返回信息流目前实验室项目需要,利用java模拟登录一个https的网站,这个网站采用的ssl双向认证,客户端对服务器的认证直接采用的是信任所有。目前问题主要出现在服务器对客户端的认证上:客户端的证书是在一个usb key中,也导出来放到了密钥库中。具体异常如下:
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at LoginAction.MockLogin.main(MockLogin.java:107)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 14 more
用于模拟登录的post请求的代码如下:
public class MockLogin {
private final static String KEYSTORE_FILEPATH = "d:/ssl/myclient.jks"; //客户端密钥库证书
private final static String KEYSTORE_PASSWORD = "123456";
public static DefaultHttpClient testHttpClient(HttpClient httpClient) throws ClientProtocolException, IOException{
SSLContext sslContext = null;
try {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(KEYSTORE_FILEPATH), KEYSTORE_PASSWORD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, KEYSTORE_PASSWORD.toCharArray());
X509TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
};
sslContext = SSLContext.getInstance("SSL");
sslContext.init(kmf.getKeyManagers(), new TrustManager[]{tm}, null);
SSLSocketFactory ssf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = httpClient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
return new DefaultHttpClient(ccm, httpClient.getParams());
} catch (Exception e) {
// TODO: handle exception
return null;
}
}
public static void main(String[] args) throws ClientProtocolException, IOException {
CloseableHttpClient httpClient = MockLogin.testHttpClient(new DefaultHttpClient());
HttpPost post = new HttpPost("https://xxxx:9988/login.jsp");
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
nvps.add(new BasicNameValuePair("username", "xxxx"));
nvps.add(new BasicNameValuePair("password", "xxxx"));
post.setEntity(new UrlEncodedFormEntity(nvps,"utf-8"));
HttpResponse response = httpClient.execute(post);
HttpEntity entity = response.getEntity();
String content = EntityUtils.toString(entity);
EntityUtils.consume(entity);
System.out.println(content);
}
}
麻烦各位熟悉ssl机制或者做过这方面项目的同学们帮忙指点下应该怎么解决这种问题!(之前在网上一直没有找到合适的答案,已经好几天没有头绪了)
这是一条镜像帖。来源:北邮人论坛 / java / #41534同步于 2015/6/10
Java机器人发帖
Java ssl连接异常, Remote host closed connection during han
zjd10211766
2015/6/10镜像同步0 回复
订阅后,新回复会通过你的通知中心匿名送达。
0 条回复
暂无回复 · 你可以订阅本帖等待新回复。