { return 0; }
                    @Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                    @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                    @Override public String getPeerHost() { return null; }
                    @Override public int getPeerPort() { return 0; }
                    @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                    @Override public String getProtocol() { return null; }
                    @Override public SSLSessionContext getSessionContext() { return null; }
                    @Override public Object getValue(String arg0) { return null; }
                    @Override public String[] getValueNames() { return null; }
                    @Override public void invalidate() { return; }
                    @Override public boolean isValid() { return true; }
                    @Override public void putValue(String arg0, Object arg1) { return; }
                    @Override
                    public void removeValue(String arg0) {
                        return;
                    }
                };
            }

            @Override public String[] getSupportedProtocols() { return null; }
            @Override public boolean getUseClientMode() { return false; }
            @Override public boolean getWantClientAuth() { return false; }
            @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
            @Override public void setEnableSessionCreation(boolean arg0) { }
            @Override public void setEnabledCipherSuites(String[] arg0) { }
            @Override public void setEnabledProtocols(String[] arg0) { }
            @Override public void setNeedClientAuth(boolean arg0) { }
            @Override public void setUseClientMode(boolean arg0) { }
            @Override public void setWantClientAuth(boolean arg0) { }
            @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable, byte[]> getClientExtensions() throws IOException {
                        Hashtable, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {

                            @Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List certs = new LinkedList();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                    // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}


表单提交请求

public static String httpsPostData(String urlPath, Map, String> data)
{
    String result = null;
    URL url = null;
    HttpsURLConnection httpurlconnection = null;
    BufferedReader reader = null;
    try
    {
        url = new URL(urlPath);
        httpurlconnection = (HttpsURLConnection) url.openConnection();
        httpurlconnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
        httpurlconnection.setDoInput(true);
        httpurlconnection.setDoOutput(true);


        httpurlconnection.setRequestMethod("POST");
        
   /*用于解决请求我要调的接口的报错问题,如果这个去掉可以正常请求可以不要这段话*/
   httpurlconnection.setHostnameVerifier(new HostnameVerifier(){
        @Override
        public boolean verify(String hostname, SSLSession session) {
          // 直接返回true
         return true;
        }
   });
httpurlconnection.connect() ; StringBuffer params = new StringBuffer() ; // 表单参数与get形式一样 for (Map.Entry, String> entry : data.entrySet()) { params.append(entry.getKey()).append( "=").append(entry.getValue()).append( "&") ; } params.deleteCharAt(params.length()- 1) ; byte[] bypes = params.toString().getBytes() ; httpurlconnection.getOutputStream().write(bypes) ; // 输入参数 int code = httpurlconnection.getResponseCode() ; if (code == 200) { // 读取响应 // int length = (int) httpurlconnection.getContentLength();// // 获取长度 InputStream is = httpurlconnection.getInputStream() ; reader = new BufferedReader( new InputStreamReader(is)) ; String line = reader.readLine() ; StringBuilder builder = new StringBuilder() ; while (line != null) { builder.append(line) ; line = reader.readLine() ; } result = builder.toString() ; } else { // TODO } } catch (Exception e) { e.printStackTrace() ; } finally { url = null; if (httpurlconnection != null) { httpurlconnection.disconnect() ; } try { if (reader != null) { reader.close() ; } } catch (IOException e) { // TODO } } return result ;}
 
  

你可能感兴趣的:(java1.6,tls,https)