客戶端休息SSL java：javax.net.ssl.SSLHandshakeException

Question

我在java客戶端中休息，其中服務器是一個給我一個URL +密鑰的應用程序。例如： https://api.ost.pt/agencies/?key=vkey 這足以在json中返回響應。有一個用php製作的客戶端，一切都很好，除了我正在轉移到java，我因爲SSL而遇到了一些java困難的問題。有人已經擁有使用SSL的Java客戶端？我不明白什麼樣的，你必須做認證......

TNHA下面的代碼：

String httpsURL = "https://api.ost.pt/agencies/?key=vkey"; 
URL myurl = new URL(httpsURL); 
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection(); 
InputStream ins = con.getInputStream(); 
InputStreamReader isr = new InputStreamReader(ins); 
BufferedReader in = new BufferedReader(isr); 
String inputLine; 
while ((inputLine = in.readLine()) != null) 
{ 
    System.out.println(inputLine); 
} 

in.close(); 

結果：

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 

我做了一些簡單的，但我認爲它的工作因爲在PHP中不再是任何autentic。他們可以藉助Java來實現REST客戶端嗎？

謝謝您聽

Answer 1

這是因爲Java不支持服務器的密碼套件。 您可以從https://www.ssllabs.com驗證服務器上可用的密碼套件。以下是一個示例輸出。

在上面的圖片你可以看到什麼都可以在服務器上的密碼套件。 以下代碼顯示了您的JVM可用的密碼套件。

SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); 
String cSuites[] = factory.getSupportedCipherSuites(); 
for(String s : cSuites){ 
    System.out.println(s); 
} 

你可以做什麼來解決你的問題是下載並安裝Java加密擴展。對於jdk 1.8，JCE可以下載here。 要安裝JCE，只需在$YOUR_JDK_HOME/jre/lib/security和$YOUR_JAVA_HOME/jre8/lib/security目錄中放入local_policy.jar和US_export_policy.jar。

現在在您的程序中，在建立連接之前，您可以爲服務器上的一個或多個可用密碼套件設置https.cipherSuites屬性。您可以使用https.cipherSuites屬性來指定哪些密碼套件可用於您的HttpsURLConnection。但是，設置此屬性不是強制性的。

System.setProperty("https.cipherSuites", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"); 

String httpsURL = "https://api.ost.pt/agencies/?key=vkey"; 
URL myurl = new URL(httpsURL); 
HttpsURLConnection con = (HttpsURLConnection)myurl.openConnection(); 
InputStream ins = con.getInputStream(); 
InputStreamReader isr = new InputStreamReader(ins); 
BufferedReader in = new BufferedReader(isr); 
String inputLine; 
while ((inputLine = in.readLine()) != null) 
{ 
    System.out.println(inputLine); 
} 

in.close(); 

注：除了與TLS_DHE_XXX.They開始不工作，由於this known bug那些密碼套件。

之後，您可以建立到服務器的連接。但是，由於身份驗證失敗，它仍然返回錯誤代碼401。爲此，您需要提供適當的驗證細節。

Answer 2

使用下面的代碼：

package com.rest.client; 
    //http://apiwave.com/java/snippets/removal/org.glassfish.jersey.client.authentication.HttpAuthenticationFeature 
    import java.io.IOException; 
    import java.net.*; 
    import java.security.KeyManagementException; 
    import java.security.NoSuchAlgorithmException; 
    import javax.net.ssl.HostnameVerifier; 
    import javax.net.ssl.SSLContext; 
    import javax.net.ssl.TrustManager; 
    import javax.ws.rs.client.Client; 
    import javax.ws.rs.client.ClientBuilder; 
    import javax.ws.rs.client.Entity; 
    import javax.ws.rs.client.WebTarget; 
    import javax.ws.rs.core.Response; 
    import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature; 
    import org.glassfish.jersey.filter.LoggingFilter; 
    import com.rest.dto.Employee; 

    public class RestClientTest { 
     /** 
     * @param args 
     */ 
     public static void main(String[] args) { 
      try { 
       // 
       sslRestClientGETReport(); 
       // 
       sslRestClientPost(); 
       // 
       sslRestClientGET(); 
       // 
      } catch (KeyManagementException e1) { 
       // TODO Auto-generated catch block 
       e1.printStackTrace(); 
      } catch (NoSuchAlgorithmException e1) { 
       // TODO Auto-generated catch block 
       e1.printStackTrace(); 
      } catch (IOException e1) { 
       // TODO Auto-generated catch block 
       e1.printStackTrace(); 
      } 
     } 

