EAS BOS 默认JDK1.6发送https请求缺少TLSv1.2证书导致接口报错

已于 2023-04-10 11:39:22 修改
阅读量1k 收藏 2
点赞数 2
文章标签: java https http
于 2023-03-20 16:02:42 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_40165784/article/details/129669333
版权

解决jdk1.6不支持TLS1.2协议的问题
项目场景:
两个系统对接,A方项目基于jdk1.6,B方项目基于jdk1.8,场景中A项目需要调用B项目的远程接口(https)

问题描述:
发现调用失败(javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure)
javax.net.ssl.SSLException: Received fatal alert: protocol_version
原因分析:
B项目使用JDK1.8,https协议支持TLS1.2,而A项目是JDK1.6默认不支持TLS1.2 ,所以导致握手失败

是maven项目的,通过maven下载jar包, 不是maven项目的按照最下边的下载相应的jar包

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

编写工具类,该工具类是用来创建conn时使用,详见下边的代码调用接口测试 createConnection 方法

```java
package com.kingdee.eas.custom.devinterface.approval.util;
import java.io.ByteArrayInputStream;  
import java.io.ByteArrayOutputStream;  
import java.io.DataOutputStream;  
import java.io.FileInputStream;  
import java.io.IOException;  
import java.io.InputStream;  
import java.io.OutputStream;  
import java.net.InetAddress;  
import java.net.InetSocketAddress;  
import java.net.Socket;  
import java.net.UnknownHostException;  
import java.security.KeyStore;  
import java.security.Principal;  
import java.security.SecureRandom;  
import java.security.Security;  
import java.security.cert.CertificateExpiredException;  
import java.security.cert.CertificateFactory;  
import java.util.Hashtable;  
import java.util.LinkedList;  
import java.util.List;  
   
import javax.net.ssl.HandshakeCompletedListener;  
import javax.net.ssl.SSLPeerUnverifiedException;  
import javax.net.ssl.SSLSession;  
import javax.net.ssl.SSLSessionContext;  
import javax.net.ssl.SSLSocket;  
import javax.net.ssl.SSLSocketFactory;  
import javax.security.cert.X509Certificate;
   
import org.bouncycastle.crypto.tls.*;  
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TLSSocketConnectionFactory extends SSLSocketFactory {
	 static {  
	        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {  
	            Security.addProvider(new BouncyCastleProvider());  
	        }  
	    }  
	   
	    @Override 
	    public Socket createSocket(Socket socket, final String host, int port, boolean arg3) throws IOException {  
	        if (socket == null) {  
	            socket = new Socket();  
	        }  
	        if (!socket.isConnected()) {  
	            socket.connect(new InetSocketAddress(host, port));  
	        }  
	   
	      final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom());  
	   
	        return _createSSLSocket(host, tlsClientProtocol);  
	    }  
	   
	    @Override 
	    public String[] getDefaultCipherSuites() {  
	        return null;  
	    }  
	   
	    @Override 
	    public String[] getSupportedCipherSuites() {  
	        return null;  
	    }  
	   
	    @Override 
	    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {  
	        throw new UnsupportedOperationException();  
	    }  
	   
	    @Override 
	    public Socket createSocket(InetAddress host, int port) throws IOException {  
	        throw new UnsupportedOperationException();  
	    }  
	   
	    @Override 
	    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {  
	        return null;  
	    }  
	   
	    @Override 
	    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {  
	        throw new UnsupportedOperationException();  
	    }  
	   
	    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {  
	        return new SSLSocket() {  
	            private java.security.cert.Certificate[] peertCerts;  
	   
	            @Override 
	            public InputStream getInputStream() throws IOException {  
	                return tlsClientProtocol.getInputStream();  
	            }  
	   
	            @Override 
	            public OutputStream getOutputStream() throws IOException {  
	                return tlsClientProtocol.getOutputStream();  
	            }  
	   
	            @Override 
	            public synchronized void close() throws IOException {  
	                tlsClientProtocol.close();  
	            }  
	   
	            @Override 
	            public void addHandshakeCompletedListener(HandshakeCompletedListener arg0) {  
	            }  
	   
	            @Override 
	            public boolean getEnableSessionCreation() {  
	                return false;  
	            }  
	   
	            @Override 
	            public String[] getEnabledCipherSuites() {  
	                return null;  
	            }  
	   
	            @Override 
	            public String[] getEnabledProtocols() {  
	                return null;  
	            }  
	   
	            @Override 
	            public boolean getNeedClientAuth() {  
	                return false;  
	            }  
	   
	            @Override 
	            public SSLSession getSession() {  
	                return new SSLSession() {  
	   
	                    @Override 
	                    public int getApplicationBufferSize() {  
	                        return 0;  
	                    }  
	   
	                    @Override 
	                    public String getCipherSuite() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public long getCreationTime() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public byte[] getId() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public long getLastAccessedTime() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public java.security.cert.Certificate[] getLocalCertificates() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public Principal getLocalPrincipal() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public int getPacketBufferSize() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException {  
	                        return null;  
	                    }  
	   
	                    @Override 
