jdk1.6 支持 tls1.2协议 并忽略身份验证
jdk1.6不支持tls1.2协议,jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。
引入依赖
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.54</version>
</dependency>
创建协议工厂
import java.io.*;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*; import javax.net.ssl.*;
import javax.security.cert.X509Certificate; import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider; public class TLSSocketConnectionFactory extends SSLSocketFactory { static {
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
Security.addProvider(new BouncyCastleProvider());
}
} @Override
public Socket createSocket(Socket socket, final String host, int port,
boolean arg3) throws IOException {
if (socket == null) {
socket = new Socket();
}
if (!socket.isConnected()) {
socket.connect(new InetSocketAddress(host, port));
} final TlsClientProtocol tlsClientProtocol = new TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new SecureRandom()); return _createSSLSocket(host, tlsClientProtocol);
} @Override public String[] getDefaultCipherSuites() { return null; }
@Override public String[] getSupportedCipherSuites() { return null; }
@Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
@Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
@Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
@Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); } private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
return new SSLSocket() {
private java.security.cert.Certificate[] peertCerts; @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
@Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
@Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
@Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
@Override public boolean getEnableSessionCreation() { return false; }
@Override public String[] getEnabledCipherSuites() { return null; }
@Override public String[] getEnabledProtocols() { return null; }
@Override public boolean getNeedClientAuth() { return false; } @Override
public SSLSession getSession() {
return new SSLSession() { @Override
public int getApplicationBufferSize() {
return 0;
} @Override public String getCipherSuite() { throw new UnsupportedOperationException(); }
@Override public long getCreationTime() { throw new UnsupportedOperationException(); }
@Override public byte[] getId() { throw new UnsupportedOperationException(); }
@Override public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
@Override public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
@Override public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
@Override public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
@Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
@Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
@Override public String getPeerHost() { throw new UnsupportedOperationException(); }
@Override public int getPeerPort() { return 0; }
@Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
@Override public String getProtocol() { throw new UnsupportedOperationException(); }
@Override public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
@Override public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
@Override public String[] getValueNames() { throw new UnsupportedOperationException(); }
@Override public void invalidate() { throw new UnsupportedOperationException(); }
@Override public boolean isValid() { throw new UnsupportedOperationException(); }
@Override public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
@Override public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
};
} @Override public String[] getSupportedProtocols() { return null; }
@Override public boolean getUseClientMode() { return false; }
@Override public boolean getWantClientAuth() { return false; }
@Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
@Override public void setEnableSessionCreation(boolean arg0) { }
@Override public void setEnabledCipherSuites(String[] arg0) { }
@Override public void setEnabledProtocols(String[] arg0) { }
@Override public void setNeedClientAuth(boolean arg0) { }
@Override public void setUseClientMode(boolean arg0) { }
@Override public void setWantClientAuth(boolean arg0) { }
@Override public String[] getSupportedCipherSuites() { return null; } @Override
public void startHandshake() throws IOException {
tlsClientProtocol.connect(new DefaultTlsClient() { @SuppressWarnings("unchecked")
@Override
public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
if (clientExtensions == null) {
clientExtensions = new Hashtable<Integer, byte[]>();
} //Add host_name
byte[] host_name = host.getBytes(); final ByteArrayOutputStream baos = new ByteArrayOutputStream();
final DataOutputStream dos = new DataOutputStream(baos);
dos.writeShort(host_name.length + 3);
dos.writeByte(0);
dos.writeShort(host_name.length);
dos.write(host_name);
dos.close();
clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
return clientExtensions;
} @Override
public TlsAuthentication getAuthentication() throws IOException {
return new TlsAuthentication() { @Override
public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
try {
KeyStore ks = _loadKeyStore(); CertificateFactory cf = CertificateFactory.getInstance("X.509");
List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
boolean trustedCertificate = false;
for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
certs.add(cert); String alias = ks.getCertificateAlias(cert);
if(alias != null) {
if (cert instanceof java.security.cert.X509Certificate) {
try {
( (java.security.cert.X509Certificate) cert).checkValidity();
trustedCertificate = true;
} catch(CertificateExpiredException cee) {
// Accept all the certs!
}
}
} else {
// Accept all the certs!
} }
if (!trustedCertificate) {
// Accept all the certs!
