我们的应用程序部署在使用IBM java 1.6.0_26的Websphere(在solaris Os中),此Java版本不支持TLSv1.2协议。
注意:下面的代码在我的本地计算机上使用Oracle java 1.6.0_26版本可以正常工作,但不适用于IBM 1.6.0_26版本。**
下面是我的代码
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.Security;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
public class TestClient{
public static void main(String[] args) throws IOException {
try {
System.out.println("java version---"+System.getProperty("java.version"));
System.out.println("java path---"+System.getProperty("java.home"));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext= SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, null , null);
String https_url = "xxxxxxxxxxxxxxxx";
String json = "xxxxxxxxxxxxxxxx";
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setConnectTimeout(5000);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(json.getBytes("UTF-8"));
os.close();
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
System.out.println("\nWebService Response:\n\n");
System.out.println("\n\n"+response+"\n\n");
in.close();
conn.disconnect();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
以上代码的输出:
-bash-3.2$ javac TestClient.java
-bash-3.2$ java TestClient
java version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.security.KeyManagementException: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.selectKeyManager(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(SSLContext.java:27)
at Testtt.main(Testtt.java:40)
Caused by: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:16)
... 4 more
-bash-3.2$
请帮助我如何解决此问题!....
编辑1:我在代码中添加了以下两行:Security.setProperty(“ ssl.KeyManagerFactory.algorithm”,“ PKIX”);Security.setProperty(“ ssl.TrustManagerFactory.algorithm”,“ PKIX”);
但是现在错误出现在outputstream:
ava version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
at Testtt.main(Testtt.java:38)
-bash-3.2$
BCJSSE应该与它自己的KeyManagerFactory和TrustManagerFactory一起使用。在java.security中如下修改这些选项可能会有所帮助:
ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
但是,您显示的堆栈跟踪来自1.61之前的某些BC版本。您报告尝试使用1.64,因此您的类路径中必须有其他jar(例如,有时应用程序服务器包含BC jar)。请找到这些额外功能并将其删除,否则您可能会遇到其他各种问题。