我正在尝试在android中使用TLS v1.2实施SSL。我编写的代码如下:
try {
if (mSocket == null || !mSocket.isBound()
|| mSocket.isClosed()) {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream inputStream = mContext.getAssets().open("keystore.pfx");
try {
keyStore.load(inputStream, mContext.getString(R.string.pw).toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
if (inputStream != null) {
inputStream.close();
}
}
KeyStore trustStore = KeyStore.getInstance("PKCS12");
InputStream inputStreamts = mContext.getAssets().open("truststore.pfx");
try {
trustStore.load(inputStreamts, mContext.getString(R.string.ts_pw).toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
if (inputStreamts != null) {
inputStreamts.close();
}
}
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, mContext.getString(R.string.pw).toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory.getDefault();
mSocket = (SSLSocket) factory.createSocket(businessIp, businessPort);
mSocket.setEnabledProtocols(new String[]{"TLSv1.2"});
mSocket.setEnabledCipherSuites(sslContext.getServerSocketFactory().getSupportedCipherSuites());
}
mSocket.setUseClientMode(true);
StringBuilder inputLineBuilder = new StringBuilder();
if (mSocket != null) {
try {
//printSocketInfo(mSocket);
mSocket.startHandshake();
OutputStream os = mSocket.getOutputStream();
os.write(f_RequestData);
PrintWriter out = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(os)));
out.flush();
if (out.checkError())
System.out.println("SSLSocketClient: java.io.PrintWriter error");
BufferedReader in = new BufferedReader(
new InputStreamReader(
mSocket.getInputStream()));
String response;
while ((response = in.readLine()) != null)
inputLineBuilder.append(response);
in.close();
out.close();
mSocket.close();
m_Response = inputLineBuilder.toString();
}catch(Exception e){e.printstacktrace();}
}
} catch (UnknownHostException e) {
e.printstacktrace();
} catch (SocketTimeoutException e) {
e.printStackTrace();
} catch (SocketException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
套接字创建成功,但是执行mSocket.startHandshake()时,出现以下异常:
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err: javax.net.ssl.SSLHandshakeException:握手失败
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:276)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 com.example.networkmanager.ConnectionManager $ 1.run(ConnectionManager.java:135)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 java.lang.Thread.run(Thread.java:764)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:由以下原因引起: javax.net.ssl.SSLProtocolException:SSL握手已中止: ssl = 0x724c726080:SSL库失败,通常是协议错误
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err: 错误:10000410:SSL 例程:OPENSSL_内部:SSLV3_ALERT_HANDSHAKE_FAILURE (外部/无聊的ssl / src / ssl / tls_record.cc:579 0x7242eb8540:0x00000001)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err: 错误:1000009a:SSL 例程:OPENSSL_内部:HANDSHAKE_FAILURE_ON_CLIENT_HELLO (外部/boringssl/src/ssl/handshake_client.cc:893 0x724ebf70d7:0x00000000)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(本机方法)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 com.android.org.conscrypt.SslWrapper.doHandshake(SslWrapper.java:374)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:在 com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:217)
2019-01-25 16:56:37.627 4905-4991 / com.example W / System.err:... 2 更多
当尝试打印套接字信息时。我可以看到以下信息:
Need client authentication = false
Cipher suite = SSL_NULL_WITH_NULL_NULL
Protocol = NONE
Peer Host = null
Peer Port = -1
Is Valid = false
尝试获得对等原则时,除了以下例外:
javax.net.ssl.SSLPeerUnverifiedException:没有对等证书 在com.android.org.conscrypt.SSLNullSession.getPeerPrincipal(SSLNullSession.java:122) 在com.neml.direct.qr.networkmanager.ConnectionManager.printSocketInfo(ConnectionManager.java:246) 在com.neml.direct.qr.networkmanager.ConnectionManager $ 1.run(ConnectionManager.java:134) 在java.lang.Thread.run(Thread.java:764)
我用几个stackoverflow帖子和博客搜索了此问题。 我已经检查了以下内容:
我无法理解,我丢失了什么,还需要做些什么才能成功开始握手。请帮忙。任何帮助将不胜感激。