Java 1.6 + BouncyCastle + TLS1.2(handshake_failure(40)) [英] Java 1.6 + BouncyCastle + TLS1.2 (handshake_failure(40))
本文介绍了Java 1.6 + BouncyCastle + TLS1.2(handshake_failure(40))的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
就我而言,我有Java 1.6,并且想连接到仅支持TLS1.2的远程服务器.服务器网址为:
2.)在Java中已完成此示例:
import java.io.IOException;导入java.io.BufferedReader;导入java.io.InputStream;导入java.io.InputStreamReader;导入java.net.Socket;导入java.net.URL;导入java.security.MessageDigest;导入java.security.Security;导入java.security.Signature;导入javax.net.ssl.HttpsURLConnection;导入org.bouncycastle.crypto.tls.CertificateRequest;导入org.bouncycastle.crypto.tls.DefaultTlsClient;导入org.bouncycastle.crypto.tls.TlsAuthentication;导入org.bouncycastle.crypto.tls.TlsClientProtocol;导入org.bouncycastle.crypto.tls.TlsCredentials;导入org.bouncycastle.jce.provider.BouncyCastleProvider;公共课程Test3 {公共静态签名podpis = null;公共静态MessageDigest md = null;静止的 {尝试 {Security.addProvider(new BouncyCastleProvider());} catch(ex Exception){ex.printStackTrace();}}公共静态void main(String [] args)引发异常{字符串httpsURL ="https://blagajne-test.fu.gov.si:9002";URL myurl =新URL(httpsURL);HttpsURLConnection con =(HttpsURLConnection)myurl.openConnection();con.setSSLSocketFactory(new TLSSocketConnectionFactory());InputStream ins = con.getInputStream();}} 和
import java.io.ByteArrayInputStream;导入java.io.ByteArrayOutputStream;导入java.io.DataOutputStream;导入java.io.File;导入java.io.FileInputStream;导入java.io.IOException;导入java.io.InputStream;导入java.io.OutputStream;导入java.net.InetAddress;导入java.net.InetSocketAddress;导入java.net.Socket;导入java.net.UnknownHostException;导入java.security.KeyStore;导入java.security.Principal;导入java.security.SecureRandom;导入java.security.Security;导入java.security.cert.CertificateException;导入java.security.cert.CertificateExpiredException;导入java.security.cert.CertificateFactory;导入java.util.Hashtable;导入java.util.LinkedList;导入java.util.List;导入javax.net.ssl.HandshakeCompletedEvent;导入javax.net.ssl.HandshakeCompletedListener;导入javax.net.ssl.SSLPeerUnverifiedException;导入javax.net.ssl.SSLSession;导入javax.net.ssl.SSLSessionContext;导入javax.net.ssl.SSLSocket;导入javax.net.ssl.SSLSocketFactory;导入javax.security.cert.X509Certificate;导入org.apache.commons.logging.Log;导入org.bouncycastle.crypto.tls.Certificate;导入org.bouncycastle.crypto.tls.CertificateRequest;导入org.bouncycastle.crypto.tls.DefaultTlsClient;导入org.bouncycastle.crypto.tls.ExtensionType;导入org.bouncycastle.crypto.tls.TlsAuthentication;导入org.bouncycastle.crypto.tls.TlsClientProtocol;导入org.bouncycastle.crypto.tls.TlsCredentials;导入org.bouncycastle.jce.provider.BouncyCastleProvider;公共类TLSSocketConnectionFactory扩展了SSLSocketFactory {//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////添加自定义BouncyCastleProvider/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////静止的 {如果(Security.getProvider(BouncyCastleProvider.PROVIDER_NAME)== null){Security.addProvider(new BouncyCastleProvider());}}//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////安全范围////////////////////////////////////////////////////////////////////////////////////////////////////////////////////私有SecureRandom _secureRandom =新的SecureRandom();//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////添加自定义BouncyCastleProvider/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////@Override公共套接字createSocket(套接字套接字,最终的字符串主机,int端口,布尔arg3)引发IOException {if(socket == null){socket = new Socket();}如果(!socket.isConnected()){socket.connect(新的InetSocketAddress(主机,端口));}最后的TlsClientProtocol tlsClientProtocol =新的TlsClientProtocol(socket.getInputStream(),socket.getOutputStream(),_ secureRandom);返回_createSSLSocket(host,tlsClientProtocol);}//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////插座的制造方法////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////@Overridepublic String [] getDefaultCipherSuites(){返回null;}@Overridepublic String [] getSupportedCipherSuites(){返回null;}@Override公共套接字createSocket(String host,int端口)引发IOException,UnknownHostException {返回null;}@Override公共套接字createSocket(InetAddress主机,int端口)抛出IOException {返回null;}@Override公共套接字createSocket(String host,int端口,InetAddress localHost,int localPort)引发IOException,UnknownHostException {返回null;}@Override公共套接字createSocket(InetAddress地址,int端口,InetAddress localAddress,int localPort)引发IOException {返回null;}//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////SOCKET CREATION////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////私人SSLSocket _createSSLSocket(最终的字符串主机,最终的TlsClientProtocol tlsClientProtocol){返回新的SSLSocket(){私有java.security.cert.Certificate [] peertCerts;@Override公共InputStream getInputStream()引发IOException {返回tlsClientProtocol.getInputStream();}@Override公共OutputStream getOutputStream()引发IOException {返回tlsClientProtocol.getOutputStream();}@Override公共同步void close()引发IOException {tlsClientProtocol.close();}@Override公共无效的addHandshakeCompletedListener(HandshakeCompletedListener arg0){}@Overridepublic boolean getEnableSessionCreation(){返回false;}@Overridepublic String [] getEnabledCipherSuites(){返回null;}@Overridepublic String [] getEnabledProtocols(){返回null;}@Overridepublic boolean getNeedClientAuth(){返回false;}@Override公共SSLSession getSession(){返回新的SSLSession(){@Overridepublic int getApplicationBufferSize(){返回0;}@Override公共字符串getCipherSuite(){抛出新的UnsupportedOperationException();}@Override公共长getCreationTime(){抛出新的UnsupportedOperationException();}@Override公共字节[] getId(){抛出新的UnsupportedOperationException();}@Override公共长getLastAccessedTime(){抛出新的UnsupportedOperationException();}@Override公共java.security.cert.Certificate [] getLocalCertificates(){抛出新的UnsupportedOperationException();}@Overridepublic Principal getLocalPrincipal(){抛出新的UnsupportedOperationException();}@Overridepublic int getPacketBufferSize(){抛出新的UnsupportedOperationException();}@Override公共X509Certificate [] getPeerCertificateChain()引发SSLPeerUnverifiedException {返回null;}@Overridepublic java.security.cert.Certificate [] getPeerCertificates()抛出SSLPeerUnverifiedException {返回peertCerts;}@Override公共字符串getPeerHost(){抛出新的UnsupportedOperationException();}@Overridepublic int getPeerPort(){返回0;}@Override公共主体getPeerPrincipal()抛出SSLPeerUnverifiedException {返回null;//抛出新的UnsupportedOperationException();}@Override公共字符串getProtocol(){抛出新的UnsupportedOperationException();}@Override公共SSLSessionContext getSessionContext(){抛出新的UnsupportedOperationException();}@Override公共对象getValue(String arg0){抛出新的UnsupportedOperationException();}@Override公共字符串[] getValueNames(){抛出新的UnsupportedOperationException();}@Override公共无效invalidate(){抛出新的UnsupportedOperationException();}@Override公共布尔isValid(){抛出新的UnsupportedOperationException();}@Overridepublic void putValue(String arg0,Object arg1){抛出新的UnsupportedOperationException();}@Override公共无效removeValue(String arg0){抛出新的UnsupportedOperationException();}};}@Overridepublic String [] getSupportedProtocols(){返回null;}@Overridepublic boolean getUseClientMode(){返回false;}@Overridepublic boolean getWantClientAuth(){返回false;}@Override公共无效removeHandshakeCompletedListener(HandshakeCompletedListener arg0){}@Override公共无效setEnableSessionCreation(boolean arg0){}@Override公共无效setEnabledCipherSuites(String [] arg0){}@Override公共无效setEnabledProtocols(String [] arg0){}@Override公共无效setNeedClientAuth(boolean arg0){}@Override公共无效setUseClientMode(boolean arg0){}@Override公共无效setWantClientAuth(boolean arg0){}@Overridepublic String [] getSupportedCipherSuites(){返回null;}@Overridepublic void startHandshake()引发IOException {tlsClientProtocol.connect(new DefaultTlsClient(){@SuppressWarnings(未选中")@Overridepublic Hashtable< Integer,byte []>getClientExtensions()引发IOException {Hashtable<整数,字节[]>clientExtensions = super.getClientExtensions();如果(clientExtensions == null){clientExtensions = new Hashtable< Integer,byte []>();}//添加主机名byte [] host_name = host.getBytes();最终的ByteArrayOutputStream baos = new ByteArrayOutputStream();最终的DataOutputStream dos = new DataOutputStream(baos);dos.writeShort(host_name.length + 