	                    public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException {  
	                        return peertCerts;  
	                    }  
	   
	                    @Override 
	                    public String getPeerHost() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public int getPeerPort() {  
	                        return 0;  
	                    }  
	   
	                    @Override 
	                    public Principal getPeerPrincipal() throws SSLPeerUnverifiedException {  
	                        return null;  
	                    }  
	   
	                    @Override 
	                    public String getProtocol() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public SSLSessionContext getSessionContext() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public Object getValue(String arg0) {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public String[] getValueNames() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public void invalidate() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public boolean isValid() {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public void putValue(String arg0, Object arg1) {  
	                        throw new UnsupportedOperationException();  
	                    }  
	   
	                    @Override 
	                    public void removeValue(String arg0) {  
	                        throw new UnsupportedOperationException();  
	                    }  
	                };  
	            }  
	   
	            @Override 
	            public String[] getSupportedProtocols() {  
	                return null;  
	            }  
	   
	            @Override 
	            public boolean getUseClientMode() {  
	                return false;  
	            }  
	   
	            @Override 
	            public boolean getWantClientAuth() {  
	                return false;  
	            }  
	   
	            @Override 
	            public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) {  
	            }  
	   
	            @Override 
	            public void setEnableSessionCreation(boolean arg0) {  
	            }  
	   
	            @Override 
	            public void setEnabledCipherSuites(String[] arg0) {  
	            }  
	   
	            @Override 
	            public void setEnabledProtocols(String[] arg0) {  
	            }  
	   
	            @Override 
	            public void setNeedClientAuth(boolean arg0) {  
	            }  
	   
	            @Override 
	            public void setUseClientMode(boolean arg0) {  
	            }  
	   
	            @Override 
	            public void setWantClientAuth(boolean arg0) {  
	            }  
	   
	            @Override 
	            public String[] getSupportedCipherSuites() {  
	                return null;  
	            }  
	   
	            @Override 
	            public void startHandshake() throws IOException 
	            {  
	                tlsClientProtocol.connect(new DefaultTlsClient() {  
	   
	                    @SuppressWarnings("unchecked")  
	                    @Override 
	                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException{  
	                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();  
	                        if (clientExtensions == null) {  
	                            clientExtensions = new Hashtable<Integer, byte[]>();  
	                        }  
	   
	                        //Add host_name  
	                        byte[] host_name = host.getBytes();  
	   
	                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();  
	                        final DataOutputStream dos = new DataOutputStream(baos);  
	                        dos.writeShort(host_name.length + 3);  
	                        dos.writeByte(0);  
	                        dos.writeShort(host_name.length);  
	                        dos.write(host_name);  
	                        dos.close();  
	                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());  
	                        return clientExtensions;  
	                    }  
	   
	                    @Override 
	                    public TlsAuthentication getAuthentication() throws IOException {  
	                        return new TlsAuthentication() {  
	                            @Override 
	                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {  
	                                try {  
	                                    KeyStore ks = _loadKeyStore();  
	   
	                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");  
	                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();  
	                                    boolean trustedCertificate = false;  
	                                    for (org.bouncycastle.asn1.x509.Certificate  c : ((org.bouncycastle.crypto.tls.Certificate) serverCertificate).getCertificateList()) {  
	                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));  
	                                        certs.add(cert);  
	   
	                                        String alias = ks.getCertificateAlias(cert);  
	                                        if (alias != null) {  
	                                            if (cert instanceof java.security.cert.X509Certificate) {  
	                                                try {  
	                                                    ((java.security.cert.X509Certificate) cert).checkValidity();  
	                                                    trustedCertificate = true;  
	                                                } catch (CertificateExpiredException cee) {  
	                                                    // Accept all the certs!  
