Https 调用遇到的问题以及解决方法
2017-10-11 15:01
471 查看
1.通过httpCilent调用https遇到问题,用jdk1.6调用tomcat7.0.81 握手失败。
客户端的jdk换成jdk1.8 ,生成证书,把证书导入
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:/tomcat.keystore -validity 36500
keytool -import -v -trustcacerts -alias joaker -file D:/joaker.crt -storepass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts
替换jar 包 C:\Program Files\Java\jdk1.8.0_40\jre\lib\security local_policy.jar和 US_export_policy.jar
配置server.xml
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
connectionTimeout="20000"
keystoreFile="conf/tomcat.keystore"
keystorePass="123456"/>
运行,正常了。
但是客户要求必须使用jdk1.6。于是从头开始研究问题。
首先: 修改server.xml配置 支持SSLv2Hello。
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
connectionTimeout="20000"
keystoreFile="conf/tomcat.keystore"
keystorePass="123456"/>
然后:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:/tomcat.keystore -validity 36500
keytool -import -v -trustcacerts -alias joaker -file D:/joaker.crt -storepass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts
替换jar 包 C:\Program Files\Java\jdk1.8.0_40\jre\lib\security local_policy.jar和 US_export_policy.jar
调用: 报错:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
继续解决:
下载:bcprov-ext-jdk15on-1.52.jar 和 bcprov-jdk15on-1.52.jar
复制这两个jar包到: $JAVA_HOME/jre/lib/ext
修改:$JAVA_HOME/jre/lib/security/java.security
增加security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
调用正常了。
https调用源码:
public static String doPost(String url,Map<String, String> map,String charset){
HttpClient httpClient = null;
HttpPost httpPost = null;
String result = null;
try{
httpClient = new SSLClient();
httpPost = new HttpPost(url);
//设置参数
List<NameValuePair> list = new ArrayList<NameValuePair>();
Iterator iterator = map.entrySet().iterator();
while(iterator.hasNext()){
Entry<String,String> elem = (Entry<String, String>) iterator.next();
list.add(new BasicNameValuePair(elem.getKey(), elem.getValue().toString()));
}
if(list.size() > 0){
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list,charset);
httpPost.setEntity(entity);
}
HttpResponse response = httpClient.execute(httpPost);
if(response != null){
HttpEntity resEntity = response.getEntity();
if(resEntity != null){
result = EntityUtils.toString(resEntity,charset);
}
}
}catch(Exception ex){
ex.printStackTrace();
}
return result;
}
SSLClient源码:
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
//用于进行Https请求的HttpClient
@SuppressWarnings("deprecation")
public class SSLClient extends DefaultHttpClient{
public SSLClient() throws Exception{
super();
// String defaultValue = System.getProperty("https.protocols");
// System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,TLSv1.0,SSLv3");
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
// sslSocketFactory = new SSLSocketFactory(ctx,new X509HostnameVerifier(){
// @Override
// public boolean verify(String s, SSLSession sslSession) {
// return true;
// }
//
// @Override
// public void verify(String host, SSLSocket ssl) throws IOException {
//
// }
//
// @Override
// public void verify(String host, X509Certificate cert) throws SSLException {
//
// }
//
// @Override
// public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
//
// }
// });
// System.setProperty("javax.net.debug","ssl");
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, sslSocketFactory));
}
}
客户端的jdk换成jdk1.8 ,生成证书,把证书导入
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:/tomcat.keystore -validity 36500
keytool -import -v -trustcacerts -alias joaker -file D:/joaker.crt -storepass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts
替换jar 包 C:\Program Files\Java\jdk1.8.0_40\jre\lib\security local_policy.jar和 US_export_policy.jar
配置server.xml
