jdk1.6支持TLS1.2并忽略证书验证和用户验证
之前搞的https请求,对百度等确实有效,但是拿到生产环境就会抛出异常,这是因为jdk1.6版本不支持TLS1.2协议,而对方平台服务器采用了TLS1.2服务器,此处需要第三方插件
jar包为:bcprov-jdk15on-1.54.jar
首先继承并重写SSLSocketFactory ,原文中存在一些bug,好像说是jdk1.7没问题,但是1.6有问题,我采用的是1.6,对其中的代码进行了调整,使其支持jdk1.6环境
import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*;
import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class TLSSocketConnectionFactory extends SSLSocketFactory {
static {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}
@Override
public Socket createSocket(Socket socket, final String host, int port,
boolean arg3) throws IOException {
if (socket == null) {
socket = new Socket();
}
if (!socket.isConnected()) {
socket.connect(new InetSocketAddress(host, port));
}
final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());
return _createSSLSocket(host, tlsClientProtocol);
}
@Override public String[] getDefaultCipherSuites() { return null; }
@Override public String[] getSupportedCipherSuites() { return null; }
@Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
@Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
@Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
@Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); }
private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
return new SSLSocket() {
private java.security.cert.Certificate[] peertCerts;
@Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
@Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
@Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
@Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
@Override public boolean getEnableSessionCreation() { return false; }
@Override public String[] getEnabledCipherSuites() { return null; }
@Override public String[] getEnabledProtocols() { return null; }
@Override public boolean getNeedClientAuth() { return false; }
@Override
public SSLSession getSession() {
return new SSLSession() {
public int getApplicationBufferSize() {
return 0;
}
public String getCipherSuite() { return "";//throw new UnsupportedOperationException();
}
public long getCreationTime() { throw new UnsupportedOperationException(); }
public byte[] getId() { throw new UnsupportedOperationException(); }
public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
public String getPeerHost() { throw new UnsupportedOperationException(); }
public int getPeerPort() { return 0; }
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
public String getProtocol() { throw new UnsupportedOperationException(); }
public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
public String[] getValueNames() { throw new UnsupportedOperationException(); }
public void invalidate() { /*throw new UnsupportedOperationException(); */}
public boolean isValid() { throw new UnsupportedOperationException(); }
public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
};
}
@Override public String[] getSupportedProtocols() { return null; }
@Override public boolean getUseClientMode() { return false; }
@Override public boolean getWantClientAuth() { return false; }
@Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
@Override public void setEnableSessionCreation(boolean arg0) { }
@Override public void setEnabledCipherSuites(String[] arg0) { }
@Override public void setEnabledProtocols(String[] arg0) { }
@Override public void setNeedClientAuth(boolean arg0) { }
@Override public void setUseClientMode(boolean arg0) { }
@Override public void setWantClientAuth(boolean arg0) { }
@Override public String[] getSupportedCipherSuites() { return null; }
@Override
public void startHandshake() throws IOException {
tlsClientProtocol.connect(new DefaultTlsClient() {
@SuppressWarnings("unchecked")
@Override
public Hashtable getClientExtensions() throws IOException {
Hashtable clientExtensions = super.getClientExtensions();
if (clientExtensions == null) {
clientExtensions = new Hashtable();
}
//Add host_name
byte[] host_name = host.getBytes();
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
final DataOutputStream dos = new DataOutputStream(baos);
dos.writeShort(host_name.length + 3);
dos.writeByte(0);
dos.writeShort(host_name.length);
dos.write(host_name);
dos.close();
clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
return clientExtensions;
}
public TlsAuthentication getAuthentication() throws IOException {
return new TlsAuthentication() {
public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
try {
KeyStore ks = _loadKeyStore();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List certs = new LinkedList();
boolean trustedCertificate = false;
for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
certs.add(cert);
String alias = ks.getCertificateAlias(cert);
if(alias != null) {
if (cert instanceof java.security.cert.X509Certificate) {
try {
( (java.security.cert.X509Certificate) cert).checkValidity();
trustedCertificate = true;
} catch(CertificateExpiredException cee) {
// Accept all the certs!
}
}
} else {
// Accept all the certs!
}
}
if (!trustedCertificate) {
// Accept all the certs!
