java.net.SocketTimeoutException:请求失败后读取超时
问题描述:
在我的程序中,我需要对两个不同的服务器执行安全(双向SSL)请求。现在,当我尝试连接到时,我收到异常javax.net.ssl.SSLHandshakeException
。最奇怪的是,在对失败的请求失败后,我无法收到server2
的响应。我得到例外java.net.SocketTimeoutException
。如果未执行到的请求,则server2
将成功返回数据。java.net.SocketTimeoutException:请求失败后读取超时
堆栈跟踪:
请求javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 20 more
Exception in thread "main": java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
...
守则:
请求URL url = ...
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-type", "application/soap+xml; charset=UTF-8");
connection.setConnectTimeout(300000);
connection.setReadTimeout(300000);
connection.setDoInput(true);
connection.setDoOutput(true);
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
keyManagerFactory.init(keyStore, "password".toCharArray());
} finally {
is.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
trustManagerFactory.init(keyStore);
} finally {
is.close();
}
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),new SecureRandom());
httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory());
httpsConnection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
try {
OutputStream os = connection.getOutputStream();
try {
String s = ...;
os.write(s.getBytes());
} finally {
os.close();
}
System.out.println("Response code: " + connection.getResponseCode());
} finally {
connection.disconnect();
}
守则server2
:
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("JKS");
FileInputStream is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
keyManagerFactory.init(localKeyStore, "password".toCharArray());
} finally {
is.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyStore = KeyStore.getInstance("JKS");
is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
trustManagerFactory.init(keyStore);
} finally {
is.close();
}
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), new SecureRandom());
URL url = ...
URLConnection connection = url.openConnection();
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
connection.setReadTimeout(40000);
connection.setConnectTimeout(40000);
connection.setDoInput(true);
connection.setDoOutput(false);
int respCode = ((HttpURLConnection) connection).getResponseCode();
if (respCode != 200)
throw new RuntimeException(...);
BufferedInputStream bufferedIs = new BufferedInputStream(connection.getInputStream());
try {
byte[] buf = new byte[512];
int j;
while ((j = bufferedIs.read(buf)) != -1) {
...
} finally {
bufferedIs.close();
}
我将不胜感激的任何帮助。
答
大大咧咧我在我的代码片段省略了一个非常重要的一行:System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")
。在对的请求之后以及在对server2
的请求之前以及如果其值为false
,对server2
的请求失败,并且主体的异常失败。探索OpenJDK的来源后,我发现有静态和最终场boolean allowUnsafeRenegotiation
是用下面的方法调用初始化类com.sun.net.ssl.internal.ssl.Handshaker
:Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false)
。
所以在第一次请求属性sun.security.ssl.allowUnsafeRenegotiation
初始化为默认值(false
)后,我的情况下,任何后续尝试更改该属性没有任何影响。
您使用两个不同的密钥库和信任库吗?如果你是,你不应该,如果你不是,你应该两次使用相同的SSLContext,而不是费力地构造两次。 – EJP
@EJP当然,我为每个案例使用不同的密钥/信任库。 'SSLContext'的创建与代码示例完全相同 - 两次。 – briarheart