jdk1.6 支持 tls1.2协议,并解决UnsupportedOperationException问题

最新推荐文章于 2022-09-16 10:06:11 发布
最新推荐文章于 2022-09-16 10:06:11 发布
阅读量6.6k 收藏 14
点赞数 7
CC 4.0 BY-SA版权
分类专栏: Java
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/qq_32445015/article/details/88360253
本文介绍如何在JDK1.6中实现TLS1.2协议支持,解决因服务器仅支持TLS1.2以上协议而产生的连接握手失败问题。通过引入BouncyCastle库,自定义SSLSocketFactory,并重写主机名验证,成功实现HTTPS请求。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

        最近项目遇到 jdk1.6使用https请求服务器,服务器明确做了协议要求,只支持tls1.2及以上协议。目前报错是Remote host closed connection during handshake , 通过查阅资料说jdk1.6版本只支持tls1.0 , ssl 3.0 协议,如果用jdk1.6请求tls1.2协议接口,需要引入第三方库,网上有很多关于调用第三方包重写协议工厂资料代码,但是会主动的抛出一个异常UnsupportedOperationException,主动抛出这些异常导致看不到真实的异常,需要替换主动异常为return null或return 0;

接下来就会看到真实异常了,我这里报的异常是:java.io.IOException: HTTPS hostname wrong:  should be ,在提交请求时解决这个问题

 

引入依赖(jar包下载地址 https://mvnrepository.com/

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

创建协议工厂

import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;
import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
                               boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { return null; }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return null; }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    /*原本这些方法都是直接throw UnsupportedOperationException 导致看不到真实异常*/
                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }
                    @Override public String getCipherSuite() { return null; }
                    @Override public long getCreationTime() { return 0; }
                    @Override public byte[] getId() { return null; }
                    @Override public long getLastAccessedTime() { return 0; }
                    @Override public java.security.cert.Certificate[] getLocalCertificates() { return null; }
                    @Override public Principal getLocalPrincipal() { return null; }
                    @Override public int getPacketBufferSize() { return 0; }
                    @Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                    @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                    @Override public String getPeerHost() { return null; }
                    @Override public int getPeerPort() { return 0; }
                    @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                    @Override public String getProtocol() { return null; }
                    @Override public SSLSessionContext getSessionContext() { return null; }
                    @Override public Object getValue(String arg0) { return null; }
                    @Override public String[] getValueNames() { return null; }
                    @Override public void invalidate() { return; }
                    @Override public boolean isValid() { return true; }
                    @Override public void putValue(String arg0, Object arg1) { return; }
                    @Override
                    public void removeValue(String arg0) {
                        return;
                    }
                };
            }

            @Override public String[] getSupportedProtocols() { return null; }
            @Override public boolean getUseClientMode() { return false; }
            @Override public boolean getWantClientAuth() { return false; }
            @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
            @Override public void setEnableSessionCreation(boolean arg0) { }
            @Override public void setEnabledCipherSuites(String[] arg0) { }
            @Override public void setEnabledProtocols(String[] arg0) { }
            @Override public void setNeedClientAuth(boolean arg0) { }
            @Override public void setUseClientMode(boolean arg0) { }
            @Override public void setWantClientAuth(boolean arg0) { }
            @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {

                            @Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                    // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}

提交请求

	public   String Send(String signData,String signURL,int[] errm) {
		 
		StringBuffer sb = new StringBuffer();
		URL myurl = null;
		try {
			myurl = new URL(signURL);
		} catch (MalformedURLException e1) {
			System.out.println("myurl error:"+e1);
		}
 	 
		HttpsURLConnection con = null;
		try {
		    con = (HttpsURLConnection) myurl.openConnection();
		    con.setSSLSocketFactory(new TLSSocketConnectionFactory());
		    /*用于解决host name wrong问题,重写主机验证方法,如果请求正常可以去掉*/
		    con.setHostnameVerifier(new HostnameVerifier(){
				@Override
				public boolean verify(String hostname, SSLSession session) {
					// TODO Auto-generated method stub
					return true;
				}
		    });
	
