使用TLSv1.2从Java连接到Cloudant

时间:2019-05-31 14:05:09

标签: java tls1.2 cloudant

我正在尝试使用运行IBM JRE的Liberty服务器中的TLSv1.2从Java连接到我的Cloudant数据库。

对低于TLSv1.2的连接的支持即将终止,我需要进行此工作。

我在为TLSv1.2通信配置的构建器中添加了customSSLSocketFactory,当我在Oracle JRE上运行的本地环境中运行它时,没有错误,但是当我在较新的环境中运行它时,在IBM JRE(Java 8的最新版本)上运行Liberty服务器时,出现错误。

SSLSocketFactory sslSocketFactory; 
try {
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init((KeyStore) null);
    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
    if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
        throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
    }
    X509TrustManager trustManager = (X509TrustManager) trustManagers[0];

    SSLContext ssl = SSLContext.getInstance("TLSv1.2");
    ssl.init(null, new TrustManager[] { trustManager }, new SecureRandom());
    sslSocketFactory = ssl.getSocketFactory();
} catch (GeneralSecurityException e) {
    throw new RuntimeException(e);
}

client = ClientBuilder.url(new URL(restServerURL)).username(userid)
         .password(password).connectTimeout(60, TimeUnit.SECONDS).customSSLSocketFactory(sslSocketFactory)
         .build();

收到的错误是:

R java.lang.IllegalStateException: Unable to extract the trust manager on okhttp3.internal.platform.Platform@5194035f, sslSocketFactory is class com.ibm.jsse2.SSLSocketFactoryImpl
R   at okhttp3.OkHttpClient$Builder.sslSocketFactory(OkHttpClient.java:654)
R   at okhttp3.internal.huc.OkHttpsURLConnection.setSSLSocketFactory(OkHttpsURLConnection.java:63)
R   at com.cloudant.http.internal.interceptors.SSLCustomizerInterceptor.interceptRequest(SSLCustomizerInterceptor.java:71)
R   at com.cloudant.http.HttpConnection.execute(HttpConnection.java:290)
R   at com.cloudant.client.org.lightcouch.CouchDbClient.execute(CouchDbClient.java:485)
R   at com.cloudant.client.api.CloudantClient.executeRequest(CloudantClient.java:339)
R   at com.cloudant.client.internal.views.ViewRequester.executeRequestWithResponseAsJson(ViewRequester.java:34)
R   at com.cloudant.client.internal.views.ViewRequester.getResponseAsJson(ViewRequester.java:28)
R   at com.cloudant.client.internal.views.ViewRequestImpl.getResponse(ViewRequestImpl.java:34)
R   at com.profility.database.cloudant.CloudantConnector.getQuestionnaire(CloudantConnector.java:470)
R   at com.profility.database.Database.getQuestionnaire(Database.java:159)
R   at com.profility.questionnaire.QuestionnaireCache.getTheQuestionnaire(QuestionnaireCache.java:21)
R   at com.profility.scheduer.ApplicationStarter.run(ApplicationStarter.java:31)
R   at java.lang.Thread.run(Thread.java:812)

1 个答案:

答案 0 :(得分:0)

您不需要自定义SSLSocketFactory即可使用TLS1.2,只需将JVM配置为提供TLSv1.2。

可能您只需要此support document com.ibm.jsse2.overrideDefaultTLS=true中所述的属性即可匹配Oracle行为并启用TLS 1.0、1.1。和1.2(而不是默认值1.0)。

如果这还不够,您可能需要使用此support document中所述的属性才能为协议启用TLSv1.2。

相关问题
最新问题