客戶端SSL SSL：javax.net.ssl.SSLHandshakeException

Question

我正在Java客戶端中休息一下，該服務器是一個為我提供URL +密鑰的應用程序。 示例： https : //api.ost.pt/agencies/?key=vkey這足以在json中返回響應。 有一個用php制作的客戶端，一切都很好，除了我要遷移到Java並且由於SSL遇到一些Java問題。 有人已經在Java中使用SSL的客戶端了嗎？ 我不明白您必須執行哪種身份驗證...

Tnha下面的代碼：

String httpsURL = "https://api.ost.pt/agencies/?key=vkey";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
{
  System.out.println(inputLine);
}

in.close();

結果：

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

我做了一些簡單的事情，但是我認為它可以工作，因為在php中不再是多余的了。 他們可以幫助我在Java中實現Java的REST客戶端嗎？

謝謝收聽

Answer 1

這是因為Java不支持服務器的密碼套件。 您可以從https://www.ssllabs.com驗證服務器上可用的密碼套件。 以下是示例輸出。

在上圖中，您可以看到服務器上有哪些可用的密碼套件。 以下代碼顯示了JVM中可用的密碼套件。

SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
String cSuites[] = factory.getSupportedCipherSuites();
for(String s : cSuites){
     System.out.println(s);
}

您可以解決的問題是下載並安裝Java Cryptography Extension。 對於jdk 1.8，可以在此處下載JCE。 要安裝JCE，只需將local_policy.jar和US_export_policy.jar放在$YOUR_JDK_HOME/jre/lib/security和$YOUR_JAVA_HOME/jre8/lib/security目錄中。

現在，在程序中，在建立連接之前，您可以為服務器上的一個或多個可用密碼套件設置https.cipherSuites屬性。 您可以使用https.cipherSuites屬性來指定啟用哪些密碼套件與HttpsURLConnection一起使用。 但是，設置此屬性不是必需的。

System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA");

String httpsURL = "https://api.ost.pt/agencies/?key=vkey";
URL myurl = new URL(httpsURL);
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection();
InputStream ins = con.getInputStream();
InputStreamReader isr = new InputStreamReader(ins);
BufferedReader in = new BufferedReader(isr);
String inputLine;
while ((inputLine = in.readLine()) != null)
{
     System.out.println(inputLine);
}

in.close();

注意：除了以TLS_DHE_XXX開頭的密碼套件之外，由於此已知錯誤而無法使用。

之后，您可以建立與服務器的連接。 但是，由於身份驗證失敗，它仍然返回錯誤代碼401。 為此，您需要提供適當的身份驗證詳細信息。

Answer 2

使用以下代碼：

package com.rest.client;
    //http://apiwave.com/java/snippets/removal/org.glassfish.jersey.client.authentication.HttpAuthenticationFeature
    import java.io.IOException;
    import java.net.*;
    import java.security.KeyManagementException;
    import java.security.NoSuchAlgorithmException;
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.ws.rs.client.Client;
    import javax.ws.rs.client.ClientBuilder;
    import javax.ws.rs.client.Entity;
    import javax.ws.rs.client.WebTarget;
    import javax.ws.rs.core.Response;
    import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
    import org.glassfish.jersey.filter.LoggingFilter;
    import com.rest.dto.Employee;

    public class RestClientTest {
        /**
         * @param args
         */
        public static void main(String[] args) {
            try {
                //
                sslRestClientGETReport();
                //
                sslRestClientPost();
                //
                sslRestClientGET();
                //
            } catch (KeyManagementException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            } catch (NoSuchAlgorithmException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            } catch (IOException e1) {
                // TODO Auto-generated catch block
                e1.printStackTrace();
            }
        }

        //
        private static WebTarget    target      = null;
        //
        private static String       userName    = "Vkhan";
        private static String       passWord    = "Vkhan";

        //
        public static void sslRestClientGETReport() throws KeyManagementException, IOException, NoSuchAlgorithmException {
            //
            //AuthService 

            //
            SSLContext sc = SSLContext.getInstance("TLSv1");
            TrustManager[] trustAllCerts = { new InsecureTrustManager() };
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
            //
            Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
            //


            String baseUrl ="https://vaquarkhan.net/companyabc/efgd//criteria";

            c.register(HttpAuthenticationFeature.basic(userName, passWord));
            target = c.target(baseUrl);
            target.register(new LoggingFilter());
            String responseMsg = target.request().get(String.class);
            System.out.println("-------------------------------------------------------");
            System.out.println(responseMsg);
            System.out.println("-------------------------------------------------------");
            //

        }

        public static void sslRestClientGET() throws KeyManagementException, IOException, NoSuchAlgorithmException {
            //
            //
            SSLContext sc = SSLContext.getInstance("SSL");
            TrustManager[] trustAllCerts = { new InsecureTrustManager() };
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
            //
            Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
            //

            String baseUrl = "https://vaquarkhan.net/companyabc/efgd//criteria";

            //
            c.register(HttpAuthenticationFeature.basic(userName, passWord));
            target = c.target(baseUrl);
            target = target.path("vm/khan/api/v1/name").queryParam("search","%7B\"aa\":\"202\",\"bb\":\"khan\",\"tt\":\"10\",\"type\":\"OP\",\"userId\":[\"123,456\"],\"nk\":\"IM\",\"pk\":\"op\"%7D");

            target.register(new LoggingFilter());
            String responseMsg = target.request().get(String.class);
            System.out.println("-------------------------------------------------------");
            System.out.println(responseMsg);
            System.out.println("-------------------------------------------------------");
            //

        }
        //TOD need to fix
        public static void sslRestClientPost() throws KeyManagementException, IOException, NoSuchAlgorithmException {
            //
            //
            Employee employee = new Employee("123", "12345", "20", "KK",
                    null, "6786", "dfdfdf", "we", "sdsdsdsds", "4", "4");
            //
            SSLContext sc = SSLContext.getInstance("SSL");
            TrustManager[] trustAllCerts = { new InsecureTrustManager() };
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
            //
            Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
            //

            String baseUrl = "https://vaquar/khan/api/v1/name";

            c.register(HttpAuthenticationFeature.basic(userName, passWord));
            target = c.target(baseUrl);
            target.register(new LoggingFilter());
            //
            Response response = target.request().put(Entity.json(employee));
            String output = response.readEntity(String.class);
            //
            System.out.println("-------------------------------------------------------");
            System.out.println(output);
            System.out.println("-------------------------------------------------------");

        }

        public static void URI( String myURL){

            try {
              URL url = new URL(myURL);
              String nullFragment = null;
              URI uri = new java.net.URI(url.getProtocol(), url.getHost(), url.getPath(), url.getQuery(), nullFragment);
              System.out.println("URI " + uri.toString() + " is OK");
            } catch (MalformedURLException e) {
              System.out.println("URL " + myURL + " is a malformed URL");
            } catch (URISyntaxException e) {
              System.out.println("URI " + myURL + " is a malformed URL");
            }
          }
    }