首页 > 代码库 > SSLv3协议、TLSv1.2协议配置不对导致javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset
SSLv3协议、TLSv1.2协议配置不对导致javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset
SSl:Secure Sockets Layer 安全套接层
TLS:Transport Layer Security传输层安全
是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。(见百度)
场景描述:将公司请求第三方公司的接口协议由http改成https后,出现了请求套接字异常的情况,第三方公司也收不到具体的请求,具体异常如下,
javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287) at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252) at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:684) at org.glassfish.jersey.client.JerseyInvocation$1.call(JerseyInvocation.java:681) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:228) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444) at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:681) at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:411) at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:311) at com.baoxian.payment.UnionPayPayment.request(UnionPayPayment.java:323)
...
Caused by: java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:209)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:394)
at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285)
... 66 more
实现http协议的代码为:
1 import java.security.SecureRandom; 2 import java.security.cert.X509Certificate; 3 4 import javax.net.ssl.HostnameVerifier; 5 import javax.net.ssl.SSLContext; 6 import javax.net.ssl.SSLSession; 7 import javax.net.ssl.TrustManager; 8 import javax.net.ssl.X509TrustManager; 9 import javax.ws.rs.client.Client; 10 import javax.ws.rs.client.ClientBuilder; 11 12 import org.apache.commons.logging.Log; 13 import org.apache.commons.logging.LogFactory; 14 15 public class ClientUtil { 16 private static Log log = LogFactory.getLog(ClientUtil.class); 17 private static SSLContext sslContext = null; 18 private static HostnameVerifier hv = null; 19 public static Client sslClient = null; 20 public static Client client = null; 21 static{ 22 client = ClientBuilder.newClient(); 23 try { 24 sslContext = SSLContext.getInstance("SSLv3"); 25 sslContext.init(null, new TrustManager[] { new X509TrustManager() { 26 public X509Certificate[] getAcceptedIssuers() { 27 return new X509Certificate[0]; 28 } 29 30 public void checkClientTrusted(X509Certificate[] certs, String authType) { 31 } 32 33 public void checkServerTrusted(X509Certificate[] certs, String authType) { 34 } 35 } }, new SecureRandom()); 36 } catch (Exception e) { 37 log.error("SSL失败", e); 38 } 39 hv = new HostnameVerifier() { 40 public boolean verify( String arg0, SSLSession arg1 ) { return true; } 41 }; 42 sslClient = ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build(); 43 } 44 }
调用ClientUtil类的代码
1 url = url + "?data="http://www.mamicode.com/+ URLEncoder.encode(jsonObject.toJSONString(),"UTF-8"); 2 log.info("银联请求: type: " + transType + ", URL:" + url); 3 4 5 Response response = ClientUtil.client.
.target(url) 7 .request() 8 .get();
这里的代码写死了只能用SSLv3安全协议,一运行的时候就报连接错误。可是,同样的请求放到google浏览器上请求就可以通过。
把请求复制到google浏览器请求栏,按F12,点击enter键,查看Security菜单栏输出的网页内容,发现这个请求接受TLS1.2安全协议
为了不影响其它类使用SSL协议,对这个类进行重写。重写后类,新增了获取制定安全协议的方法,支持指定安全协议的请求。
1 import java.security.SecureRandom; 2 import java.security.cert.X509Certificate; 3 4 import javax.net.ssl.HostnameVerifier; 5 import javax.net.ssl.SSLContext; 6 import javax.net.ssl.SSLSession; 7 import javax.net.ssl.TrustManager; 8 import javax.net.ssl.X509TrustManager; 9 import javax.ws.rs.client.Client; 10 import javax.ws.rs.client.ClientBuilder; 11 12 import org.apache.commons.logging.Log; 13 import org.apache.commons.logging.LogFactory; 14 15 public class ClientUtil { 16 private static Log log = LogFactory.getLog(ClientUtil.class); 17 private static SSLContext sslContext = null; 18 private static HostnameVerifier hv = null; 19 public static Client sslClient = null; 20 public static Client client = null; 21 private static TrustManager simpleTrust=null; 22 static{ 23 client = ClientBuilder.newClient(); 24 try { 25 sslContext = SSLContext.getInstance("SSLv3"); 26 simpleTrust=new X509TrustManager() { 27 public X509Certificate[] getAcceptedIssuers() { 28 return new X509Certificate[0]; 29 } 30 31 public void checkClientTrusted(X509Certificate[] certs, String authType) { 32 } 33 34 public void checkServerTrusted(X509Certificate[] certs, String authType) { 35 } 36 }; 37 sslContext.init(null, new TrustManager[] { simpleTrust}, new SecureRandom()); 38 } catch (Exception e) { 39 log.error("SSL失败", e); 40 } 41 hv = new HostnameVerifier() { 42 public boolean verify( String arg0, SSLSession arg1 ) { return true; } 43 }; 44 sslClient = ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build(); 45 } 46 47 public static Client getSslClient(String protocol) 48 { 49 try { 50 SSLContext sslContextTmp= SSLContext.getInstance(protocol); 51 sslContextTmp.init(null, new TrustManager[] { simpleTrust}, new SecureRandom()); 52 return ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContextTmp).build(); 53 } 54 catch (Exception ex) 55 { 56 return ClientBuilder.newBuilder().hostnameVerifier(hv).sslContext(sslContext).build(); 57 } 58 } 59 }
改正后的调用方法
1 url = url + "?data="http://www.mamicode.com/+ URLEncoder.encode(jsonObject.toJSONString(),"UTF-8"); 2 3 Response response = ClientUtil.getSslClient("TLSv1.2") 4 .target(url) 5 .request() 6 .get();
说明:不同第三方公司支持https协议的时候可以用不同安全协议,对于不同的情况要予以考虑。
SSLv3协议、TLSv1.2协议配置不对导致javax.ws.rs.ProcessingException: java.net.SocketException: Connection reset