相关疑难解决方法(0)

我有授权SSL连接的问题.我创建了Struts Action,它通过Client Authorized SSL证书连接到外部服务器.在我的行动中我试图将一些数据发送到银行服务器但没有任何运气,因为我从服务器得到以下错误的结果:

error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

我的Action类从我的Action类发送数据到服务器

//Getting external IP from host
    URL whatismyip = new URL("http://automation.whatismyip.com/n09230945.asp");
    BufferedReader inIP = new BufferedReader(new InputStreamReader(whatismyip.openStream()));

    String IPStr = inIP.readLine(); //IP as a String

    Merchant merchant;

    System.out.println("amount: " + amount + ", currency: " + currency + ", clientIp: " + IPStr + ", description: " + description);

    try {

        merchant = new Merchant(context.getRealPath("/") + "merchant.properties");

    } catch (ConfigurationException e) {

        Logger.getLogger(HomeAction.class.getName()).log(Level.INFO, "message", e);
        System.err.println("error: " + e.getMessage());
        return …

我试图使用Java 7创建到远程服务器的SSL连接,我收到以下异常:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:221)
    at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:291)
    at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:295)
    at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:141)
    at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:229)
    at java.io.BufferedWriter.flush(BufferedWriter.java:254)
    at ssl7.Client.main(Client.java:22)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:482)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)

当我使用Java 6重新运行代码时,没有例外.我在StackOverflow的其他地方找到了这个问题的引用,但我的情况有一个转折.使用Java 7失败的客户端代码是

public class Client {

    public static void main(String[] args) throws FileNotFoundException, IOException, ClassNotFoundException {
        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket("login.solon.com", 443);    
            OutputStream outputstream = sslsocket.getOutputStream();
            OutputStreamWriter outputstreamwriter = …

我已经使用ApacheCXF(v3.0.4)实现了一个JAX-WS客户端,一切都运行成功,但问题出现在我想使用java 8(jdk1.8.0_25)的安全连接(SSL/TLS)时.

我在log中看到以下异常(-Djavax.net.debug = all):

main, handling exception: java.net.SocketException: Connection reset
main, SEND TLSv1.2 ALERT:  fatal, description =    unexpected_message
main, WRITE: TLSv1.2 Alert, length = 2
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error

在一个依赖者分析后,我发现问题是由于Java 8没有发送server_name(SNI)但是使用Java 7发送它并且Web服务调用成功.

Java8日志(-Djavax.net.debug = all):缺少"Extension server_name"

[...]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, …

我正在尝试使用SSLSocketFactory.getSupportedCipherSuites()来确定返回密码套件的顺序 - 它似乎在Java 1.6和Java 1.7之间有所不同.

我认为这很容易确定,但遇到了一些问题.首先,这是我正在使用的代码:

SSLContext context = SSLContext.getDefault();
SSLSocketFactory sf = context.getSocketFactory();
String[] cipherSuites = sf.getSupportedCipherSuites();

非常直接(如果我做了一些愚蠢的事情,请纠正我).所以,我认为(使用eclipse)我可以进入getSupportedCipherSuites()方法,但似乎源代码不是那样做的(这有什么原因吗？).我在jsse.jar中找到了这个类,并使用JD-Eclipse对它进行了反编译.然而,这给了我一个抽象类,我无法看到抽象类的具体实现(我发现可以使用属性"ssl.SocketFactory.provider"设置类,但这还没有在java.security中指定).我还无法确定如何使用"javax.net.debug"属性打开登录(这会消失为本机方法).

有人能指出我哪里错了吗？

我正在进行JBoss AS 5.1到7.4以及Java 6到7的迁移,并且获得握手失败.

密钥库和信任库是我们在Java 6中成功使用的密钥库和信任库.

我已经写了一些测试来缩小问题范围,它绝对不是JBoss,而是Java 7.

启用S​​SL日志记录后,我得到了:

17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) %% Invalidated:  [Session-2, SSL_RSA_WITH_RC4_128_SHA]
17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, SEND TLSv1 ALERT:  fatal, description = certificate_unknown
17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, WRITE: TLSv1 Alert, length = 2
17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, called closeSocket()
17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
17:44:30,041 INFO  [stdout] (http-/192.168.147.20:8080-120) http-/192.168.147.20:8080-120, called close()
17:44:30,042 INFO …