我使用2路ssl身份验证来安全地发布数据。客户端给了我他们的证书,我加载到信任库和我的服务器证书,他们生成后,我给了他们我的CSR。我已将服务器证书加载到密钥存储库中。我的代码正在接受他们的证书,发送密钥但不发送服务器证书。使用的代码如下。请协助;
错误:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
原因:空证书通过。
public static String DoMyPost(String URL, String requestData, String transactID)
throws MalformedURLException, Exception {
System.out.println("DoMyPost(): Start");
String strResponse = "";
URL url = new URL(URL);
try {
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
System.setProperty("javax.net.ssl.keyStore", "C:\Program Files (x86)\Java\jre7\bin\testserver1.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "wasp123");
System.setProperty("javax.net.ssl.keyStoreType", "JKS");
System.setProperty("javax.net.ssl.trustStore", "C:\Program Files (x86)\Java\jre7\bin\testserver1TrustStore");
System.setProperty("javax.net.ssl.trustStorePassword", "wasp123");
System.setProperty("javax.net.debug", "all");
//CertificateFactory factory2 = CertificateFactory.getInstance("X.509");
//Certificate generateCertificate = factory2.generateCertificate(new FileInputStream("C:\Program Files (x86)\Java\jre7\bin\testserver1.cer"));
KeyStore ks = KeyStore.getInstance("JKS");
InputStream certK = new FileInputStream("C:\Program Files (x86)\Java\jre7\bin\testserver1.jks");
ks.load(certK, "wasp123".toCharArray());
//ks.setCertificateEntry("testserver1cert", generateCertificate);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, "wasp123".toCharArray());
KeyStore truststore = KeyStore.getInstance("JKS");
InputStream truststorex = new FileInputStream("C:\Program Files (x86)\Java\jre7\bin\testserver1TrustStore");
truststore.load(truststorex, "wasp123".toCharArray());
TrustManager[] tm;
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(truststore);
tm = tmf.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmf.getKeyManagers(), tm, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// Open a secure connection.
HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setSSLSocketFactory(sockFact);
con.setHostnameVerifier(hv);
// Set up the connection properties
con.setRequestProperty("Connection", "close");
con.setDoInput(true);
con.setDoOutput(true);
con.setUseCaches(false);
con.setConnectTimeout(10000);
con.setReadTimeout(10000);
con.setRequestMethod("POST");
con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
con.setRequestProperty("Content-Length", Integer.toString(requestData.length()));
// Send the request
OutputStream outputStream = con.getOutputStream();
outputStream.write(requestData.getBytes("UTF-8"));
outputStream.close();
// Check for errors
int responseCode = con.getResponseCode();
InputStream inputStream;
if (responseCode == HttpURLConnection.HTTP_OK) {
inputStream = con.getInputStream();
} else {
inputStream = con.getErrorStream();
}
System.out.println(inputStream);
inputStream.close();
InputStreamReader isr = new InputStreamReader(con.getInputStream());
BufferedReader in = new BufferedReader(isr);
StringBuilder out = new StringBuilder();
String inputLine;
while ((inputLine = in.readLine()) != null) {
out.append(inputLine.replace("<![CDATA[", "").replace("]]>", "").replace("<?xml version="1.0" encoding="UTF-8"?>", ""));
}
in.close();
String result = out.toString();
System.out.println(result);
strResponse = result;
} catch (Exception ex) {
strResponse = "Connection Error " + ex;
System.out.println(ex);
}
return strResponse;
}
调试显示;
*AWT-EventQueue-0, READ: TLSv1 Handshake, length = 4
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[write] MD5 and SHA1 hashes: len = 269
0000: 0B 00 00 03 00 00 00 10 00 01 02 01 00 A3 CE 04 ................
0010: FD F7 31 F4 CD 0E C5 F3 44 B9 BA 55 0E FE 1F 53 ..1.....D..U...S
0020: A7 11 55 02 DF 61 1E 55 A8 4E DB FF E9 EA E1 95 ..U..a.U.N......
0030: 7A 2C 86 4D 64 37 37 19 8F 5C AF 2D FF 31 AD 2E z,.Md77...-.1..
0040: B9 62 00 6D 89 DC CB 3E 66 1E 3B 22 06 04 89 CE .b.m...>f.;"....
0050: 52 99 73 8A FC FD 81 03 32 86 26 0B 3C 90 D6 85 R.s.....2.&.<...
0060: 03 71 47 0E C7 FE C6 25 DA DD 8D 5F D7 A0 A1 15 .qG....%..._....
