我尝试从" https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100"使用Java。
此外,我尝试使用以下选项解决https问题: -
使用Java keytool将证书(.pem扩展名文件)添加到密钥库($ JAVA_HOME / jre / lib / security / cacerts)
使用update-ca-certificates命令为Ubuntu(/ usr / local / share / ca-certificates)添加了证书颁发机构。
最后尝试禁用证书验证并连接到服务器。 (此处为SoftTouchConnection类和自定义TrustAllX509TrustManager类。)
package com.softtouch.com;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.Security;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import org.apache.commons.codec.binary.Base64;
public class SoftTouchConnection {
public static void main(String[] args) {
try {
System.out.println(System.getProperty("java.version"));
System.setProperty("javax.net.debug", "ssl");
System.setProperty("sun.net.ssl.checkRevocation", "false");
java.lang.System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
SSLContext sc = SSLContext.getInstance("SSL");//TLSv1.2
sc.init(null, new TrustManager[] {new TrustAllX509TrustManager() }, null);//new java.security.SecureRandom()
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String string, SSLSession ssls) {
System.out.println("test HttpsURLConnection");
return true;
}
});
String userCredentialsnew = "abcdefghij01234567890klmnopqrstuvwxyz987";//"bearer abcdefghij01234567890klmnopqrstuvwxyz987";
String basicAuth = "Basic "+ new String(new Base64().encode(userCredentialsnew.getBytes()));; //+ new String(new Base64().encode(userCredentials.getBytes()));
URL hh= new URL("https://api.softtouch.eu/#/xxxxxxxx/#/customers?take=100");
HttpsURLConnection conn = (HttpsURLConnection)hh.openConnection();
conn.setSSLSocketFactory(sc.getSocketFactory());
conn.setHostnameVerifier( new HostnameVerifier() {
@Override
public boolean verify(String string, SSLSession ssls) {
System.out.println("test conn");
return true;
}
});
conn.setDoInput(true);
conn.setDoOutput(false);
conn.setUseCaches(false);
conn.setRequestMethod("GET");
conn.setRequestProperty ("Authorization", basicAuth);
conn.connect();
BufferedReader inn = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String inputLine;
while ((inputLine = inn.readLine()) != null) {
System.out.println(inputLine);
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
package com.softtouch.com;
import javax.net.ssl.X509TrustManager;
import java.security.cert.X509Certificate;
public class TrustAllX509TrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
System.out.println("test1");
//return new X509Certificate[0];
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs,String authType) {
System.out.println("test2");
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs,String authType) {
System.out.println("test3");
}
}
但到目前为止我无法解决问题。我收到了" javax.net.ssl.SSLHandshakeException"。 我想用Java连接到服务器。 这个问题的原因是什么?
注意: - 我测试了#34; https://api.softtouch.eu/#/accounts/#/xxxxxxxx?take=100"与PHP连接。它运作良好。但PHP源文件使用以下行禁用SSL验证。 curl_setopt($ httpRequest,CURLOPT_SSL_VERIFYPEER,FALSE);
这是SSL调试文本: - *** ClientHello,TLSv1.2 RandomCookie:GMT:1425473345字节= {113,222,27,25,227,136,38,249,128,230,125,228,156,5,175,99,22,55,227,185,101, 32,160,186,72,167,247,166} 会话ID:{} 密码套件:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC _SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 压缩方法:{0} 扩展elliptic_curves,曲线名称:{secp256r1,sect163k1,sect163r2,secp192r1,secp224r1,sect233k1,sect233r1,sect283k1,sect283r1,secp384r1,sect409k1,sect409r1,secp521r1,sect571k1,sect571r1,secp160k1,secp160r1,secp160r2,sect163r1,secp192k1,sect193r1,sect193r2 ,secp224k1,sect239k1,secp256k1} 扩展ec_point_formats,格式:[未压缩] 扩展signature_algorithms,signature_algorithms:SHA512withECDSA,SHA512withRSA,SHA384withECDSA,SHA384withRSA,SHA256withECDSA,SHA256withRSA,SHA224withECDSA,SHA224withRSA,SHA1withECDSA,SHA1withRSA,SHA1withDSA,MD5withRSA
main,WRITE:TLSv1.2握手,长度= 195 main,READ:TLSv1.2警报,长度= 2 main,RECV TLSv1.2 ALERT:致命,handshake_failure main,名为closeSocket()
答案 0 :(得分:1)
该网站的证书很好,因此您不需要禁用证书验证。但是,该网站要求使用Server Name Indication (SNI)来提供正确的证书。如果支持SNI取决于它是否已启用取决于Java版本,但它不适用于Java 1.6及更低版本。
除此之外,握手异常可能表明问题根本与证书验证无关。该站点仅支持一些使用AES256的密码。但由于出口限制,默认情况下Java中不支持AES256。