jdk1.6支持TLS1.2并忽略证书验证和用户验证

最新推荐文章于 2024-05-11 15:45:31 发布
最新推荐文章于 2024-05-11 15:45:31 发布
阅读量3.7k 收藏 9
点赞数 2
分类专栏: java 文章标签: jdk1.6 TLS1.2 JAVA TLS1.2
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_32131937/article/details/98880832
版权

之前搞的https请求,对百度等确实有效,但是拿到生产环境就会抛出异常,这是因为jdk1.6版本不支持TLS1.2协议,而对方平台服务器采用了TLS1.2服务器,此处需要第三方插件
jar包为:bcprov-jdk15on-1.54.jar
首先继承并重写SSLSocketFactory ,原文中存在一些bug,好像说是jdk1.7没问题,但是1.6有问题,我采用的是1.6,对其中的代码进行了调整,使其支持jdk1.6环境

import java.io.*;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
            boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    public int getApplicationBufferSize() {
                        return 0;
                    }

                    public String getCipherSuite() { return "";//throw new UnsupportedOperationException(); 
                    
                    }
                    public long getCreationTime() { throw new UnsupportedOperationException(); }
                     public byte[] getId() { throw new UnsupportedOperationException(); }
                     public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
                     public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
                     public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
                     public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
                     public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                     public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                     public String getPeerHost() { throw new UnsupportedOperationException(); }
                     public int getPeerPort() { return 0; }
                     public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                     public String getProtocol() { throw new UnsupportedOperationException(); }
                     public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
                     public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
                     public String[] getValueNames() { throw new UnsupportedOperationException(); }
                     public void invalidate() { /*throw new UnsupportedOperationException(); */}
                     public boolean isValid() { throw new UnsupportedOperationException(); }
                     public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
                     public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
            };
        }

        @Override public String[] getSupportedProtocols() { return null; }
        @Override public boolean getUseClientMode() { return false; }
        @Override public boolean getWantClientAuth() { return false; }
        @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
        @Override public void setEnableSessionCreation(boolean arg0) { }
        @Override public void setEnabledCipherSuites(String[] arg0) { }
        @Override public void setEnabledProtocols(String[] arg0) { }
        @Override public void setNeedClientAuth(boolean arg0) { }
        @Override public void setUseClientMode(boolean arg0) { }
        @Override public void setWantClientAuth(boolean arg0) { }
        @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                   // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}

实现调用方法

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;

import java.io.*;
import java.net.URL;

public class HttpsUtils {

    /**
     * content-type类型为xml方式发送post请求
     *
     * @param urlPath
     * @param data
     * @param charSet
     * @return
     */
    public static String postXml(String urlPath, String data, String charSet) {
        String result = httpPostData(urlPath, data, charSet, null, "application/json", "application/json");
        return result;
    }

    private static String httpPostData(String urlPath, String data, String charSet, String[] header, String contentType, String accpect) {
        String result = "";
        URL url = null;
        HttpsURLConnection httpurlconnection = null;
        OutputStreamWriter out = null;
        BufferedReader in = null;
        BufferedReader reader = null;
        try {
        //如果是weblogic服务器,此处有坑,weblogic服务器默认使用soaphttpsurlconnection,而不是httpsURLconnection
        //weblogic服务器请用这句   url = new URL(null,urlString,new sun.net.www.protocol.https.Handler()); 
            url = new URL(urlPath);
            httpurlconnection = (HttpsURLConnection) url.openConnection();
            httpurlconnection.setSSLSocketFactory(new TLSSocketConnectionFactory());
            httpurlconnection.setDoInput(true);
            httpurlconnection.setDoOutput(true);
            httpurlconnection.setHostnameVerifier(new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });

            if (header != null) {
                for (int i = 0; i < header.length; i++) {
                    String[] content = header[i].split(":");
                    httpurlconnection.setRequestProperty(content[0], content[1]);
                }
            }

            httpurlconnection.setRequestMethod("POST");
            httpurlconnection.setRequestProperty("Content-Type", contentType);
            httpurlconnection.connect();
            out = new OutputStreamWriter(httpurlconnection.getOutputStream(), charSet); // utf-8编码
            out.append(data);
            out.flush();
            out.close();

            int code = httpurlconnection.getResponseCode();
            if(code == 200) {
            	in = new BufferedReader(new InputStreamReader(httpurlconnection.getInputStream(),"utf-8"));
            }else{
            	if(httpurlconnection.getErrorStream()==null){
            		in = new BufferedReader(new InputStreamReader(httpurlconnection.getInputStream(),"utf-8"));
            	}else{
            		in = new BufferedReader(new InputStreamReader(httpurlconnection.getErrorStream(),"utf-8"));
            	}
            }
            String line;
            while ((line = in.readLine()) != null) {
                result += line;
            }
            
            return result;

