在Android中实现TLS-SSL-javax.net.ssl.SSLHandshakeException:握手失败

时间:2019-01-25 11:30:35

标签: android ssl tls1.2 sslsocketfactory

我正在尝试在android中使用TLS v1.2实施SSL。我编写的代码如下:

try {
     if (mSocket == null || !mSocket.isBound()
                            || mSocket.isClosed()) {
     KeyStore keyStore = KeyStore.getInstance("PKCS12");
     InputStream inputStream = mContext.getAssets().open("keystore.pfx");
     try {
          keyStore.load(inputStream, mContext.getString(R.string.pw).toCharArray());
          } catch (CertificateException e) {
            e.printStackTrace();
          } catch (NoSuchAlgorithmException e) {
          e.printStackTrace();
          } finally {
                     if (inputStream != null) {
                     inputStream.close();
                     }
          }


          KeyStore trustStore = KeyStore.getInstance("PKCS12");
          InputStream inputStreamts = mContext.getAssets().open("truststore.pfx");
          try {
               trustStore.load(inputStreamts, mContext.getString(R.string.ts_pw).toCharArray());
              } catch (CertificateException e) {
              e.printStackTrace();
              } catch (NoSuchAlgorithmException e) {
              e.printStackTrace();
              } finally {
              if (inputStreamts != null) {
              inputStreamts.close();
              }
              }

           TrustManagerFactory tmf = TrustManagerFactory
                                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
           tmf.init(trustStore);
           KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
           kmf.init(keyStore, mContext.getString(R.string.pw).toCharArray());
           SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
           sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
           SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
           mSocket = (SSLSocket) factory.createSocket(businessIp, businessPort);
           mSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
                 mSocket.setEnabledCipherSuites(sslContext.getServerSocketFactory().getSupportedCipherSuites());
          }
          mSocket.setUseClientMode(true);

          StringBuilder inputLineBuilder = new StringBuilder();
          if (mSocket != null) {
          try {
               //printSocketInfo(mSocket);
               mSocket.startHandshake();
               OutputStream os = mSocket.getOutputStream();
               os.write(f_RequestData);
               PrintWriter out = new PrintWriter(
                                    new BufferedWriter(
                                            new OutputStreamWriter(os)));

               out.flush();
               if (out.checkError())
               System.out.println("SSLSocketClient:  java.io.PrintWriter error");    
               BufferedReader in = new BufferedReader(
                                    new InputStreamReader(
                                            mSocket.getInputStream()));
               String response;
               while ((response = in.readLine()) != null)
                     inputLineBuilder.append(response);
               in.close();
               out.close();
               mSocket.close();
               m_Response = inputLineBuilder.toString();
            }catch(Exception e){e.printstacktrace();}
            }
                } catch (UnknownHostException e) {
                    e.printstacktrace();
                } catch (SocketTimeoutException e) {
                    e.printStackTrace();
                } catch (SocketException e) {
                    e.printStackTrace();
                } catch (IOException e) {
                    e.printStackTrace();
                } catch (UnrecoverableKeyException e) {
                    e.printStackTrace();
                } catch (NoSuchAlgorithmException e) {
                    e.printStackTrace();
                } catch (KeyStoreException e) {
                    e.printStackTrace();
                } catch (KeyManagementException e) {
                    e.printStackTrace();
                }
            }

套接字创建成功,但是执行mSocket.startHandshake()时,出现以下异常:

  

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:   javax.net.ssl.SSLHandshakeException:握手失败

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:276)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   com.example.networkmanager.ConnectionManager $ 1.run(ConnectionManager.java:135)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   java.lang.Thread.run(Thread.java:764)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:由以下原因引起:   javax.net.ssl.SSLProtocolException:SSL握手已中止:   ssl = 0x724c726080:SSL库失败,通常是协议错误

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:   错误:10000410:SSL   例程:OPENSSL_内部:SSLV3_ALERT_HANDSHAKE_FAILURE   (外部/无聊的ssl / src / ssl / tls_record.cc:579 0x7242eb8540:0x00000001)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:   错误:1000009a:SSL   例程:OPENSSL_内部:HANDSHAKE_FAILURE_ON_CLIENT_HELLO   (外部/boringssl/src/ssl/handshake_client.cc:893   0x724ebf70d7:0x00000000)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(本机方法)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在   com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)

     

2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:... 2   更多

当尝试打印套接字信息时。我可以看到以下信息:

 Need client authentication = false
 Cipher suite = SSL_NULL_WITH_NULL_NULL
 Protocol = NONE
 Peer Host = null
 Peer Port = -1
 Is Valid = false

尝试获得对等原则时,除了以下例外:

  

javax.net.ssl.SSLPeerUnverifiedException:没有对等证书           在com.android.org.conscrypt.SSLNullSession.getPeerPrincipal(SSLNullSession.java:122)           在com.neml.direct.qr.networkmanager.ConnectionManager.printSocketInfo(ConnectionManager.java:246)           在com.neml.direct.qr.networkmanager.ConnectionManager $ 1.run(ConnectionManager.java:134)           在java.lang.Thread.run(Thread.java:764)

我用几个stackoverflow帖子和博客搜索了此问题。 我已经检查了以下内容:

  1. KeyStore和TrustStore已正确加载,并且不为null。
  2. 已检查证书链的顺序。没错。

我无法理解,我丢失了什么,还需要做些什么才能成功开始握手。请帮忙。任何帮助将不胜感激。

0 个答案:

没有答案