客户端休息SSL java:javax.net.ssl.SSLHandshakeException
问题描述:
我在java客户端中休息,其中服务器是一个给我一个URL +密钥的应用程序。例如: https://api.ost.pt/agencies/?key=vkey 这足以在json中返回响应。有一个用php制作的客户端,一切都很好,除了我正在转移到java,我因为SSL而遇到了一些java困难的问题。有人已经拥有使用SSL的Java客户端?我不明白什么样的,你必须做认证......客户端休息SSL java:javax.net.ssl.SSLHandshakeException
TNHA下面的代码:
String httpsURL = "https://api.ost.pt/agencies/?key=vkey";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
{
System.out.println(inputLine);
}
in.close();
结果:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我做了一些简单的,但我认为它的工作因为在PHP中不再是任何autentic。他们可以借助Java来实现REST客户端吗?
谢谢您听
答
这是因为Java不支持服务器的密码套件。 您可以从https://www.ssllabs.com验证服务器上可用的密码套件。以下是一个示例输出。
在上面的图片你可以看到什么都可以在服务器上的密码套件。 以下代码显示了您的JVM可用的密码套件。
SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
String cSuites[] = factory.getSupportedCipherSuites();
for(String s : cSuites){
System.out.println(s);
}
你可以做什么来解决你的问题是下载并安装Java加密扩展。对于jdk 1.8,JCE可以下载here。 要安装JCE,只需在$YOUR_JDK_HOME/jre/lib/security和$YOUR_JAVA_HOME/jre8/lib/security目录中放入local_policy.jar和US_export_policy.jar。
现在在您的程序中,在建立连接之前,您可以为服务器上的一个或多个可用密码套件设置https.cipherSuites属性。您可以使用https.cipherSuites属性来指定哪些密码套件可用于您的HttpsURLConnection。但是,设置此属性不是强制性的。
System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");
String httpsURL = "https://api.ost.pt/agencies/?key=vkey";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
{
System.out.println(inputLine);
}
in.close();
注:除了与TLS_DHE_XXX.They开始不工作,由于this known bug那些密码套件。
之后,您可以建立到服务器的连接。但是,由于身份验证失败,它仍然返回错误代码401。为此,您需要提供适当的验证细节。
答
使用下面的代码:
package com.rest.client;
//http://apiwave.com/java/snippets/removal/org.glassfish.jersey.client.authentication.HttpAuthenticationFeature
import java.io.IOException;
import java.net.*;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
import org.glassfish.jersey.filter.LoggingFilter;
import com.rest.dto.Employee;
public class RestClientTest {
/**
* @param args
*/
public static void main(String[] args) {
try {
//
sslRestClientGETReport();
//
sslRestClientPost();
//
sslRestClientGET();
//
} catch (KeyManagementException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (NoSuchAlgorithmException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
}
//
private static WebTarget target = null;
//
private static String userName = "Vkhan";
private static String passWord = "Vkhan";
//
public static void sslRestClientGETReport() throws KeyManagementException, IOException, NoSuchAlgorithmException {
//
//AuthService
//
SSLContext sc = SSLContext.getInstance("TLSv1");
TrustManager[] trustAllCerts = { new InsecureTrustManager() };
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
//
Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
//
String baseUrl ="https://vaquarkhan.net/companyabc/efgd//criteria";
c.register(HttpAuthenticationFeature.basic(userName, passWord));
target = c.target(baseUrl);
target.register(new LoggingFilter());
String responseMsg = target.request().get(String.class);
System.out.println("-------------------------------------------------------");
System.out.println(responseMsg);
System.out.println("-------------------------------------------------------");
//
}
public static void sslRestClientGET() throws KeyManagementException, IOException, NoSuchAlgorithmException {
//
//
SSLContext sc = SSLContext.getInstance("SSL");
TrustManager[] trustAllCerts = { new InsecureTrustManager() };
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
//
Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
//
String baseUrl = "https://vaquarkhan.net/companyabc/efgd//criteria";
//
c.register(HttpAuthenticationFeature.basic(userName, passWord));
target = c.target(baseUrl);
target = target.path("vm/khan/api/v1/name").queryParam("search","%7B\"aa\":\"202\",\"bb\":\"khan\",\"tt\":\"10\",\"type\":\"OP\",\"userId\":[\"123,456\"],\"nk\":\"IM\",\"pk\":\"op\"%7D");
target.register(new LoggingFilter());
String responseMsg = target.request().get(String.class);
System.out.println("-------------------------------------------------------");
System.out.println(responseMsg);
System.out.println("-------------------------------------------------------");
//
}
//TOD need to fix
public static void sslRestClientPost() throws KeyManagementException, IOException, NoSuchAlgorithmException {
//
//
Employee employee = new Employee("123", "12345", "20", "KK",
null, "6786", "dfdfdf", "we", "sdsdsdsds", "4", "4");
//
SSLContext sc = SSLContext.getInstance("SSL");
TrustManager[] trustAllCerts = { new InsecureTrustManager() };
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
//
Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
//
String baseUrl = "https://vaquar/khan/api/v1/name";
c.register(HttpAuthenticationFeature.basic(userName, passWord));
target = c.target(baseUrl);
target.register(new LoggingFilter());
//
Response response = target.request().put(Entity.json(employee));
String output = response.readEntity(String.class);
//
System.out.println("-------------------------------------------------------");
System.out.println(output);
System.out.println("-------------------------------------------------------");
}
public static void URI(String myURL){
try {
URL url = new URL(myURL);
String nullFragment = null;
URI uri = new java.net.URI(url.getProtocol(), url.getHost(), url.getPath(), url.getQuery(), nullFragment);
System.out.println("URI " + uri.toString() + " is OK");
} catch (MalformedURLException e) {
System.out.println("URL " + myURL + " is a malformed URL");
} catch (URISyntaxException e) {
System.out.println("URI " + myURL + " is a malformed URL");
}
}
}
谢谢你的澄清:) 只有在URL中键已经可以得到的数据,但验证数据,他们可以问我? 谢谢:) – user2989745
太棒了!如果它有效,你可以将答案标记为接受:) – chathux