        } catch (Exception e) {
            e.printStackTrace();
        } finally {
            url = null;
            if (httpurlconnection != null) {
                httpurlconnection.disconnect();
            }
            try {
                if (out != null) {
                    out.close();
                }
                if (reader != null) {
                    reader.close();
                }
            } catch (IOException e) {
                // TODO
            }
        }
        return result;
    }
}

我采用了utf-8编码,json格式进行了数据传输


import org.apache.http.Consts;

public class post {

	/**
	 * @param args
	 */
	public static void main(String[] args) {
	   String url = "https://xxx.xxx.xxx.xxx:xxxx/milestone";
	   String postVal = "{\"PLAN_DATE\":\"2018-09-26\",\"MILESTONE_NAME\":\"DELIVERY STEAM TURBINE 1\"," +
	   		" \"MILESTONE_CODE\":\"PMON---063\",\"REPORT_TIME\":\"2018-11-13\", \"ORG_CODE\":\"\",\"PROJECT_CODE\":\"\"," +
	   		" \"UPDATE_TIME\":\"2018-11-13\",\"IS_PLAN_DATE_CHANGE\":\"1\",\"COMPLETE_DATE\":\"\"}";
	   String result = "";
//     postXml(url, dtdXml, "UTF-8");
		result = HttpsUtils.postXml(url, postVal, Consts.UTF_8.name());
		System.out.println(result);
		}
	}
没忄没肺
关注
专栏目录
Fliebeat+Kafka+Elasticsearch+Logstash日志分析实战
悦分享
10-08 946
ELK 不是一款软件,而是 Elasticsearch、Logstash 和 Kibana 三种软件产品的首字母缩写。这三者都是开源软件,通常配合使用,而且又先后归于 Elastic.co 公司名下,所以被简称为 ELK Stack。根据 Google Trend 的信息显示,ELK Stack 已经成为目前最流行的集中式日志解决方案。Elasticsearch:分布式搜索和分析引擎,具有高可伸缩、高可靠和易管理等特点。
Jetty使用教程(一)——开始使用Jetty
weixin_30312563的博客
09-02 4040
一、Jetty简介 1.1 什么是Jetty   Jetty是一个提供HHTP服务器、HTTP客户端和javax.servlet容器的开源项目。   这个入门教程分为五个部分: 第一部分部分重点介绍如何使用Jetty,它提供如下信息,如什么是Jetty,从哪可以下载它,怎么在像Maven一样的仓库中找到它。这一部分同样会提供启动Jetty和如何配置Jetty的快速入门。 第...
java1.6 tls1.1_jdk1.6 支持 tls1.2协议 并忽略身份验证
weixin_28909745的博客
02-13 1212
import java.io.*;importjava.net.UnknownHostException;import java.security.*;import java.security.cert.*;import java.util.*;import javax.net.ssl.*;importjavax.security.cert.X509Certificate;import org.b...
JDK1.6支持Tls1.2协议方法
最新发布
qq_34097758的博客
05-11 1185
JDK1.6默认支持 TLS 1.0, SSLv3直到JDK1.6_121以上才支持TLSv1.2协议(收费)JDK1.7及以上默认支持TLSv1.1 TLSv1.2最近的工作需要在原有系统中集成访问另一个系统,在请求时https域名时涉及到一些安全性的问题,涉及到了TLS1.2
JDK1.6支持TSL1.2协议
weixin_42765516的博客
04-28 2166
由于对接项目升级SSL版本,导致我们系统无法访问 jdk1.6支持TSL1.2 测试过可行方法,且包含依赖jar包 资源: 链接:https://pan.baidu.com/s/1LeTIR9u9tsHSgMjV9MuwvA 提取码:qpjo 包含两个依赖jar包,和工具TLSSocketFactory 代理工厂 import org.apache.commons.httpclient.ConnectTimeoutException; import o...
JDK1.6使用BouncyCastle第三方jar支持TSL1.2通过Nginx转发多个HTTPS接口请求
06-05