		    System.setProperty("sun.net.client.defaultConnectTimeout","300000");  
		    System.setProperty("sun.net.client.defaultReadTimeout", "300000");
			con.setRequestMethod("POST");
			con.setDoOutput(true);
			con.setDoInput(true);
			con.setUseCaches(false);
			con.setInstanceFollowRedirects(true);
			con.setRequestProperty("Content-type", "text/xml;charset=utf-8"); 
			con.setRequestProperty("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)"); 
			System.out.println("start connect");
			con.connect();
			System.out.println("end connect");
		} catch (IOException e1) {
			System.err.println("HttpsURLConnection error:"+e1);
		}

		OutputStream out = null;
		//OutputStreamWriter os = null;
		try { 
	
			out = con.getOutputStream();
			//os = new OutputStreamWriter(out);
			out.write(signData.getBytes("utf-8"));
			out.flush();
			out.close();
			//os.write(signData);
		
			//os.flush();
		} catch (IOException e1) {
			System.out.println("IOException:"+e1);
			 
		}catch(Exception ex){
			System.out.println("HTTPS Exception:"+ex);
			System.out.println(ex.getStackTrace());
		}
		 
		//接收响应 
		
		try {
			
	        System.out.println("responsecode="+con.getResponseCode());
			BufferedReader reader = new BufferedReader(new InputStreamReader(con.getInputStream(), "utf-8"));
			sb.append("");
			String s = reader.readLine();
			while(s!=null){
				sb.append(s);
				s=reader.readLine();
			} 
			reader.close();
			 
			con.disconnect();
		} catch (IOException ioex) {
			System.err.println("https write file error:"+ioex);
		}
 
		return sb.toString();
		 
	}

 