	                                                }  
	                                            }  
	                                        } else {  
	                                            // Accept all the certs!  
	                                        }  
	   
	                                    }  
	                                    if (!trustedCertificate) {  
	                                        // Accept all the certs!  
	                                    }  
	                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);  
	                                } catch (Exception ex) {  
	                                    ex.printStackTrace();  
	                                    throw new IOException(ex);  
	                                }  
	                            }  
	   
	                            @Override 
	                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {  
	                                return null;  
	                            }  
	   
	                            private KeyStore _loadKeyStore() throws Exception {  
	                                FileInputStream trustStoreFis = null;  
	                                try {  
	                                    KeyStore localKeyStore = null;  
	   
	                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType") != null ? System.getProperty("javax.net.ssl.trustStoreType") : KeyStore.getDefaultType();  
	                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider") != null ? System.getProperty("javax.net.ssl.trustStoreProvider") : "";  
	   
	                                    if (trustStoreType.length() != 0) {  
	                                        if (trustStoreProvider.length() == 0) {  
	                                            localKeyStore = KeyStore.getInstance(trustStoreType);  
	                                        } else {  
	                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);  
	                                        }  
	   
	                                        char[] keyStorePass = null;  
	                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword") != null ? System.getProperty("javax.net.ssl.trustStorePassword") : "";  
	   
	                                        if (str5.length() != 0) {  
	                                            keyStorePass = str5.toCharArray();  
	                                        }  
	   
	                                        localKeyStore.load(trustStoreFis, keyStorePass);  
	   
	                                        if (keyStorePass != null) {  
	                                            for (int i = 0; i < keyStorePass.length; i++) {  
	                                                keyStorePass[i] = 0;  
	                                            }  
	                                        }  
	                                    }  
	                                    return localKeyStore;  
	                                } finally {  
	                                    if (trustStoreFis != null) {  
	                                        trustStoreFis.close();  
	                                    }  
	                                }  
	                            }  
	   
	                        };  
	                    }  
	   
	                });  
	            } // startHandshake  
	        };  
	    }  
}

下载jar包,然后放入到bos开发工具对应的文件夹
解决方案2:1.下载bcprov-jdk15on-1.54.jar地址为:https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.54
2.下载bcprov-ext-jdk15on-1.54.jar地址为:https://mvnrepository.com/artifact/org.bouncycastle/bcprov-ext-jdk15on/1.54
3.将下载的jar包放在“ J A V A H O M E / j r e / l i b / e x t ”目录下。 4. “ JAVA_HOME/jre/lib/ext”目录下。 4.“ JAVAHOME/jre/lib/ext目录下。4.“JAVA_HOME/jre/lib/security/”(BOS 工具路径bos\BOSModular\jdk\jre\lib\security)对这个路径下的java.security文件进行修改 找到security.provider.9,然后在这句话下面加上:security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider。

编写代码调用接口测试


```java
在这里插入代码片
	/**
	 * 解决JDK1.7、JDK1.6不支持 TLS1.2 问题
	 * 这是个工具类
	 * @param uri
	 * @return