3);dos.writeByte(0);//dos.writeShort(host_name.length);dos.write(host_name);dos.close();clientExtensions.put(ExtensionType.server_name,baos.toByteArray());返回clientExtensions;}@Override公共TlsAuthentication getAuthentication()引发IOException {返回新的TlsAuthentication(){@Override公共无效notifyServerCertificate(Certificate serverCertificate)引发IOException {尝试 {密钥库ks = _loadKeyStore();CertificateFactory cf = CertificateFactory.getInstance("X.509");列出< java.security.cert.Certificate>certs =新的LinkedList< java.security.cert.Certificate>();布尔值trustCertificate = false;对于(org.bouncycastle.asn1.x509.Certificate c:serverCertificate.getCertificateList()){java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));certs.add(cert);字符串别名= ks.getCertificateAlias(cert);if(alias!= null){如果(java.security.cert.X509Certificate的证书实例){尝试 {(((java.security.cert.X509Certificate)cert).checkValidity();trustCertificate = true;} catch(CertificateExpiredException cee){cee.printStackTrace();}}} 别的 {System.out.println(->");}}如果(!trustedCertificate){抛出新的CertificateException("Unknown cert" + serverCertificate);}peertCerts = certs.toArray(new java.security.cert.Certificate [0]);} catch(ex Exception){ex.printStackTrace();抛出新的IOException(ex);}}@Override公共TlsCredentials getClientCredentials(CertificateRequest arg0)引发IOException {返回null;}/***用系统或方法加载keyStore的私有方法*默认属性.** @返回* @throws异常*/私人KeyStore _loadKeyStore()引发异常{FileInputStream trustStoreFis = null;尝试 {字符串sysTrustStore = null;文件trustStoreFile = null;KeyStore localKeyStore = null;sysTrustStore = System.getProperty("javax.net.ssl.trustStore");字符串javaHome;如果(!"NONE" .equals(sysTrustStore)){如果(sysTrustStore!= null){trustStoreFile =新文件(sysTrustStore);trustStoreFis = _getFileInputStream(trustStoreFile);} 别的 {javaHome = System.getProperty("java.home");trustStoreFile =新文件(javaHome + File.separator +"lib" + File.separator +安全性" + File.separator +"jssecacerts");如果((trustStoreFis = _getFileInputStream(trustStoreFile))== null){trustStoreFile =新文件(javaHome + File.separator +"lib" + File.separator +安全性" + File.separator +证书");trustStoreFis = _getFileInputStream(trustStoreFile);}}如果(trustStoreFis!= null){sysTrustStore = trustStoreFile.getPath();} 别的 {sysTrustStore =没有文件可用,使用空密钥库.}}System.out.println("sysTrustStore:" + sysTrustStore);字符串trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!= null吗?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();字符串trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=空吗?System.getProperty("javax.net.ssl.trustStoreProvider"):";如果(trustStoreType.length()!= 0){如果(trustStoreProvider.length()== 0){localKeyStore = KeyStore.getInstance(trustStoreType);} 别的 {localKeyStore = KeyStore.getInstance(trustStoreType,trustStoreProvider);}char [] keyStorePass = null;字符串str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=空吗?System.getProperty("javax.net.ssl.trustStorePassword"):";如果(str5.length()!= 0){keyStorePass = str5.toCharArray();}localKeyStore.load(trustStoreFis,(char [])keyStorePass);如果(keyStorePass!= null){for(int i = 0; i< keyStorePass.length; i ++){keyStorePass [i] = 0;}}}返回(KeyStore)localKeyStore;} 最后 {如果(trustStoreFis!= null){trustStoreFis.close();}}}私人FileInputStream _getFileInputStream(File paramFile)引发异常{如果(paramFile.exists()){返回新的FileInputStream(paramFile);}返回null;}};}});}};//插座}} 当我执行主程序时,我得到:
我做错了什么,或者为什么我找回了那个异常?
解决方案
请切换至1.55版,即可解决此问题...
In my case, I have Java 1.6 and want to connect to a remote server which only supports TLS1.2. Server URL is: https://blagajne-test.fu.gov.si:9002 and certificate public key is here: http://datoteke.durs.gov.si/dpr/files/test-tls.cer
I have no possibility to upgrade Java because is a part of Oracle Database 11g (11.4).
I tried to write a simple program in Java which uses BouncyCastel libraries but got error: Exception in thread "main"
org.bouncycastle.crypto.tls.TlsFatalAlertReceived: handshake_failure(40)
at org.bouncycastle.crypto.tls.TlsProtocol.handleAlertMessage(Unknown Source)
The step I have followed was:
1.) have downloaded test-tls.cer and imported the key into jssacerts and cacerts.