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
connectionTimeout="20000"
keystoreFile="conf/tomcat.keystore"
keystorePass="123456"/>
运行,正常了。
但是客户要求必须使用jdk1.6。于是从头开始研究问题。
首先: 修改server.xml配置 支持SSLv2Hello。
<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello"
connectionTimeout="20000"
keystoreFile="conf/tomcat.keystore"
keystorePass="123456"/>
然后:
keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:/tomcat.keystore -validity 36500
keytool -import -v -trustcacerts -alias joaker -file D:/joaker.crt -storepass changeit -keystore "%JAVA_HOME%/jre/lib/security/cacerts
替换jar 包 C:\Program Files\Java\jdk1.8.0_40\jre\lib\security local_policy.jar和 US_export_policy.jar
调用: 报错:javax.net.ssl.SSLException: java.lang.RuntimeException: Could not generate DH keypair
继续解决:
下载:bcprov-ext-jdk15on-1.52.jar 和 bcprov-jdk15on-1.52.jar
复制这两个jar包到: $JAVA_HOME/jre/lib/ext
修改:$JAVA_HOME/jre/lib/security/java.security
增加security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider
调用正常了。
https调用源码:
public static String doPost(String url,Map<String, String> map,String charset){
HttpClient httpClient = null;
HttpPost httpPost = null;
String result = null;
try{
httpClient = new SSLClient();
httpPost = new HttpPost(url);
//设置参数
List<NameValuePair> list = new ArrayList<NameValuePair>();
Iterator iterator = map.entrySet().iterator();
while(iterator.hasNext()){
Entry<String,String> elem = (Entry<String, String>) iterator.next();
list.add(new BasicNameValuePair(elem.getKey(), elem.getValue().toString()));
}
if(list.size() > 0){
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list,charset);
httpPost.setEntity(entity);
}
HttpResponse response = httpClient.execute(httpPost);
if(response != null){
HttpEntity resEntity = response.getEntity();
if(resEntity != null){
result = EntityUtils.toString(resEntity,charset);
}
}
}catch(Exception ex){
ex.printStackTrace();
}
return result;
}
SSLClient源码:
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
//用于进行Https请求的HttpClient
@SuppressWarnings("deprecation")
public class SSLClient extends DefaultHttpClient{
public SSLClient() throws Exception{
super();
// String defaultValue = System.getProperty("https.protocols");
// System.setProperty("https.protocols", "TLSv1.2,TLSv1.1,TLSv1.0,SSLv3");
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
// sslSocketFactory = new SSLSocketFactory(ctx,new X509HostnameVerifier(){
// @Override
// public boolean verify(String s, SSLSession sslSession) {
// return true;
// }
//
// @Override
// public void verify(String host, SSLSocket ssl) throws IOException {
//
// }
//
// @Override
// public void verify(String host, X509Certificate cert) throws SSLException {
//
// }
//
// @Override
// public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException {
//
// }
// });
// System.setProperty("javax.net.debug","ssl");
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, sslSocketFactory));
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 我在安装TFS 2008的时候遇到的问题以及解决方法一windows 2003 iis中总是不出现ASP.NET 2.0
- Java程序中遇到的乱码问题以及解决方法
- LoadRunner本机录制http协议程序遇到的问题以及解决方法
- C#串口编程遇到的问题以及解决方法
- 遇到动态调用Parameters .AddWithValue()参数类型问题的解决方法
- 学习中遇到的问题以及解决方法
- 安装php的tokyo_tyrant扩展时遇到的问题,以及解决方法
- 我在安装TFS 2008的时候遇到的问题以及解决方法一sharepoint 安装 打开站点 出现服务器不可用问题
- VC6 和 VS2003 转换到VS2005 时可能会遇到的问题以及解决方法
- C#串口编程遇到的问题以及解决方法
- 升级到ActiveSync 4.5后“可能”遇到的网络连接问题,以及解决方法 (转)
- C#串口编程遇到的问题以及解决方法
- 我在安装TFS 2008的时候遇到的问题以及解决方法一sharepoint安装 环境变量
- 在Ubuntu9.10下安装DirectFB-1.0.1以及运行DFB程序时遇到的问题及解决方法
- java 线程遇到的问题及解决方法 JNI调用
- 我在安装TFS 2008的时候遇到的问题以及解决方法一账户问题
- 转 C# 串口编程遇到的问题以及解决方法
- 升级到ActiveSync 4.5后“可能”遇到的网络连接问题,以及解决方法
- 我在安装TFS 2008的时候遇到的问题以及解决方法一点击任务的时候报错
- Java程序中遇到的乱码问题以及解决方法