Fatal编程技术网
  • java/
  • java.net.SocketException:软件导致连接中止:使用不同jre安全性时recv失败

java.net.SocketException:软件导致连接中止:使用不同jre安全性时recv失败

java security ssl

java.net.SocketException:软件导致连接中止:使用不同jre安全性时recv失败,java,security,ssl,Java,Security,Ssl,我在尝试使用运行在同一网络中的主机上的HttpsURLConnection连接到web服务时遇到以下异常。防火墙已关闭。有趣的是,如果我在eclipse中通过默认的JavaJRE1.7环境运行以下代码,一切都会正常工作 但是如果我在有自己的jre文件夹的产品代码中使用这些函数,它会抛出以下异常- Caused by: java.net.SocketException: Software caused connection abort: recv failed at java.net.So

我在尝试使用运行在同一网络中的主机上的HttpsURLConnection连接到web服务时遇到以下异常。防火墙已关闭。有趣的是,如果我在eclipse中通过默认的JavaJRE1.7环境运行以下代码,一切都会正常工作

但是如果我在有自己的jre文件夹的产品代码中使用这些函数,它会抛出以下异常-

Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:173)
    at java.net.SocketInputStream.read(SocketInputStream.java:122)
    at com.rsa.sslj.x.aP.c(Unknown Source)
    at com.rsa.sslj.x.aP.a(Unknown Source)
    at com.rsa.sslj.x.aP.a(Unknown Source)
    at com.rsa.sslj.x.aP.h(Unknown Source)
    at com.rsa.sslj.x.cy.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
我注意到java.security文件中的安全提供者列表是不同的

这是名单-

security.provider.1=com.rsa.jsafe.provider.JsafeJCE
security.provider.2=com.rsa.jsse.JsseProvider
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
security.provider.11=sun.security.mscapi.SunMSCAPI
这些是我的职责-

private InputStream Get(URL url,String keyStoreString, String keyStorePassword) {
    SSLSocketFactory sslFactory;
    try {
        sslFactory = getSSLSocketFactory(keyStoreString, keyStorePassword);     
        javax.net.ssl.HttpsURLConnection
                .setDefaultHostnameVerifier(new  javax.net.ssl.HostnameVerifier() {
                    public boolean verify(String hostname,
                            javax.net.ssl.SSLSession sslSession) {
                        if (hostname.equals("vmm")) {
                            return true;
                        }
                        return false;
                    }
                });
        HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
        con.setSSLSocketFactory(sslFactory);
        con.setRequestMethod("GET");
        con.setRequestProperty("Accept", "application/json");
        InputStream responseStream = con.getInputStream();
        return responseStream;
      }catch (Exception e) {
        //log errer
      }
}
private SSLSocketFactory getSSLSocketFactory(String keyStoreString,
        String password) throws KeyStoreException,
        NoSuchAlgorithmException, CertificateException, IOException,
        UnrecoverableKeyException, KeyManagementException, AzureException {
      KeyStore ks = getKeyStore(keyStoreString, password);
      KeyManagerFactory keyManagerFactory = KeyManagerFactory
            .getInstance("SunX509");
      keyManagerFactory.init(ks, password.toCharArray());
      // Trustmanager which trusts all certificate. Not a good idea in
      // production code.
      final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        @Override
        public void checkClientTrusted(final X509Certificate[] chain,
                final String authType) {
        }

        @Override
        public void checkServerTrusted(final X509Certificate[] chain,
                final String authType) {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    } };

    SSLContext context = SSLContext.getInstance("TLS");
    context.init(keyManagerFactory.getKeyManagers(), trustAllCerts,
            new SecureRandom());

    return context.getSocketFactory();
}
我需要让这些函数在产品代码中工作。任何帮助都将不胜感激。提前谢谢

当RSA Jsafe的优先级高于Sun提供程序时,尝试使用SunX509 KeyManagerFactory可能会导致与幕后其他工厂的混淆

如果RSA Jsafe提供了自己的KeyManagerFactory实现,可以尝试:

KeyManagerFactory keyManagerFactory = 
    KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
除非您真的想要SunX509 KMF,否则在您的事业中使用默认算法通常是更好的选择,这样就不必依赖于特定的提供商。适用时,TrustManagerFactory也是如此。

我将KeyManagerFactory和SSLContext的提供程序显式设置为“SunJSSE”,它就工作了

KeyManagerFactory keyManagerFactory = KeyManagerFactory
            .getInstance("SunX509","SunJSSE");

SSLContext context = SSLContext.getInstance("TLS","SunJSSE");
试过这个。但我帮不了你!这是有道理的,但是为什么您要在您的生产环境中安装RSA JSSE提供程序而不使用它,因为您显然在这里强制使用Oracle/Sun JSSE提供程序?请注意,主机名验证程序和信任管理器也不安全。