我使用restTemplate将我连接到其他服务,应用程序使用Java 1.6_101和Spring 3.2.18,这是一个遗留应用程序,你知道java 1.6不支持TLSv1。 2,现在我配置了Bouncy Castle以支持TLSv1.2并且我安装了JCE(Java Security Extension)来设置限制密钥大小无限制。现在HandShake步骤中的连接失败。
这里是restTemplate的配置代码,这同意所有证书。
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.log4j.Logger;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.concurrent.TimeUnit;
@Configuration
public class RestTemplateConfig {
private static final int TIMEOUT = 20000;
private static final Logger LOGGER = Logger.getLogger(RestTemplateConfig.class);
@Bean
public RestTemplate restTemplate() {
try {
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
TrustManager tm = new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
if (chain == null || chain.length < 1 || authType == null || authType.length() < 1) {
throw new IllegalArgumentException();
}
String subject = chain[0].getSubjectX500Principal().getName();
LOGGER.info("Auto-trusted server certificate chain for: " + subject);
}
public void checkClientTrusted(X509Certificate[] chain, String authType) {
//necesary
}
};
SSLContext sslContext = SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, new TrustManager[]{tm}, new SecureRandom());
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1.2", "TLSv1.1"}, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.setSslcontext(sslContext)
.setConnectionTimeToLive(TIMEOUT, TimeUnit.MILLISECONDS)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
return new RestTemplate(requestFactory);
} catch (Exception e) {
LOGGER.error("No se pudo inicializar configuracion SSL ", e);
}
return null;
}
}
当我使用此类调用API rest
时restTemplate.postForObject(&#34; https://someapi&#34;,request,some.class);
获得以下例外情况:
Iniciando llamado get token<{grant_type=client_credentials},{Content-Type=[application/json], Authorization=[Basic 516060891508785571340:H5DNTFwshoyCLGo4hc_c55S2AFO2oqxGq71BDulu3mJb]}>
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.client.protocol.RequestAddCookies]:122 - CookieSpec selected: default
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.client.protocol.RequestAuthCache]:76 - Auth cache not set in the context
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager]:249 - Connection request: [route: {s}->https://api:443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.conn.PoolingHttpClientConnectionManager]:282 - Connection leased: [id: 0][route: {s}->https://api:443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.execchain.MainClientExec]:234 - Opening connection {s}->https://api:443
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.conn.DefaultHttpClientConnectionOperator]:131 - Connecting to api/zz.123.xxx.yyy:443
[07/12/2017 15:43:48] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:335 - Connecting socket to api/zz.123.xxx.yyy:443 with timeout 0
[07/12/2017 15:43:49] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:388 - Enabled protocols: [TLSv1.2, TLSv1.1]
[07/12/2017 15:43:49] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:389 - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA]
[07/12/2017 15:43:49] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.conn.ssl.SSLConnectionSocketFactory]:393 - Starting handshake
Dec 7, 2017 3:45:16 PM org.bouncycastle.jsse.provider.ProvTlsClient notifyAlertRaised
INFO: Client raised fatal(2) handshake_failure(40) alert: Failed to read record
org.bouncycastle.tls.TlsFatalAlert: handshake_failure(40)
at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLSocketWrap.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:82)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:50)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:519)
at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:482)
at org.springframework.web.client.RestTemplate.postForObject(RestTemplate.java:327)
at net.technisys.fiftech.service.PaymentsService.init(PaymentsService.java:69)
at net.technisys.fiftech.controller.PaymentsController.init(PaymentsController.java:38)
at net.technisys.mobile.techbank.bankinghandlers.ConsolidadaFalabellaHandler.obtenerProductos(ConsolidadaFalabellaHandler.java:152)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:185)
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:416)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537)
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:301)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.SessionExpirationControl.doFilter(SessionExpirationControl.java:115)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.NextTransactionFilter.doFilter(NextTransactionFilter.java:90)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.MessageTypeBasedFilter.doFilter(MessageTypeBasedFilter.java:191)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.BuilderHeadersResponseFilter.doFilter(BuilderHeadersResponseFilter.java:52)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.LoggerFilter.doFilter(LoggerFilter.java:186)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.BufferFlusherFilter.doFilter(BufferFlusherFilter.java:43)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.mdc.MDCFilter.doFilter(MDCFilter.java:32)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at net.technisys.security.filters.ControlUserFilter.doFilter(ControlUserFilter.java:51)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3748)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3714)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2283)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2182)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1491)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:263)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
[07/12/2017 15:45:16] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection]:87 - http-outgoing-0: Shutdown connection
[07/12/2017 15:45:16] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.execchain.MainClientExec]:128 - Connection discarded
[07/12/2017 15:45:16] [DEBUG] [JSID=O-wySB2_4juRqnhzhF4y26EwhYLKB6uT5jMJ19l2oDyHAern33Tt!-2023087022!1512672075199] [org.apache.http.impl.conn.DefaultManagedHttpClientConnection]:79 - http-outgoing-0: Close connection