}
peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException(ex);
}
}
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
return null;
}
private KeyStore _loadKeyStore() throws Exception {
FileInputStream trustStoreFis = null;
try {
KeyStore localKeyStore = null;
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";
if (trustStoreType.length() != 0) {
if (trustStoreProvider.length() == 0) {
localKeyStore = KeyStore.getInstance(trustStoreType);
} else {
localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
}
char[] keyStorePass = null;
String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";
if (str5.length() != 0) {
keyStorePass = str5.toCharArray();
}
localKeyStore.load(trustStoreFis, keyStorePass);
if (keyStorePass != null) {
for (int i = 0; i < keyStorePass.length; i++) {
keyStorePass[i] = 0;
}
}
}
return localKeyStore;
} finally {
if (trustStoreFis != null) {
trustStoreFis.close();
}
}
}
};
}
});
} // startHandshake
};
}
}
实现调用方法
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import java.io.*;
import java.net.URL;
public class HttpsUtils {
/**
* content-type类型为xml方式发送post请求
*
* @param urlPath
* @param data
* @param charSet
* @return
*/
public static String postXml(String urlPath, String data, String charSet) {
String result = httpPostData(urlPath, data, charSet, null, "application/json", "application/json");
return result;
}
private static String httpPostData(String urlPath, String data, String charSet, String[] header, String contentType, String accpect) {
String result = "";
URL url = null;
HttpsURLConnection httpurlconnection = null;
OutputStreamWriter out = null;
BufferedReader in = null;
BufferedReader reader = null;
try {
//如果是weblogic服务器,此处有坑,weblogic服务器默认使用soaphttpsurlconnection,而不是httpsURLconnection
//weblogic服务器请用这句 url = new URL(null,urlString,new sun.net.www.protocol.https.Handler());
url = new URL(urlPath);
httpurlconnection = (HttpsURLConnection) url.openConnection();
httpurlconnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
httpurlconnection.setDoInput(true);
httpurlconnection.setDoOutput(true);
httpurlconnection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
if (header != null) {
for (int i = 0; i < header.length; i++) {
String[] content = header[i].split(":");
httpurlconnection.setRequestProperty(content[0], content[1]);
}
}
httpurlconnection.setRequestMethod("POST");
httpurlconnection.setRequestProperty("Content-Type", contentType);
httpurlconnection.connect();
out = new OutputStreamWriter(httpurlconnection.getOutputStream(), charSet); // utf-8编码
out.append(data);
out.flush();
out.close();
int code = httpurlconnection.getResponseCode();
if(code == 200) {
in = new BufferedReader(new InputStreamReader(httpurlconnection.getInputStream(),"utf-8"));
}else{
if(httpurlconnection.getErrorStream()==null){
in = new BufferedReader(new InputStreamReader(httpurlconnection.getInputStream(),"utf-8"));
}else{
in = new BufferedReader(new InputStreamReader(httpurlconnection.getErrorStream(),"utf-8"));
}
}
String line;
while ((line = in.readLine()) != null) {
result += line;
}
return result;
} catch (Exception e) {
e.printStackTrace();
} finally {
url = null;
if (httpurlconnection != null) {
httpurlconnection.disconnect();
}
try {
if (out != null) {
out.close();
}
if (reader != null) {
reader.close();
}
} catch (IOException e) {
// TODO
}
}
return result;
}
}
我采用了utf-8编码,json格式进行了数据传输
import org.apache.http.Consts;
public class post {
/**
* @param args
*/
public static void main(String[] args) {
String url = "https://xxx.xxx.xxx.xxx:xxxx/milestone";
String postVal = "{\"PLAN_DATE\":\"2018-09-26\",\"MILESTONE_NAME\":\"DELIVERY STEAM TURBINE 1\"," +
" \"MILESTONE_CODE\":\"PMON---063\",\"REPORT_TIME\":\"2018-11-13\", \"ORG_CODE\":\"\",\"PROJECT_CODE\":\"\"," +
" \"UPDATE_TIME\":\"2018-11-13\",\"IS_PLAN_DATE_CHANGE\":\"1\",\"COMPLETE_DATE\":\"\"}";
String result = "";
// postXml(url, dtdXml, "UTF-8");
result = HttpsUtils.postXml(url, postVal, Consts.UTF_8.name());
System.out.println(result);
}
}