     // 
     private static WebTarget target  = null; 
     // 
     private static String  userName = "Vkhan"; 
     private static String  passWord = "Vkhan"; 

     // 
     public static void sslRestClientGETReport() throws KeyManagementException, IOException, NoSuchAlgorithmException { 
      // 
      //AuthService 

      // 
      SSLContext sc = SSLContext.getInstance("TLSv1"); 
      TrustManager[] trustAllCerts = { new InsecureTrustManager() }; 
      sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
      HostnameVerifier allHostsValid = new InsecureHostnameVerifier(); 
      // 
      Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build(); 
      // 


      String baseUrl ="https://vaquarkhan.net/companyabc/efgd//criteria"; 

      c.register(HttpAuthenticationFeature.basic(userName, passWord)); 
      target = c.target(baseUrl); 
      target.register(new LoggingFilter()); 
      String responseMsg = target.request().get(String.class); 
      System.out.println("-------------------------------------------------------"); 
      System.out.println(responseMsg); 
      System.out.println("-------------------------------------------------------"); 
      // 

     } 

     public static void sslRestClientGET() throws KeyManagementException, IOException, NoSuchAlgorithmException { 
      // 
      // 
      SSLContext sc = SSLContext.getInstance("SSL"); 
      TrustManager[] trustAllCerts = { new InsecureTrustManager() }; 
      sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
      HostnameVerifier allHostsValid = new InsecureHostnameVerifier(); 
      // 
      Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build(); 
      // 

      String baseUrl = "https://vaquarkhan.net/companyabc/efgd//criteria"; 

      // 
      c.register(HttpAuthenticationFeature.basic(userName, passWord)); 
      target = c.target(baseUrl); 
      target = target.path("vm/khan/api/v1/name").queryParam("search","%7B\"aa\":\"202\",\"bb\":\"khan\",\"tt\":\"10\",\"type\":\"OP\",\"userId\":[\"123,456\"],\"nk\":\"IM\",\"pk\":\"op\"%7D"); 

      target.register(new LoggingFilter()); 
      String responseMsg = target.request().get(String.class); 
      System.out.println("-------------------------------------------------------"); 
      System.out.println(responseMsg); 
      System.out.println("-------------------------------------------------------"); 
      // 

     } 
     //TOD need to fix 
     public static void sslRestClientPost() throws KeyManagementException, IOException, NoSuchAlgorithmException { 
      // 
      // 
      Employee employee = new Employee("123", "12345", "20", "KK", 
        null, "6786", "dfdfdf", "we", "sdsdsdsds", "4", "4"); 
      // 
      SSLContext sc = SSLContext.getInstance("SSL"); 
      TrustManager[] trustAllCerts = { new InsecureTrustManager() }; 
      sc.init(null, trustAllCerts, new java.security.SecureRandom()); 
      HostnameVerifier allHostsValid = new InsecureHostnameVerifier(); 
      // 
      Client c = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build(); 
      // 

      String baseUrl = "https://vaquar/khan/api/v1/name"; 

      c.register(HttpAuthenticationFeature.basic(userName, passWord)); 
      target = c.target(baseUrl); 
      target.register(new LoggingFilter()); 
      // 
      Response response = target.request().put(Entity.json(employee)); 
      String output = response.readEntity(String.class); 
      // 
      System.out.println("-------------------------------------------------------"); 
      System.out.println(output); 
      System.out.println("-------------------------------------------------------"); 

     } 

     public static void URI(String myURL){ 

      try { 
       URL url = new URL(myURL); 
       String nullFragment = null; 
       URI uri = new java.net.URI(url.getProtocol(), url.getHost(), url.getPath(), url.getQuery(), nullFragment); 
       System.out.println("URI " + uri.toString() + " is OK"); 
      } catch (MalformedURLException e) { 
       System.out.println("URL " + myURL + " is a malformed URL"); 
      } catch (URISyntaxException e) { 
       System.out.println("URI " + myURL + " is a malformed URL"); 
      } 
      } 
    }