应用从DMZ迁移到内网后,就不能连接外网了,必须通过代理服务器才能调用第三方接口。使用Nginx作为代理服务器,HTTP的接口代理没有问题,HTPPS的接口代理Java后台总是报错,主要是因为项目使用的JDK1.6,不支持TLS1.2导致握手失败。通过BouncyCastle的第三方jar包可以解决这个问题。也可以使用Nginx的第三方模块ngx_http_proxy_module,配置Nginx作为HTTPS代理服务器解决,不过代码需要修改地方较多。 解压压缩包后文件说明: \doc\conf\nginx.conf:Nginx的转发配置; \doc\conf\haproxy.cfg:Haproxy的转发配置; \doc\conf\proxy\nginx.conf:Nginx作为代理的配置; \doc\gcc:安装Nginx的各个依赖包; \doc\proxy:Nginx的一些源码包,Haproxy源码包,安装步骤可参考readme.txt文件。
jdk1.6 支持 tls1.2协议,并解决UnsupportedOperationException问题
qq_32445015的博客
03-08 6196
最近项目遇到 jdk1.6使用https请求服务器,服务器明确做了协议要求,只支持tls1.2及以上协议。目前的报错是Remote host closed connection during handshake , 通过查阅资料说jdk1.6版本只支持tls1.0 , ssl 3.0 协议,如果用jdk1.6请求tls1.2协议的接口,需要引入第三方库,网上有很多关于调用第三方包重...
jdk1.6 支持 tls1.2协议 并忽略身份验证
weixin_30895603的博客
01-20 964
jdk1.6支持tls1.2协议,jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。 引入依赖 <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on<...
面试04——整理
HRX98的博客
03-12 753
1.抽象类怎么模拟接口 2.项目负责 3.线程与进程 4.List list =new Arraylist(Array.aslist(“a”,“b”,“c”,“d”)); ​ for(s:list){ ​ s.equls(“a”){ ​ s.removes() ​ } ​ } 5.io 异常关闭 应该在哪里关闭 6.public class test{ ​ private int value; ​ public void get(int x){ ​ this.value=x } publ
java面试题
阿江江的博客
03-20 4697
第一章 Java语言 1.Java基础 1.1 为什么Java代码可以实现一次编写、到处运行? 因为有JVM,这是是Java跨平台的关键。 在程序运行前,Java源代码(.java)需要经过编译器编译成字节码(.class)。 在程序运行时,JVM将字节码翻译成特定平台下的机器码并运行,也就是说,只要在不同的平台上安装对应的JVM,就可以运行字节码文件。 注意事项 编译的结果是生成字节码,字节码不能直接运行,必须通过JVM翻译成机器码才能运行; 跨平台的是Java程序、而不是JVM,JVM是C/C++开发
jdk1.6无法使用安全套接字层(SSL)加密连接sqlserver数据库
04-04
解决jdk1.6连接sqlserver:驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接。内含readme文档。根据大神源码打包,本人项目使用无问题,如果对你有帮助的话可以给个好评。
Java如何跳过https的ssl证书验证详解
08-25
主要介绍了Java跳过https的ssl证书验证的解决思路,文中通过示例代码介绍的非常详细,对大家的学习或者工作具有一定的参考学习价值,下面我们来深入学习下吧
解决jdk1.7 不支持TLS1.2的问题
04-26
NULL 博文链接:https://ligaosong.iteye.com/blog/2356346
JDK1.6使用httpclient调用https接口时跳过证书验证
习惯成自然
03-13 5048
笔记
JDK1.6使用BouncyCastle第三方jar支持TSL1.2通过Nginx转发多个HTTPS接口
东海青蛙的专栏
06-05 1851
应用从DMZ迁移到内网后,就不能连接外网了,必须通过代理服务器才能调用第三方接口。使用Nginx作为代理服务器,HTTP的接口代理没有问题,HTTPS的代理采用Nginx的TCP转发模块(Module ngx_stream_core_module)。多个HTTPS接口转发时,需要额外使用preread模块(Module ngx_stream_ssl_preread_module)。...
https认证ssl之上传下载
fanyuanwaifdl的专栏
10-24 380
jdk1.6.0.43及以上1.6版本可以绕过 1.2有问题 package nc.impl.pub.filesystem; import org.bouncycastle.crypto.tls.*; import org.bouncycastle.jce.provider.BouncyCastleProvider; import javax.net.ssl.*; import javax...
解决jdk1.6支持TLS1.2协议的问题(javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure)
latin_06的博客
06-02 1840
jdk1.6忽略证书验证用户验证
Oracle JDK 7 Update 131 b31增强版:默认启用TLS 1.2
Oracle JDK 7 Update 131 b31 (1.7.0_131-b31) 是一个关键的Java Development Kit (JDK) 版本,它引入了对TLS 1.2的支持。在JRE 1.7.0_131-b31中,Oracle官方站点强调了一个重要的更新:客户端端点默认启用了TLS 1.2...
评论 7
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值