JDK1.6支持Tls1.2协议方法
qq_34097758的博客
05-11 2112
JDK1.6默认支持 TLS 1.0, SSLv3直到JDK1.6_121以上才支持TLSv1.2协议(收费)JDK1.7及以上默认支持TLSv1.1 TLSv1.2最近的工作需要在原有系统中集成访问另一个系统,在请求时https域名时涉及到一些安全性的问题,涉及到了TLS1.2
解决jdk1.6支持TLS1.2协议问题(javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure)
weixin_44450111的博客
12-06 5316
解决jdk1.6支持TLS1.2协议问题 项目场景: 两个系统对接,A方项目基于jdk1.6,B方项目基于jdk1.8,场景中A项目需要调用B项目的远程接口(https) 问题描述: 发现调用失败(javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure) 原因分析: B项目使用JDK1.8,https协议支持TLS1.2,而B项目是JDK1.6默认不支持TLS1.2 ,所以导致捂手失败# 学习目标:
JDK1.6使用BouncyCastle第三方jar支持TSL1.2通过Nginx转发多个HTTPS接口请求
06-05
应用从DMZ迁移到内网后,就不能连接外网了,必须通过代理服务器才能调用第三方接口。使用Nginx作为代理服务器,HTTP的接口代理没有问题,HTPPS的接口代理Java后台总是报错,主要是因为项目使用的JDK1.6,不支持TLS1.2导致握手失败。通过BouncyCastle的第三方jar包可以解决这个问题。也可以使用Nginx的第三方模块ngx_http_proxy_module,配置Nginx作为HTTPS代理服务器解决,不过代码需要修改地方较多。 解压压缩包后文件说明: \doc\conf\nginx.conf:Nginx的转发配置; \doc\conf\haproxy.cfg:Haproxy的转发配置; \doc\conf\proxy\nginx.conf:Nginx作为代理的配置; \doc\gcc:安装Nginx的各个依赖包; \doc\proxy:Nginx的一些源码包,Haproxy源码包,安装步骤可参考readme.txt文件。
解决jdk1.7 不支持TLS1.2问题
02-09 6662
场景   java程序使用https方式调用nessus接口时,使用jdk1.7返回如下内容: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?  使用jdk1.8返回正常 {"token":"f360654233f65d964ed220914ec10916fe206a3d1b1c1b...
java 建立tlsv1.2报错,在Java 1.4中使用TLSV1.2时没有此类算法异常
weixin_31693025的博客
02-24 737
I am trying to hit a webservice which supports TLSv1.2. I am using Java 1.4. It does not support TLSv1.2.Now someone told me that BC could solve my problem.Though does it work with a SSLEngine as drop...
javamail收取邮件(包括附件)
02-22
javamail 实例 获取pop3或者imap方式获取邮件信息,配置运行MailHelper即可.
java tls1.2_如何在Java中设置TLS1.2版本
weixin_33836042的博客
02-15 6440
环境细节:java version "1.7.0_40"Java(TM) SE Runtime Environment (build 1.7.0_40-b43)Java HotSpot(TM) 64-Bit Server VM (build 24.0-b56, mixed mode).我们正在使用jboss-4.2.3.GA和使用ejb的胖客户端.我们尝试通过以下方式设置TLS1.2版本:>...
记录jdk1.6使用协议tls1.2
zhang8790777的博客
08-31 1683
tls1.2
版本JDK解决TLS冲突
热门推荐
Lizo_Is_Me的专栏
09-09 1万+
场景写一个调用第三方登陆的模块,本地开发的时候使用Apache HttpClient时候,就按照一般的POST JSon数据能够正确获取返回数据,但是当部署到线上环境的时候,就报Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 然后google
# JDK6访问https服务出现的Received fatal alert: handshake_failure及连带的protocol_version问题
weixin_43300285的博客
09-16 1330
JDK6访问https服务出现的Received fatal alert: handshake_failure及连带的protocol_version问题
基于TLS协议的秘钥管理与传输
xiaoheye的专栏
02-29 1248
1,秘钥管理 加密系统最重要的环节——如何保证秘钥的安全,本方案的设计思想主要是,解密程序不进行秘钥的存储,而且是向秘钥管理中心进行申请。 秘钥管理中心存储了整个平台的核心密钥,所有的密钥都在这里经过存储密钥加密进行存储。配有管理页面,可以对接入的系统信息进行管理。 管理中心采用多节点部署,秘钥不落地,保存在内存中。各节点相互认证通信,当有一个节点重启,可向其他节点申请存储秘钥,各节点之间的...
jdk1.6 支持 tls1.2协议 忽略身份验证
weixin_30895603的博客
01-20 1072
jdk1.6支持tls1.2协议jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。 引入依赖 <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on<...
JDK1.6支持TSL1.2协议
weixin_42765516的博客
04-28 2341
由于对接项目升级SSL版本,导致我们系统无法访问 jdk1.6支持TSL1.2 测试过可行方法,且包含依赖jar包 资源: 链接:https://pan.baidu.com/s/1LeTIR9u9tsHSgMjV9MuwvA 提取码:qpjo 包含两个依赖jar包,和工具TLSSocketFactory 代理工厂 import org.apache.commons.httpclient.ConnectTimeoutException; import o...
JDK1.6使用BouncyCastle第三方jar支持TSL1.2通过Nginx转发多个HTTPS接口
东海青蛙的专栏
06-05 1988
应用从DMZ迁移到内网后,就不能连接外网了,必须通过代理服务器才能调用第三方接口。使用Nginx作为代理服务器,HTTP的接口代理没有问题,HTTPS的代理采用Nginx的TCP转发模块(Module ngx_stream_core_module)。多个HTTPS接口转发时,需要额外使用preread模块(Module ngx_stream_ssl_preread_module)。...
https认证ssl之上传下载
fanyuanwaifdl的专栏
10-24 428
jdk1.6.0.43及以上1.6版本可以绕过 1.2问题 package nc.impl.pub.filesystem; import org.bouncycastle.crypto.tls.*; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.net.ssl.*; import javax...
1.6JDK访问HTTPS(TLS1.2)
tly_74125的博客
08-21 2008
引入第三方包 bcprov-jdk15on-1.54.jar https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on 请求添加 if (httpsURLConnection instanceof HttpsURLConnection) { if (LOG.isInfoEnabled()) { LOG.info(url + ",识别HttpsURLConnectio...
jdk1.6支持TLS1.2忽略证书验证和用户验证
没忄没肺的博客
08-11 4057
import java.io.*; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.UnknownHostException; import java.security.*; import java.security.cert.*; imp...
评论 13
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值