2.) In Java have done this example:
import java.io.IOException;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URL;
import java.security.MessageDigest;
import java.security.Security;
import java.security.Signature;
import javax.net.ssl.HttpsURLConnection;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class Test3 {
public static Signature podpis = null;
public static MessageDigest md = null;
static {
try {
Security.addProvider(new BouncyCastleProvider());
} catch (Exception ex) {
ex.printStackTrace();
}
}
public static void main(String[] args) throws Exception {
String httpsURL = "https://blagajne-test.fu.gov.si:9002";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection )myurl.openConnection();
con.setSSLSocketFactory(new TLSSocketConnectionFactory());
InputStream ins = con.getInputStream();
}
}
and
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;
import javax.net.ssl.HandshakeCompletedEvent;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ExtensionType;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class TLSSocketConnectionFactory extends SSLSocketFactory {
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Adding Custom BouncyCastleProvider
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
static {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
//SECURE RANDOM
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
private SecureRandom _secureRandom = new SecureRandom();
//////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Adding Custom BouncyCastleProvider
///////////////////////////////////////////////////////////////////////////////////////////////////////////////
@Override
public Socket createSocket(Socket socket, final String host, int port, boolean arg3)
throws IOException {
if (socket == null) {
socket = new Socket();
}
if (!socket.isConnected()) {
socket.connect(new InetSocketAddress(host, port));
}
final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), _secureRandom);
return _createSSLSocket(host, tlsClientProtocol);
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// SOCKET FACTORY METHODS
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
@Override
public String[] getDefaultCipherSuites() {
return null;
}
@Override
public String[] getSupportedCipherSuites() {
return null;
}
@Override
public Socket createSocket(String host,
int port) throws IOException, UnknownHostException {
return null;
}
@Override
public Socket createSocket(InetAddress host,
int port) throws IOException {
return null;
}
@Override
public Socket createSocket(String host,
int port,
InetAddress localHost,
int localPort) throws IOException, UnknownHostException {
return null;
}
@Override
public Socket createSocket(InetAddress address,
int port,
InetAddress localAddress,
int localPort) throws IOException {
return null;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//SOCKET CREATION
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
return new SSLSocket() {
private java.security.cert.Certificate[] peertCerts;
@Override
public InputStream getInputStream() throws IOException {
return tlsClientProtocol.getInputStream();
}
@Override
public OutputStream getOutputStream() throws IOException {
return tlsClientProtocol.getOutputStream();
}
@Override
public synchronized void close() throws IOException {
tlsClientProtocol.close();
}
@Override
public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {
}
@Override
public boolean getEnableSessionCreation() {
return false;
}
@Override
public String[] getEnabledCipherSuites() {
return null;
}
@Override
public String[] getEnabledProtocols() {
return null;
}
@Override
public boolean getNeedClientAuth() {
return false;
}
@Override
public SSLSession getSession() {
return new SSLSession() {
@Override
public int getApplicationBufferSize() {
return 0;
}
@Override
public String getCipherSuite() {
throw new UnsupportedOperationException();
}
@Override
public long getCreationTime() {
throw new UnsupportedOperationException();
}
@Override
public byte[] getId() {
throw new UnsupportedOperationException();
}
@Override
public long getLastAccessedTime() {
throw new UnsupportedOperationException();
}
@Override
public java.security.cert.Certificate[] getLocalCertificates() {
throw new UnsupportedOperationException();
}
@Override
public Principal getLocalPrincipal() {
throw new UnsupportedOperationException();
}
@Override
public int getPacketBufferSize() {
throw new UnsupportedOperationException();
}
@Override
public X509Certificate[] getPeerCertificateChain()
throws SSLPeerUnverifiedException {
return null;
}
@Override
public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {
return peertCerts;
}
@Override
public String getPeerHost() {
throw new UnsupportedOperationException();
}
@Override
public int getPeerPort() {
return 0;
}
@Override
public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {
return null;
//throw new UnsupportedOperationException();
}
@Override
public String getProtocol() {
throw new UnsupportedOperationException();
}
@Override
public SSLSessionContext getSessionContext() {
throw new UnsupportedOperationException();
}
@Override
public Object getValue(String arg0) {
