无法在 IBM java 1.6.0_26 中为 Tlsv1.2 使用 Bouncy Castle
Unable use Bouncy Castle for Tlsv1.2 in IBM java 1.6.0_26
我们的应用程序部署在使用IBM java 1.6.0_26的Websphere(in solaris Os),这个java版本不支持TLSv1.2 协议。
- 我在我的代码中添加了充气城堡供应商,因为我在 /opt/IBM/WebSphere/AppServer/java/jre/lib 和 [=51= 中添加了 bcprov-jdk15on-164 和 bctls-jdk15on-164 罐子]/分机
- 我还尝试在 java.security 文件的顶部位置添加充气城堡安全提供程序,如下所示,
security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider;
security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
注意:以下代码在我使用 Oracle java 1.6.0_26 版本的本地机器上运行良好,但不适用于 IBM 1.6.0_26 版本。**
下面是我的代码
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.Security;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
public class TestClient{
public static void main(String[] args) throws IOException {
try {
System.out.println("java version---"+System.getProperty("java.version"));
System.out.println("java path---"+System.getProperty("java.home"));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext= SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, null , null);
String https_url = "xxxxxxxxxxxxxxxx";
String json = "xxxxxxxxxxxxxxxx";
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setConnectTimeout(5000);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(json.getBytes("UTF-8"));
os.close();
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
System.out.println("\nWebService Response:\n\n");
System.out.println("\n\n"+response+"\n\n");
in.close();
conn.disconnect();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
以上代码的输出:
-bash-3.2$ javac TestClient.java
-bash-3.2$ java TestClient
java version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.security.KeyManagementException: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.selectKeyManager(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(SSLContext.java:27)
at Testtt.main(Testtt.java:40)
Caused by: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:16)
... 4 more
-bash-3.2$
请帮我解决这个问题!....
编辑 1:
我在代码中添加了以下两行:
Security.setProperty("ssl.KeyManagerFactory.algorithm","PKIX");
Security.setProperty("ssl.TrustManagerFactory.algorithm","PKIX");
但现在错误在输出流:
java path---/opt/IBM/WebSphere/AppServer/java/jre
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.tls.disabledAlgorithms] defaulted to: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.certpath.disabledAlgorithms] defaulted to: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi getDefaultTrustStore
INFO: Initializing with trust store at path: /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
at Testtt.main(Testtt.java:38)
BCJSSE 应该与它自己的 KeyManagerFactory 和 TrustManagerFactory 一起使用。在 java.security:
中修改这些选项可能会有帮助
ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
但是,您显示的堆栈跟踪来自 1.61 之前的某个 BC 版本。您报告尝试使用 1.64,因此您的 class 路径中某处必须有额外的 jar(例如,有时应用程序服务器包含 BC jar)。请找到多余的部分并将其删除,否则您可能会 运行 陷入各种其他问题。
我们的应用程序部署在使用IBM java 1.6.0_26的Websphere(in solaris Os),这个java版本不支持TLSv1.2 协议。
- 我在我的代码中添加了充气城堡供应商,因为我在 /opt/IBM/WebSphere/AppServer/java/jre/lib 和 [=51= 中添加了 bcprov-jdk15on-164 和 bctls-jdk15on-164 罐子]/分机
- 我还尝试在 java.security 文件的顶部位置添加充气城堡安全提供程序,如下所示, security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider; security.provider.2=org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
注意:以下代码在我使用 Oracle java 1.6.0_26 版本的本地机器上运行良好,但不适用于 IBM 1.6.0_26 版本。**
下面是我的代码
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.Security;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
public class TestClient{
public static void main(String[] args) throws IOException {
try {
System.out.println("java version---"+System.getProperty("java.version"));
System.out.println("java path---"+System.getProperty("java.home"));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext= SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, null , null);
String https_url = "xxxxxxxxxxxxxxxx";
String json = "xxxxxxxxxxxxxxxx";
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setConnectTimeout(5000);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(json.getBytes("UTF-8"));
os.close();
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
System.out.println("\nWebService Response:\n\n");
System.out.println("\n\n"+response+"\n\n");
in.close();
conn.disconnect();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
以上代码的输出:
-bash-3.2$ javac TestClient.java
-bash-3.2$ java TestClient
java version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.security.KeyManagementException: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.selectKeyManager(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(SSLContext.java:27)
at Testtt.main(Testtt.java:40)
Caused by: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:16)
... 4 more
-bash-3.2$
请帮我解决这个问题!....
编辑 1: 我在代码中添加了以下两行: Security.setProperty("ssl.KeyManagerFactory.algorithm","PKIX"); Security.setProperty("ssl.TrustManagerFactory.algorithm","PKIX");
但现在错误在输出流:
java path---/opt/IBM/WebSphere/AppServer/java/jre
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.tls.disabledAlgorithms] defaulted to: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.certpath.disabledAlgorithms] defaulted to: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi getDefaultTrustStore
INFO: Initializing with trust store at path: /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
at Testtt.main(Testtt.java:38)
BCJSSE 应该与它自己的 KeyManagerFactory 和 TrustManagerFactory 一起使用。在 java.security:
中修改这些选项可能会有帮助ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
但是,您显示的堆栈跟踪来自 1.61 之前的某个 BC 版本。您报告尝试使用 1.64,因此您的 class 路径中某处必须有额外的 jar(例如,有时应用程序服务器包含 BC jar)。请找到多余的部分并将其删除,否则您可能会 运行 陷入各种其他问题。