Java 8 Java客户端和Apple pay server之间的双向TLS(1.2)
努力实现: 根据Apple Pay for Web的要求,需要2路TLS 1.2。在我的例子中,我试图用json负载(可以说是客户端)从java攻击apple pay服务器。 我的关注点: 1) 是否有任何命令列出所有受支持的密码套件?在Java1.8上运行 2) 将HttpsURLconnection.openconnection设置为TLS1.2时需要什么 3) 任何我可以实现这种连接的示例代码 4) 需要什么设置,如证书和私钥 任何帮助都是有用的。 我知道我问了一些非常直接的问题,但我会继续在这篇文章中添加更具体的问题 更新:前3点完成。 现在仅讨论第4点:我将通过转换为cert.p12文件并另存为新密钥库来发送文件密钥和证书Java 8 Java客户端和Apple pay server之间的双向TLS(1.2),java-8,tomcat7,tls1.2,applepay,applepayjs,Java 8,Tomcat7,Tls1.2,Applepay,Applepayjs,努力实现: 根据Apple Pay for Web的要求,需要2路TLS 1.2。在我的例子中,我试图用json负载(可以说是客户端)从java攻击apple pay服务器。 我的关注点: 1) 是否有任何命令列出所有受支持的密码套件?在Java1.8上运行 2) 将HttpsURLconnection.openconnection设置为TLS1.2时需要什么 3) 任何我可以实现这种连接的示例代码 4) 需要什么设置,如证书和私钥 任何帮助都是有用的。 我知道我问了一些非常直接的问题,但我会
openssl x509 -inform der -in merchant_id.cer -out merchant_id.pem
openssl pkcs12 -nodes -export -in merchant_id.pem -inkey clientprivate.key -out cert.p12 -name "Certificate"
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=cert.p12 -Djavax.net.debug=ssl
*ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
* Certificate chain
** ECDHClientKeyExchange
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:
*
main, WRITE: TLSv1.2 Handshake, length = 64
main, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 48
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(factory);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setRequestProperty("Accept", "application/json");
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(jsonInString.getBytes("UTF-8"));
conn.getOutputStream();
使用java 1.8按照询问的顺序给出一般答案
System.setProperty(“https.protocols”,“TLSv1.2”)按照问题的顺序给出一般答案
System.setProperty(“https.protocols”,“TLSv1.2”)谢谢yyf。以上三点已经解决了。但是我严重地陷入了第四点。我通过添加密钥库来发送密钥和证书。但是在ServerHello之后,我得到了以下错误:WRITE:TLSv1.2握手,长度=64 main,处理异常:java.net.SocketException:Connection reset%%Invalidated:[Session-1,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]main,发送TLSv1.2警报:致命,描述=意外消息main,WRITE:TLSv1.2警报,长度=48 main,异常发送警报:java.net.SocketException:Connection reset by peer:socket write error main,名为closeSocket(),在使其正常工作之前,我也做了很多努力。。。我从苹果下载了证书,并从中提取了一个cert
openssl pkcs12-nockers-in-merchant_id.pem-inkey clientprivate.key-out cert.p12openssl pkcs12-nocerts-in-merchant_id.pem-inkey clientprivate.key-out key.p12openssl pkcs12-nockers-in-merchant_id.pem-inkey clientprivate.key-out cert.p12openssl pkcs12-nocerts-in-merchant_id.pem-inkey clientprivate.key-out key.p12