JDK 1.6/1.7不支持TLS 1.2

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了JDK 1.6/1.7不支持TLS 1.2相关的知识,希望对你有一定的参考价值。

参考技术A 报错信息:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Java 8支持TLS 1.2, JDK1.6和1.7会https报错,解决方案:

1,将证书导入Java的cacerts证书库(无效):

C:\Program Files\Java\jdk1.6.0_45\bin>keytool -import -file D:\RolePlayCHNUAT2020.cer -alias RolePlayCHNUAT2020.cer -storepass changeit -keystore "C:\Program Files\Java\jdk1.6.0_45\jre\lib\security\cacerts"

2,更新JDK内jar包,旧版本安全机制问题:
jdk 6 https://www.oracle.com/java/technologies/jce-6-download.html
jdk 7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
jdk 8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

3,升级JDK1.8,先实现验证方法

后调用:

jdk1.6 支持 tls1.2协议 并忽略身份验证

jdk1.6不支持tls1.2协议,jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。

引入依赖

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

 

创建协议工厂

import java.io.*;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
            boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }

                    @Override public String getCipherSuite() { throw new UnsupportedOperationException(); }
                    @Override public long getCreationTime() { throw new UnsupportedOperationException(); }
                    @Override public byte[] getId() { throw new UnsupportedOperationException(); }
                    @Override public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
                    @Override public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
                    @Override public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
                    @Override public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
                    @Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                    @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                    @Override public String getPeerHost() { throw new UnsupportedOperationException(); }
                    @Override public int getPeerPort() { return 0; }
                    @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                    @Override public String getProtocol() { throw new UnsupportedOperationException(); }
                    @Override public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
                    @Override public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
                    @Override public String[] getValueNames() { throw new UnsupportedOperationException(); }
                    @Override public void invalidate() { throw new UnsupportedOperationException(); }
                    @Override public boolean isValid() { throw new UnsupportedOperationException(); }
                    @Override public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
                    @Override public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
            };
        }

        @Override public String[] getSupportedProtocols() { return null; }
        @Override public boolean getUseClientMode() { return false; }
        @Override public boolean getWantClientAuth() { return false; }
        @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
        @Override public void setEnableSessionCreation(boolean arg0) { }
        @Override public void setEnabledCipherSuites(String[] arg0) { }
        @Override public void setEnabledProtocols(String[] arg0) { }
        @Override public void setNeedClientAuth(boolean arg0) { }
        @Override public void setUseClientMode(boolean arg0) { }
        @Override public void setWantClientAuth(boolean arg0) { }
        @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {

                            @Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                   // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}

 

 

import org.apache.http.Consts;

import javax.net.ssl.HttpsURLConnection;
import java.io.*;
import java.net.URL;

public class HttpsUtils {



    /**
     * content-type类型为xml方式发送post请求
     *
     * @param urlPath
     * @param data
     * @param charSet
     * @return
     */
    public static String postXml(String urlPath, String data, String charSet) {
        String result = httpPostData(urlPath, data, charSet, null, "application/xml", "application/xml");
        return result;
    }

    private static String httpPostData(String urlPath, String data, String charSet, String[] header, String contentType, String accpect) {
        String result = null;
        URL url = null;
        HttpsURLConnection httpurlconnection = null;
        OutputStreamWriter out = null;
        BufferedReader reader = null;
        try {
            url = new URL(urlPath);
            httpurlconnection = (HttpsURLConnection) url.openConnection();
            httpurlconnection.setSSLSocketFactory(new TSLSocketConnectionFactory());
            httpurlconnection.setDoInput(true);
            httpurlconnection.setDoOutput(true);

            if (header != null) {
                for (int i = 0; i < header.length; i++) {
                    String[] content = header[i].split(":");
                    httpurlconnection.setRequestProperty(content[0], content[1]);
                }
            }

            httpurlconnection.setRequestMethod("POST");
            httpurlconnection.setRequestProperty("Content-Type", contentType);
            if (null != accpect) {
                httpurlconnection.setRequestProperty("Accpect", accpect);
            }

            httpurlconnection.connect();
            out = new OutputStreamWriter(httpurlconnection.getOutputStream(), charSet); // utf-8编码
            out.append(data);
            out.flush();
            out.close();

            int code = httpurlconnection.getResponseCode();

            if (code == 200) {
                // 读取响应
                int length = (int) httpurlconnection.getContentLength();// 获取长度
                InputStream is = httpurlconnection.getInputStream();
                reader = new BufferedReader(new InputStreamReader(is));
                String line = reader.readLine();
                StringBuilder builder = new StringBuilder();
                while (line != null) {
                    builder.append(line);
                    line = reader.readLine();
                }
                result = builder.toString();
            } else {
                // TODO
            }
        } catch (Exception e) {
            // TODO
        } finally {
            url = null;
            if (httpurlconnection != null) {
                httpurlconnection.disconnect();
            }
            try {
                if (out != null) {
                    out.close();
                }
                if (reader != null) {
                    reader.close();
                }
            } catch (IOException e) {
                // TODO
            }
        }
        return result;
    }


    public static void main(String[] args) throws Exception {
        String dtdXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE cXML SYSTEM \"http://xml.cxml.org/schemas/cXML/1.2.014/cXML.dtd\"><cXML timestamp=\"2017-01-19T19:56:30\" payloadID=\"bac4b4a82e3342da919c7b427ee0fef2\"><Header><From><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity></Credential></From><To><Credential domain=\"NetworkID\"><Identity>Didipur</Identity></Credential></To><Sender><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity><SharedSecret>OGNmNGM3OGYtNWJhYi00ZTUwLTk0YTYtODAwZDVmYTU4NjMx</SharedSecret></Credential><UserAgent>JD VEP</UserAgent></Sender></Header><Message><PunchOutOrderMessage><BuyerCookie>3e3e68a280f45796cc24e59573e88ef7</BuyerCookie><PunchOutOrderMessageHeader operationAllowed=\"edit\"><Total><Money currency=\"CNY\">102.00</Money></Total><Shipping><Money currency=\"CNY\">0.00</Money><Description xml:lang=\"zh-CN\">运费</Description></Shipping></PunchOutOrderMessageHeader><ItemIn quantity=\"1\"><ItemID><SupplierPartID>102196</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">102.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">维氏VICTORINOX瑞士军刀星座系列双鱼座0.6223.2PISC</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn><ItemIn quantity=\"1\"><ItemID><SupplierPartID>150706</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">0.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">锐步Reebok女短袖T恤R537589 M码</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn></PunchOutOrderMessage></Message></cXML>";
        String url = "https://www.baidu.com";
        String result = "";
//                postXml(url, dtdXml, "UTF-8");
        result = httpPostData(url, dtdXml, Consts.UTF_8.name(), null, "application/xml", "application/xml");
        System.out.println(result);
    }



}

 

以上是关于JDK 1.6/1.7不支持TLS 1.2的主要内容,如果未能解决你的问题,请参考以下文章

如何在 IBM java 1.6 中启用 TLS 1.2?

JDK 1.7 vs JDK 1.6 内部类继承差异

javac与java版本不一致

markdown 在Mac上安装卸载jdk 1.6 1.7 1.8

为啥 Maven 使用 JDK 1.6 但我的 java -version 是 1.7

jdk 1.5 1.6 1.7 加入新特性