}
peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException(ex);
}
} @Override
public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
return null;
} private KeyStore _loadKeyStore() throws Exception {
FileInputStream trustStoreFis = null;
try {
KeyStore localKeyStore = null; String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):""; if (trustStoreType.length() != 0) {
if (trustStoreProvider.length() == 0) {
localKeyStore = KeyStore.getInstance(trustStoreType);
} else {
localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
} char[] keyStorePass = null;
String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):""; if (str5.length() != 0) {
keyStorePass = str5.toCharArray();
} localKeyStore.load(trustStoreFis, keyStorePass); if (keyStorePass != null) {
for (int i = 0; i < keyStorePass.length; i++) {
keyStorePass[i] = 0;
}
}
}
return localKeyStore;
} finally {
if (trustStoreFis != null) {
trustStoreFis.close();
}
}
}
};
} });
} // startHandshake
};
}
}
import org.apache.http.Consts; import javax.net.ssl.HttpsURLConnection;
import java.io.*;
import java.net.URL; public class HttpsUtils { /**
* content-type类型为xml方式发送post请求
*
* @param urlPath
* @param data
* @param charSet
* @return
*/
public static String postXml(String urlPath, String data, String charSet) {
String result = httpPostData(urlPath, data, charSet, null, "application/xml", "application/xml");
return result;
} private static String httpPostData(String urlPath, String data, String charSet, String[] header, String contentType, String accpect) {
String result = null;
URL url = null;
HttpsURLConnection httpurlconnection = null;
OutputStreamWriter out = null;
BufferedReader reader = null;
try {
url = new URL(urlPath);
httpurlconnection = (HttpsURLConnection) url.openConnection();
httpurlconnection.setSSLSocketFactory(new TSLSocketConnectionFactory());
httpurlconnection.setDoInput(true);
httpurlconnection.setDoOutput(true); if (header != null) {
for (int i = 0; i < header.length; i++) {
String[] content = header[i].split(":");
httpurlconnection.setRequestProperty(content[0], content[1]);
}
} httpurlconnection.setRequestMethod("POST");
httpurlconnection.setRequestProperty("Content-Type", contentType);
if (null != accpect) {
httpurlconnection.setRequestProperty("Accpect", accpect);
} httpurlconnection.connect();
out = new OutputStreamWriter(httpurlconnection.getOutputStream(), charSet); // utf-8编码
out.append(data);
out.flush();
out.close(); int code = httpurlconnection.getResponseCode(); if (code == 200) {
// 读取响应
int length = (int) httpurlconnection.getContentLength();// 获取长度
InputStream is = httpurlconnection.getInputStream();
reader = new BufferedReader(new InputStreamReader(is));
String line = reader.readLine();
StringBuilder builder = new StringBuilder();
while (line != null) {
builder.append(line);
line = reader.readLine();
}
result = builder.toString();
} else {
// TODO
}
} catch (Exception e) {
// TODO
} finally {
url = null;
if (httpurlconnection != null) {
httpurlconnection.disconnect();
}
try {
if (out != null) {
out.close();
}
if (reader != null) {
reader.close();
}
} catch (IOException e) {
// TODO
}
}
return result;
} public static void main(String[] args) throws Exception {
String dtdXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE cXML SYSTEM \"http://xml.cxml.org/schemas/cXML/1.2.014/cXML.dtd\"><cXML timestamp=\"2017-01-19T19:56:30\" payloadID=\"bac4b4a82e3342da919c7b427ee0fef2\"><Header><From><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity></Credential></From><To><Credential domain=\"NetworkID\"><Identity>Didipur</Identity></Credential></To><Sender><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity><SharedSecret>OGNmNGM3OGYtNWJhYi00ZTUwLTk0YTYtODAwZDVmYTU4NjMx</SharedSecret></Credential><UserAgent>JD VEP</UserAgent></Sender></Header><Message><PunchOutOrderMessage><BuyerCookie>3e3e68a280f45796cc24e59573e88ef7</BuyerCookie><PunchOutOrderMessageHeader operationAllowed=\"edit\"><Total><Money currency=\"CNY\">102.00</Money></Total><Shipping><Money currency=\"CNY\">0.00</Money><Description xml:lang=\"zh-CN\">运费</Description></Shipping></PunchOutOrderMessageHeader><ItemIn quantity=\"1\"><ItemID><SupplierPartID>102196</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">102.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">维氏VICTORINOX瑞士军刀星座系列双鱼座0.6223.2PISC</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn><ItemIn quantity=\"1\"><ItemID><SupplierPartID>150706</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">0.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">锐步Reebok女短袖T恤R537589 M码</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn></PunchOutOrderMessage></Message></cXML>";
String url = "https://www.baidu.com";
String result = "";
// postXml(url, dtdXml, "UTF-8");
result = httpPostData(url, dtdXml, Consts.UTF_8.name(), null, "application/xml", "application/xml");
System.out.println(result);
} }
jdk1.6 支持 tls1.2协议 并忽略身份验证的更多相关文章
- 让.NET 4.0支持TLS1.2协议
The default System.Net.ServicePointManager.SecurityProtocol in both .NET 4.0/4.5 is SecurityProtocol ...