throw new UnsupportedOperationException();
}
@Override
public String[] getValueNames() {
throw new UnsupportedOperationException();
}
@Override
public void invalidate() {
throw new UnsupportedOperationException();
}
@Override
public boolean isValid() {
throw new UnsupportedOperationException();
}
@Override
public void putValue(String arg0, Object arg1) {
throw new UnsupportedOperationException();
}
@Override
public void removeValue(String arg0) {
throw new UnsupportedOperationException();
}
};
}
@Override
public String[] getSupportedProtocols() {
return null;
}
@Override
public boolean getUseClientMode() {
return false;
}
@Override
public boolean getWantClientAuth() {
return false;
}
@Override
public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {
}
@Override
public void setEnableSessionCreation(boolean arg0) {
}
@Override
public void setEnabledCipherSuites(String[] arg0) {
}
@Override
public void setEnabledProtocols(String[] arg0) {
}
@Override
public void setNeedClientAuth(boolean arg0) {
}
@Override
public void setUseClientMode(boolean arg0) {
}
@Override
public void setWantClientAuth(boolean arg0) {
}
@Override
public String[] getSupportedCipherSuites() {
return null;
}
@Override
public void startHandshake() throws IOException {
tlsClientProtocol.connect(new DefaultTlsClient() {
@SuppressWarnings("unchecked")
@Override
public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
if (clientExtensions == null) {
clientExtensions = new Hashtable<Integer, byte[]>();
}
//Add host_name
byte[] host_name = host.getBytes();
final ByteArrayOutputStream baos = new ByteArrayOutputStream();
final DataOutputStream dos = new DataOutputStream(baos);
dos.writeShort(host_name.length + 3);
dos.writeByte(0); //
dos.writeShort(host_name.length);
dos.write(host_name);
dos.close();
clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
return clientExtensions;
}
@Override
public TlsAuthentication getAuthentication()
throws IOException {
return new TlsAuthentication() {
@Override
public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
try {
KeyStore ks = _loadKeyStore();
CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
boolean trustedCertificate = false;
for (org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
certs.add(cert);
String alias = ks.getCertificateAlias(cert);
if (alias != null) {
if (cert instanceof java.security.cert.X509Certificate) {
try {
((java.security.cert.X509Certificate) cert).checkValidity();
trustedCertificate = true;
} catch (CertificateExpiredException cee) {
cee.printStackTrace();
}
}
} else {
System.out.println("-->");
}
}
if (!trustedCertificate) {
throw new CertificateException("Unknown cert " + serverCertificate);
}
peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException(ex);
}
}
@Override
public TlsCredentials getClientCredentials(CertificateRequest arg0)
throws IOException {
return null;
}
/**
* Private method to load keyStore with system or
* default properties.
*
* @return
* @throws Exception
*/
private KeyStore _loadKeyStore() throws Exception {
FileInputStream trustStoreFis = null;
try {
String sysTrustStore = null;
File trustStoreFile = null;
KeyStore localKeyStore = null;
sysTrustStore = System.getProperty("javax.net.ssl.trustStore");
String javaHome;
if (!"NONE".equals(sysTrustStore)) {
if (sysTrustStore != null) {
trustStoreFile = new File(sysTrustStore);
trustStoreFis = _getFileInputStream(trustStoreFile);
} else {
javaHome = System.getProperty("java.home");
trustStoreFile = new File(javaHome + File.separator + "lib" + File.separator + "security" + File.separator + "jssecacerts");
if ((trustStoreFis = _getFileInputStream(trustStoreFile)) == null) {
trustStoreFile = new File(javaHome + File.separator + "lib" + File.separator + "security" + File.separator + "cacerts");
trustStoreFis = _getFileInputStream(trustStoreFile);
}
}
if (trustStoreFis != null) {
sysTrustStore = trustStoreFile.getPath();
} else {
sysTrustStore = "No File Available, using empty keystore.";
}
}
System.out.println("sysTrustStore: " +sysTrustStore);
String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";
if (trustStoreType.length() != 0) {
if (trustStoreProvider.length() == 0) {
localKeyStore = KeyStore.getInstance(trustStoreType);
} else {
localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
}
char[] keyStorePass = null;
String str5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";
if (str5.length() != 0) {
keyStorePass = str5.toCharArray();
}
localKeyStore.load(trustStoreFis, (char[]) keyStorePass);
if (keyStorePass != null) {
for (int i = 0; i < keyStorePass.length; i++) {
keyStorePass[i] = 0;
}
}
}
return (KeyStore) localKeyStore;
} finally {
if (trustStoreFis != null) {
trustStoreFis.close();
}
}
}
private FileInputStream _getFileInputStream(File paramFile) throws Exception {
if (paramFile.exists()) {
return new FileInputStream(paramFile);
}
return null;
}
};
}
});
}
};//Socket
}
}
When I execute the main program I got:
What I'm doing wrong or why I get back that exception?
解决方案
Please switch to Version 1.55 this will fix the issue...
这篇关于Java 1.6 + BouncyCastle + TLS1.2(handshake_failure(40))的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