0070: 1E 4C C4 17 ED 62 B5 E7 1E AF A1 4F 70 0B AF 89 .L...b.....Op...
0080: 72 02 62 DC 0F 8C C7 9C D5 D2 32 35 08 4C 4E 2E r.b.......25.LN.
0090: 8C 9A F8 4B 1F 41 3D F0 E8 B9 2A 48 13 59 44 D7 ...K.A=...*H.YD.
00A0: 8F A0 FE DC 3E 72 4F F6 FE 18 BF B9 6E 0B 8E 13 ....>rO.....n...
00B0: 21 12 A5 54 D0 43 EC BD D2 37 91 7E DD BA 86 E3 !..T.C...7......
00C0: F8 67 4F F5 61 19 5B 15 71 7F 32 69 02 7E CC 2E .gO.a.[.q.2i....
00D0: 04 A2 9D 7F 55 8C 46 49 DC 2F E1 E3 82 D0 92 BC ....U.FI./......
00E0: 66 2A 1C AE 6A 9C C2 89 9D FF 23 75 E3 92 00 94 f*..j.....#u....
00F0: 2B 3A 03 A0 B6 3B 49 CA 09 8F 13 7B 3E C5 07 BA +:...;I.....>...
0100: 23 FD CB 86 99 C7 01 75 93 7E B6 5F 14 #......u..._.
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 269
[Raw write]: length = 274
0000: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02 ................
0010: 01 00 A3 CE 04 FD F7 31 F4 CD 0E C5 F3 44 B9 BA .......1.....D..
0020: 55 0E FE 1F 53 A7 11 55 02 DF 61 1E 55 A8 4E DB U...S..U..a.U.N.
0030: FF E9 EA E1 95 7A 2C 86 4D 64 37 37 19 8F 5C AF .....z,.Md77...
0040: 2D FF 31 AD 2E B9 62 00 6D 89 DC CB 3E 66 1E 3B -.1...b.m...>f.;
0050: 22 06 04 89 CE 52 99 73 8A FC FD 81 03 32 86 26 "....R.s.....2.&
0060: 0B 3C 90 D6 85 03 71 47 0E C7 FE C6 25 DA DD 8D .<....qG....%...
0070: 5F D7 A0 A1 15 1E 4C C4 17 ED 62 B5 E7 1E AF A1 _.....L...b.....
0080: 4F 70 0B AF 89 72 02 62 DC 0F 8C C7 9C D5 D2 32 Op...r.b.......2
0090: 35 08 4C 4E 2E 8C 9A F8 4B 1F 41 3D F0 E8 B9 2A 5.LN....K.A=...*
00A0: 48 13 59 44 D7 8F A0 FE DC 3E 72 4F F6 FE 18 BF H.YD.....>rO....
00B0: B9 6E 0B 8E 13 21 12 A5 54 D0 43 EC BD D2 37 91 .n...!..T.C...7.
00C0: 7E DD BA 86 E3 F8 67 4F F5 61 19 5B 15 71 7F 32 ......gO.a.[.q.2
00D0: 69 02 7E CC 2E 04 A2 9D 7F 55 8C 46 49 DC 2F E1 i........U.FI./.
00E0: E3 82 D0 92 BC 66 2A 1C AE 6A 9C C2 89 9D FF 23 .....f*..j.....#
00F0: 75 E3 92 00 94 2B 3A 03 A0 B6 3B 49 CA 09 8F 13 u....+:...;I....
0100: 7B 3E C5 07 BA 23 FD CB 86 99 C7 01 75 93 7E B6 .>...#......u...
0110: 5F 14 _.
SESSION KEYGEN:
PreMaster Secret:
0000: 03 01 87 D8 D9 C4 7A 0E 70 71 79 EB 45 13 D4 3C ......z.pqy.E..<
0010: 6B 6C 39 46 B3 9A 74 1C F1 E1 C5 40 D0 9E 31 8A kl9F..t....@..1.
0020: 2E 62 7D 30 C2 DF 52 20 57 B3 8E 3E 49 93 39 58 .b.0..R W..>I.9X
CONNECTION KEYGEN:
Client Nonce:
0000: 53 AA 8D 7D AE 5C 8B 32 20 6A 21 7B B0 27 14 D8 S.....2 j!..'..
0010: 35 04 E3 1C 5B 0C 42 BA 9A 5D 57 4B D1 5B 7B B3 5...[.B..]WK.[..
Server Nonce:
0000: 0B 61 3E 18 09 7C 4F 9A 77 E9 DD D5 67 D2 57 4D .a>...O.w...g.WM
0010: 46 86 89 BA 73 44 95 1B EB B2 BF E7 87 71 E4 15 F...sD.......q..
