我试图使用相互认证的TLS向我的服务器发送https请求。我已经成功地在TLS上使服务器工作。但是,我无法弄清楚如何在客户端(Android应用程序)上执行此操作。我在Java服务器上使用Spring。Android应用程序发出请求使用
我设法能够调用
为什么堆栈跟踪中显示SSLv3?它不使用TLSv1.2吗?Wireshark显示如下 https://ibb.co/27mpG4r。
这段代码(来自@Hakan54)创建了SSLContext:
HttpsUrlConnection()
。我设法能够调用
HttpsUrlConnection()
,我的代码如下:public void test() {
try {
URL url = new URL(this.apiUrl);
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
InputStream in = urlConnection.getInputStream();
System.out.print(in);
} catch (Exception e) {
e.printStackTrace();
}
}
我的服务器配置使用 TLSv1.2
协议。
运行 test()
抛出以下错误:
W/System.err: javax.net.ssl.SSLHandshakeException: Handshake failed
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:288)
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:196)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:153)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:116)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:186)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:128)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:97)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:289)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:232)
W/System.err: at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:465)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getResponse(HttpURLConnectionImpl.java:411)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.getInputStream(HttpURLConnectionImpl.java:248)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.getInputStream(DelegatingHttpsURLConnection.java:211)
W/System.err: at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:30)
at nl.management.finance.client.RaboClient.test(RaboClient.java:64)
at nl.management.finance.MainActivity$RESTTask.doInBackground(MainActivity.java:31)
at nl.management.finance.MainActivity$RESTTask.doInBackground(MainActivity.java:25)
at android.os.AsyncTask$3.call(AsyncTask.java:378)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:289)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:919)
Caused by: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x703daa2ff448: Failure in SSL library, usually a protocol error
error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_CERTIFICATE (external/boringssl/src/ssl/tls_record.cc:587 0x703daa2b1148:0x00000001)
at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:387)
at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:226)
... 22 more
为什么堆栈跟踪中显示SSLv3?它不使用TLSv1.2吗?Wireshark显示如下 https://ibb.co/27mpG4r。
这段代码(来自@Hakan54)创建了SSLContext:
public class SSLTrustManagerHelper {
private InputStream keyStore;
private String keyStorePassword;
private InputStream trustStore;
private String trustStorePassword;
public SSLTrustManagerHelper(InputStream keyStore,
String keyStorePassword,
InputStream trustStore,
String trustStorePassword) throws ClientException {
if (keyStore == null || keyStorePassword.trim().isEmpty() || trustStore == null || trustStorePassword.trim().isEmpty()) {
throw new ClientException("TrustStore or KeyStore details are empty, which are required to be present when SSL is enabled");
}
this.keyStore = keyStore;
this.keyStorePassword = keyStorePassword;
this.trustStore = trustStore;
this.trustStorePassword = trustStorePassword;
}
public SSLContext clientSSLContext() throws ClientException {
try {
TrustManagerFactory trustManagerFactory = getTrustManagerFactory(trustStore, trustStorePassword);
KeyManagerFactory keyManagerFactory = getKeyManagerFactory(keyStore, keyStorePassword);
this.keyStore.close();
this.trustStore.close();
return getSSLContext(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers());
} catch (UnrecoverableKeyException | NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException | KeyManagementException e) {
e.printStackTrace();
throw new ClientException(e);
}
}
private static SSLContext getSSLContext(KeyManager[] keyManagers, TrustManager[] trustManagers) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, trustManagers, null);
return sslContext;
}
private static KeyManagerFactory getKeyManagerFactory(InputStream keystore, String keystorePassword) throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException, UnrecoverableKeyException, ClientException {
KeyStore keyStore = loadKeyStore(keystore, keystorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
return keyManagerFactory;
}
private static TrustManagerFactory getTrustManagerFactory(InputStream truststore, String truststorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, ClientException {
KeyStore trustStore = loadKeyStore(truststore, truststorePassword);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return trustManagerFactory;
}
private static KeyStore loadKeyStore(InputStream keystoreStream, String keystorePassword) throws ClientException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
if (keystoreStream == null) {
throw new ClientException("keystore was null.");
}
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(keystoreStream, keystorePassword.toCharArray());
return keystore;
}
}
InputStream keystore = getResources().openRawResource(getResources().getIdentifier("keystore_v1", "raw", this.getPackageName()));
作为 SSLTrustManagerHelper 构造函数的 truststore 参数,并将其重用为 keystore 参数?如果你两次使用相同的 inputstream,你将会得到一个 EOFException。 - Hakan54BKS
文件拆分成一个密钥库和一个信任库? - keesjanbertus-Djavax.net.debug=SSL,keymanager,trustmanager,ssl:handshake
。 - Hakan54