	 * @throws IOException
	 */
	public HttpURLConnection createConnection(URI uri) throws IOException {  
        URL url = uri.toURL();  
        URLConnection connection = url.openConnection();  
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) connection;  
        httpsURLConnection.setSSLSocketFactory(new TLSSocketConnectionFactory());  
        return httpsURLConnection;  
    }
    /**
     * 以post方式调用对方接口方法
     * @param pathUrl
     */
    public static String doPost(String pathUrl,String token , String data){
        OutputStreamWriter out = null;
        BufferedReader br = null;
        String result = "";
        try {
        	HttpClientUtil client = new HttpClientUtil();  
    		HttpURLConnection conn = client.createConnection(new URI(pathUrl ));
            //设定请求的方法为"POST",默认是GET
            //post与get的不同之处在于post的参数不是放在URL字串里面,而是放在http请求的正文内。
            conn.setRequestMethod("POST");
            //设置30秒连接超时
            conn.setConnectTimeout(30000);
            //设置30秒读取超时
            conn.setReadTimeout(30000);
            // 设置是否向httpUrlConnection输出,因为这个是post请求,参数要放在http正文内,因此需要设为true, 默认情况下是false;
            conn.setDoOutput(true);
            // 设置是否从httpUrlConnection读入,默认情况下是true;
            conn.setDoInput(true);
            // Post请求不能使用缓存
            conn.setUseCaches(false);
            //设置通用的请求属性
            conn.setRequestProperty("accept", "*/*");
            conn.setRequestProperty("connection", "Keep-Alive");  //维持长链接
            conn.setRequestProperty("Content-Type", "application/json;charset=utf-8");
            conn.setRequestProperty("Authorization", "Bearer "+token); //放入token
            //连接,从上述url.openConnection()至此的配置必须要在connect之前完成,
            conn.connect();
            /**
             * 下面的三句代码,就是调用第三方http接口
             */
            //获取URLConnection对象对应的输出流
            //此处getOutputStream会隐含的进行connect(即:如同调用上面的connect()方法,所以在开发中不调用上述的connect()也可以)。
            out = new OutputStreamWriter(conn.getOutputStream(), "UTF-8");
            //发送请求参数即数据
            out.write(data);
            //flush输出流的缓冲
            out.flush();
            /**
             * 下面的代码相当于,获取调用第三方http接口后返回的结果
             */
            //获取URLConnection对象对应的输入流
            //InputStream is =
            InputStream is = conn.getInputStream();
            //构造一个字符流缓存
            br = new BufferedReader(new InputStreamReader(is));
            String str = "";
            while ((str = br.readLine()) != null){
                result += str;
            }
            System.out.println(result);
            //关闭流
            is.close();
            //断开连接,disconnect是在底层tcp socket链接空闲时才切断,如果正在被其他线程使用就不切断。
            conn.disconnect();

        } catch (Exception e) {
            e.printStackTrace();
        }finally {
            try {
                if (out != null){
                    out.close();
                }
                if (br != null){
                    br.close();
                }
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return result;
    }
洛洛工程师
关注
EAS BOS常见问题
05-29
金蝶EAS(Enterprise Application Suite)是金蝶BOS的一个重要产品,它为企业提供了一个基于ERPⅡ管理思想的集成化解决方案。ERPⅡ是传统企业资源计划(ERP)的拓展,增加了企业间协作和电子商务应用集成的功能。 ...
jdk6请求https的解决方案
weixin_44244086的博客
04-04 2277
旧项目真烦真烦真烦别人的方法也不一定能直接拿来用,还是得自己想办法,懂一点的还好,不懂的改都不会改(特指我这种)Nginx真好。
JDK1.6支持Tls1.2协议方法
qq_34097758的博客
05-11 1104
JDK1.6默认支持 TLS 1.0, SSLv3直到JDK1.6_121以上才支持TLSv1.2协议(收费)JDK1.7及以上默认支持TLSv1.1 TLSv1.2最近的工作需要在原有系统中集成访问另一个系统,在请求https域名时涉及到一些安全性的问题,涉及到了TLS1.2
1.6JDK访问HTTPS(TLS1.2)
tly_74125的博客
08-21 1695
引入第三方包 bcprov-jdk15on-1.54.jar https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on 请求添加 if (httpsURLConnection instanceof HttpsURLConnection) { if (LOG.isInfoEnabled()) { LOG.info(url + ",识别HttpsURLConnectio...
javax.net.ssl.SSLException: Received fatal alert: protocol_version解决
热门推荐
心寒的博客
04-07 2万+
javax.net.ssl.SSLException解决方法
jdk1.6https 处理异常的分析
a442828032的博客
05-21 1289
在使用httpclient 工具类发送https请求时会出现在不构造ssl安全套接字的情况下,有的https可以直接发出去,而有些会报错现象描述:原因是jdk1.6HTTPS处理不够完善,升级jdk1.7及以上版本可解决,以下是我自己分析过程测试代码如下: public static void main(String[] args) throws Exception { // URL...