Master Secret:
0000: 75 69 ED F5 6F B0 C1 91 98 6E BF B0 07 0E 55 5F ui..o....n....U_
0010: 35 B6 84 1E 80 86 98 85 5E EB C9 C3 26 D0 2F 67 5.......^...&./g
0020: 38 68 D9 9E ED 5F AD CC 1F D0 53 99 0A BC 66 FC 8h..._....S...f.
Client MAC write Secret:
0000: EF DB 37 8A 29 EC 22 DB CB EC BB 82 0C 02 2A 64 ..7.).".......*d
0010: 00 82 6C 73 ..ls
Server MAC write Secret:
0000: 9D A3 A7 F7 3C DC 7C F0 57 69 93 D2 03 ED 65 6E ....<...Wi....en
0010: 93 B9 2B 09 ..+.
Client write key:
0000: EA C1 F1 E6 08 EC C9 D2 71 9D F7 CA D2 9F 27 FC ........q.....'.
Server write key:
0000: 2D 4D AD 16 80 F2 F4 AB 0B FD 8C 34 B7 55 98 35 -M.........4.U.5
... no IV used for this cipher
AWT-EventQueue-0, WRITE: TLSv1 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 01 00 01 01 ......
*** Finished
verify_data: { 150, 115, 119, 114, 39, 77, 15, 131, 88, 3, 74, 11 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 96 73 77 72 27 4D 0F 83 58 03 4A 0B .....swr'M..X.J.
Padded plaintext before ENCRYPTION: len = 36
0000: 14 00 00 0C 96 73 77 72 27 4D 0F 83 58 03 4A 0B .....swr'M..X.J.
0010: 65 5E 4B 60 1B 76 B9 8A A1 99 5B E8 D9 DE 4E 99 e^K`.v....[...N.
0020: 37 C3 00 0D 7...
AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 36
[Raw write]: length = 41
0000: 16 03 01 00 24 B9 AF 28 41 17 44 C0 9E DD 6B 03 ....$..(A.D...k.
0010: 92 55 85 6E F8 8E 9A F1 42 67 79 7F 19 8E DB 28 .U.n....Bgy....(
0020: CB A7 32 DA A3 06 A7 81 07 ..2......
[Raw read]: length = 5
0000: 15 03 01 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
AWT-EventQueue-0, READ: TLSv1 Alert, length = 2
AWT-EventQueue-0, RECV TLSv1 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, SSL_RSA_WITH_RC4_128_SHA]
AWT-EventQueue-0, called closeSocket()
AWT-EventQueue-0, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
AWT-EventQueue-0, called close()
AWT-EventQueue-0, called closeInternal(true)
Received fatal alert: handshake_failure*
我的代码正在接受他们的证书
表示服务端证书。
发送密钥
您的代码没有发送任何密钥。SSL不发送密钥
而不是服务器证书。
你收到了服务器证书。你是客户。您没有向服务器发送它自己的证书。
如果您的意思是您不发送客户端证书,那可能是因为服务器不相信它。服务器发送一个CertificateRequest,指定被接受的颁发者,客户端只能发送由这些颁发者之一直接或间接签名的证书。如果没有,它就不会发送任何信息。换句话说,是服务器端的问题。
您需要理清密钥存储库/信任存储库的混淆。您应该使用单独的文件。密钥存储库用于密钥和证书;信任库用于受信任的证书,在本例中为导出的服务器证书。不要同时使用一个文件。它们有着截然不同的目的和截然不同的安全机制。
自2004年以来,您不需要为SSL设置java.protocol.handler.pkgs属性
我是怎么解决的
从我的keytool中删除了所有证书。
命令示例:keytool -delete -alias myCert -keystore mystore.jks
我将证书响应从服务器转换为bas64 DER,并将它们复制到一个文件。pem中,并将。pem上传到我的keytool:
命令示例:keytool -importcert -keystore keystore.jks -alias mystore -file my.pem
然后加载密钥仓库:
KeyStore myStore = KeyStore.getInstance("JKS");
InputStream keyInputx = new FileInputStream("C:\myStore.jks");
myStore.load(keyInputx, "xxx".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyInputx.close();
/*Enumeration enumeration = myStore.aliases();
while (enumeration.hasMoreElements()) {
String alias = (String) enumeration.nextElement();
System.out.println("alias name: " + alias);
Certificate certificate = myStore.getCertificate(alias);
System.out.println(certificate.toString());
}*/
keyManagerFactory.init(myStore, "xxx".toCharArray());
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory sockFact = context.getSocketFactory();