无法在IBM java 1.6.026中为Tlsv1.2使用Bouncy Castle
我们的应用程序部署在使用IBM java 1.6.0_26的Websphere(solaris操作系统)中,此java版本不支持TLSv1.2协议。无法在IBM java 1.6.026中为Tlsv1.2使用Bouncy Castle,java,websphere,bouncycastle,tls1.2,jdk1.6,Java,Websphere,Bouncycastle,Tls1.2,Jdk1.6,我们的应用程序部署在使用IBM java 1.6.0_26的Websphere(solaris操作系统)中,此java版本不支持TLSv1.2协议。 我在代码中添加了bouncy castle provider,在/opt/IBM/WebSphere/AppServer/java/jre/lib和/opt/IBM/WebSphere/AppServer/java/jre/lib/ext中添加了bcprov-jdk15on-164和bctls-jdk15on-164 jar 我还尝试在java.s
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.security.Security;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
public class TestClient{
public static void main(String[] args) throws IOException {
try {
System.out.println("java version---"+System.getProperty("java.version"));
System.out.println("java path---"+System.getProperty("java.home"));
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Security.removeProvider(BouncyCastleJsseProvider.PROVIDER_NAME);
Security.insertProviderAt(new BouncyCastleJsseProvider(), 2);
SSLContext sslContext= SSLContext.getInstance("TLSv1.2", BouncyCastleJsseProvider.PROVIDER_NAME);
sslContext.init(null, null , null);
String https_url = "xxxxxxxxxxxxxxxx";
String json = "xxxxxxxxxxxxxxxx";
URL url = new URL(https_url);
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setConnectTimeout(5000);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(json.getBytes("UTF-8"));
os.close();
InputStream in = new BufferedInputStream(conn.getInputStream());
String response = IOUtils.toString(in, "UTF-8");
System.out.println("\nWebService Response:\n\n");
System.out.println("\n\n"+response+"\n\n");
in.close();
conn.disconnect();
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
以上代码的输出:
-bash-3.2$ javac TestClient.java
-bash-3.2$ java TestClient
java version---1.6.0_26
java path---/opt/IBM/WebSphere/AppServer/java/jre
java.security.KeyManagementException: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.selectKeyManager(Unknown Source)
at org.bouncycastle.jsse.provider.ProvSSLContextSpi.engineInit(Unknown Source)
at javax.net.ssl.SSLContext.init(SSLContext.java:27)
at Testtt.main(Testtt.java:40)
Caused by: java.security.NoSuchAlgorithmException: IbmX509 KeyManagerFactory not available
at sun.security.jca.GetInstance.getInstance(GetInstance.java:142)
at javax.net.ssl.KeyManagerFactory.getInstance(KeyManagerFactory.java:16)
... 4 more
-bash-3.2$
请帮我解决这个问题强>
编辑1:
我在代码中添加了以下两行:
setProperty(“ssl.KeyManagerFactory.algorithm”,“PKIX”);
setProperty(“ssl.TrustManagerFactory.algorithm”、“PKIX”)
但现在错误出现在outputstream:
java path---/opt/IBM/WebSphere/AppServer/java/jre
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.tls.disabledAlgorithms] defaulted to: SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.PropertyUtils getStringSecurityProperty
WARNING: String security property [jdk.certpath.disabledAlgorithms] defaulted to: MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224
Mar 1, 2020 11:33:39 AM org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi getDefaultTrustStore
INFO: Initializing with trust store at path: /opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:168)
at com.ibm.jsse2.a.a(a.java:148)
at com.ibm.jsse2.a.a(a.java:96)
at com.ibm.jsse2.tc.a(tc.java:302)
at com.ibm.jsse2.tc.g(tc.java:208)
at com.ibm.jsse2.tc.a(tc.java:482)
at com.ibm.jsse2.tc.startHandshake(tc.java:597)
at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
at Testtt.main(Testtt.java:38)
java路径--/opt/IBM/WebSphere/AppServer/java/jre
2020年3月1日上午11:33:39 org.bouncycastle.jsse.provider.property直到getStringSecurityProperty
警告:字符串安全属性[jdk.tls.disabledAlgorithms]默认为:SSLv3、RC4、DES、MD5withRSA、DH keySize<1024、EC keySize<224、3DES\U EDE\U CBC、anon、NULL
2020年3月1日上午11:33:39 org.bouncycastle.jsse.provider.property直到getStringSecurityProperty
警告:字符串安全属性[jdk.certpath.disabledAlgorithms]默认为:MD2、MD5、SHA1 jdkCA&usage TLSServer、RSA keySize<1024、DSA keySize<1024、EC keySize<224
2020年3月1日上午11:33:39 org.bouncycastle.jsse.provider.ProvTrustManagerFactorySpi getDefaultTrustStore
信息:在路径:/opt/IBM/WebSphere/AppServer/java/jre/lib/security/cacerts处使用信任存储进行初始化
java.net.SocketException:连接重置
位于java.net.SocketInputStream.read(SocketInputStream.java:168)
位于com.ibm.jsse2.a.a(a.java:148)
位于com.ibm.jsse2.a.a(a.java:96)
com.ibm.jsse2.tc.a(tc.java:302)
com.ibm.jsse2.tc.g(tc.java:208)
com.ibm.jsse2.tc.a(tc.java:482)
位于com.ibm.jsse2.tc.startHandshake(tc.java:597)
位于com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:44)
位于com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:36)
位于sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
位于com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:66)
位于Testtt.main(Testtt.java:38)
BCJSSE应与自己的KeyManagerFactory和TrustManagerFactory一起使用。在java.security中按如下方式修改这些选项可能会有所帮助:
ssl.KeyManagerFactory.algorithm=PKIX
ssl.TrustManagerFactory.algorithm=PKIX
但是,您显示的堆栈跟踪来自1.61之前的某些BC版本。您报告尝试使用1.64,因此必须在类路径的某个位置有额外的JAR(例如,有时应用程序服务器包括BC JAR)。请找到多余的内容并将其删除,否则您可能会遇到各种其他问题。哪一行是发生错误的第40行?第40行:sslContext.init(null,null,null);您在类路径中找到重复的JAR了吗?是的,我删除了重复的JAR,现在错误不同了。现在错误可能是TLS协议失败,没有太多信息。BCJSSE对其日志消息使用Java日志API。您应该尝试为org.bounchycastle.jsse配置较低的日志记录级别