关于JDK1.6调用https握手失败问题
ProgrammerGHP的博客
01-13 2239
调用: 报错javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair。由于业务需求,需要将http换成https,在测试中出现了一个问题:也就是JDK1.7可以正常请求JDK1.6报在请求https请求时,出现致命错误:握手失败。在挣扎了两天后,参考了各路大神的问题方案后,解决了这个问题,一下是我的解决方案。我得项目此时已经解决!
EASBOS开发视频之BOS基础介绍
11-16
EASBOS开发视频之BOS基础介绍 视频
jdk1.6版本
02-28
Java Development Kit (JDK) 1.6 是Oracle公司发布的Java平台标准版的一个重要版本,它为Java开发者提供了编译、调试和运行Java应用程序所需的工具和库。这个版本在Java社区中占据了重要的地位,因为它引入了许多新...
金蝶EASBOS万能工具类
05-21
金蝶EASBOS万能工具类,在工作空间项目中的构建路径添加即可使用
java1.6 https_java1.6 能访问https接口吗?
weixin_36040903的博客
02-16 468
展开全部用两种方式分别实现了,32313133353236313431303231363533e59b9ee7ad9431333361303030第一种是jdk原生的,代码稍微多点,第二种是基于httpclient4版本的。在我的机器上,访问同一个接口原生的性能要好很多(前者900ms,后者5.7s左右),httpclient主要性能消耗在"HttpResponse res = client.ex...
# JDK6访问https服务出现的Received fatal alert: handshake_failure及连带的protocol_version问题
weixin_43300285的博客
09-16 1119
JDK6访问https服务出现的Received fatal alert: handshake_failure及连带的protocol_version问题
maven pom.xml文件报错Received fatal alert:protocol_version
lollows的博客
12-22 1557
在使用JDK 1.6(目前免费的最高版本6u45)访问maven的中央仓库时会报如下错误:Could not transfer artifact (https://repo.maven.apache.org/maven2): Received fatal alert: protocol_version -&gt; [Help 1] 由于TLSv1.1 协议不安全, 出于PCI 安全标准的原因, ...
Java httpclient.CloseableHttpClient使用https方式请求
weixin_41924879的博客
12-22 7570
Java httpclient.CloseableHttpClient使用https方式请求 新建SkipHttpsUtil.java类 package com.aici.ats.cases.utils; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustMan
JDK1.6支持TSL1.2协议
weixin_42765516的博客
04-28 2151
由于对接项目升级SSL版本,导致我们系统无法访问 jdk1.6 不支持TSL1.2 测试过可行方法,且包含依赖jar包 资源: 链接:https://pan.baidu.com/s/1LeTIR9u9tsHSgMjV9MuwvA 提取码:qpjo 包含两个依赖jar包,和工具TLSSocketFactory 代理工厂 import org.apache.commons.httpclient.ConnectTimeoutException; import o...
工厂模式的介绍及实现
最新发布
户伟伟的博客
09-25 64
工厂模式(Factory Pattern)是一种创建型设计模式,提供了一种创建对象的接口,而无需显式指定对象的具体类。在这种模式中,我们通过定义一个工厂类,专门负责生产各种类型的对象,这样我们可以避免直接在代码中实例化具体类,使代码更具扩展性、灵活性和维护性。解耦:客户端代码与具体的类解耦,避免了对象创建逻辑的重复。简化对象创建:通过工厂统一管理对象的创建逻辑,使代码更清晰易懂。扩展性强:新增类时,只需在工厂中增加创建逻辑,而不必修改现有的业务代码。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值