- httpclient4.5 https请求 忽略身份验证
import org.apache.commons.collections.MapUtils; import org.apache.http.*; import org.apache.http.cli ...
- TLS1.2协议设计原理
目录 前言 为什么需要TLS协议 发展历史 协议设计目标 记录协议 握手步骤 握手协议 Hello Request Client Hello Server Hello Certificate Serv ...
- SQL Server 2008, 2008 R2, 2012 and 2014 完全支持TLS1.2加密传输
SQL Server 2008, 2008 R2, 2012 and 2014 完全支持TLS1.2加密传输 微软高兴地宣布所有主流SQL Server客户端驱动和SQL Server发行版已经支持T ...
- CentOS6下基于Nginx搭建mp4/flv流媒体服务器(可随意拖动)并支持RTMP/HLS协议(含转码工具)
1.先添加几个RPM下载源 1.1)安装RPMforge的CentOS6源 [root@AY130611215205Z ~]# wget -c http://pkgs.repoforge.or ...
- 关于apache 开启 ssl https 支持 TLS1.2 的些事
项目背景 需要搭建一个小程序的服务器,当然要使用https协议服务器windows service 2012 r2,后台语言是php,服务集成环境装的是appserv2.5 ,apache2.2证书申 ...
- SQL 2005远程连接是出错(provider: SQL 网络接口, error: 28 - 服务器不支持请求的协议
SQL 2005远程连接是出错(provider: SQL 网络接口, error: 28 - 服务器不支持请求的协议 sql远程连接服务器网络sql serversqlserver 解决方法:在服务 ...
- Ubuntu 14.10下基于Nginx搭建mp4/flv流媒体服务器(可随意拖动)并支持RTMP/HLS协议(含转码工具)
Ubuntu 14.10下基于Nginx搭建mp4/flv流媒体服务器(可随意拖动)并支持RTMP/HLS协议(含转码工具) 最近因为项目关系,收朋友之托,想制作秀场网站,但是因为之前一直没有涉及到这 ...
- Dubbo 支持哪些序列化协议?
面试题 dubbo 支持哪些通信协议?支持哪些序列化协议?说一下 Hessian 的数据结构?PB 知道吗?为什么 PB 的效率是最高的? 面试官心理分析 上一个问题,说说 dubbo 的基本工作原理 ...
随机推荐
- 动量Momentum梯度下降算法
梯度下降是机器学习中用来使模型逼近真实分布的最小偏差的优化方法. 在普通的随机梯度下降和批梯度下降当中,参数的更新是按照如下公式进行的: W = W - αdW b = b - αdb 其中α是学习率 ...
- 【BZOJ2716】天使玩偶【kd树】
这个题要求kd树支持两个操作. 1.插入一个新的点. 2.查询某个点最近曼哈顿距离. 注意查询曼哈顿距离和查询欧几里得距离,是有区别的.(估价函数不同). #include <cstdio> ...
- DropDownList绑定数据的几种方式
1. 视图中添加可以直接通过单击属性"Items"后的按钮为某一DropDownList控件添加数据项.每添加一项数据就是添加了一个ListItem(列表控件中的数据项).这种方式 ...
- qt4.8转qt5.4
1.头文件包含 #include <QtGui/QProgressBar> #include <QtGui/QProgressDialog> #include ...
- vue项目 调用百度地图 BMap is not defined
这次老板新接了一个四点半官网页面,使用vue来写.emm……我感觉整个人都不好了,两天半解决了20个静态页面.还好vue写页面简直飞快,遇到一个vue的新坑,使用百度地图. 研究了好一会,总是报错BM ...
- T31P电子秤数据读取
连接串口后先发送"CP\r\n"激活电子秤数据发送,收到的数据包是17字节的 using System; using System.Collections.Generic; usi ...
- html 中的<script>标签
https://www.w3.org/TR/html51/semantics-scripting.html#the-script-element 一. <script type='text/ja ...
- 日志文件(关于#IRSA_MDPS_RDM软件 密码登录事项 7月26号)
1.登录:sqlplus 用户名:scott 口令:123 qweas.. //2018-7-16号更改密码 2.查看该用户(已登录)下有几个表:select table_name from user ...
- NSIS制作安装包,如何检测并卸载已有版本
将如下代码追加到NSIS脚本的尾部即可. Var UNINSTALL_PROG Function .onInit ClearErrors ReadRegStr $UNINSTALL_PROG ...
- Spring 框架简介
Spring 是一个开源框架,是为了解决企业应用程序开发复杂性而创建的.框架的主要优势之一就是其分层架构,分层架构允许您选择使用哪一个组件,同时为 J2EE 应用程序开发提供集成的框架. 在这篇由三部 ...