jdk1.6 支持 tls1.2协议 并忽略身份验证

jdk1.6不支持tls1.2协议,jdk1.8默认支持,比较好的解决方案是升级jdk,但是升级jdk风险极大。不能升级jdk的情况下,可以使用如下方式。

引入依赖

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.54</version>
</dependency>

创建协议工厂

import java.io.*;
import java.net.UnknownHostException;
import java.security.*;
import java.security.cert.*;
import java.util.*;

import javax.net.ssl.*;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.*;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

public class TLSSocketConnectionFactory extends SSLSocketFactory {

    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
            boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { throw new UnsupportedOperationException(); }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { throw new UnsupportedOperationException(); }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }

                    @Override public String getCipherSuite() { throw new UnsupportedOperationException(); }
                    @Override public long getCreationTime() { throw new UnsupportedOperationException(); }
                    @Override public byte[] getId() { throw new UnsupportedOperationException(); }
                    @Override public long getLastAccessedTime() { throw new UnsupportedOperationException(); }
                    @Override public java.security.cert.Certificate[] getLocalCertificates() { throw new UnsupportedOperationException(); }
                    @Override public Principal getLocalPrincipal() { throw new UnsupportedOperationException(); }
                    @Override public int getPacketBufferSize() { throw new UnsupportedOperationException(); }
                    @Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                    @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                    @Override public String getPeerHost() { throw new UnsupportedOperationException(); }
                    @Override public int getPeerPort() { return 0; }
                    @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                    @Override public String getProtocol() { throw new UnsupportedOperationException(); }
                    @Override public SSLSessionContext getSessionContext() { throw new UnsupportedOperationException(); }
                    @Override public Object getValue(String arg0) { throw new UnsupportedOperationException(); }
                    @Override public String[] getValueNames() { throw new UnsupportedOperationException(); }
                    @Override public void invalidate() { throw new UnsupportedOperationException(); }
                    @Override public boolean isValid() { throw new UnsupportedOperationException(); }
                    @Override public void putValue(String arg0, Object arg1) { throw new UnsupportedOperationException(); }
                    @Override public void removeValue(String arg0) { throw new UnsupportedOperationException(); }
            };
        }

        @Override public String[] getSupportedProtocols() { return null; }
        @Override public boolean getUseClientMode() { return false; }
        @Override public boolean getWantClientAuth() { return false; }
        @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
        @Override public void setEnableSessionCreation(boolean arg0) { }
        @Override public void setEnabledCipherSuites(String[] arg0) { }
        @Override public void setEnabledProtocols(String[] arg0) { }
        @Override public void setNeedClientAuth(boolean arg0) { }
        @Override public void setUseClientMode(boolean arg0) { }
        @Override public void setWantClientAuth(boolean arg0) { }
        @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {

                            @Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                   // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}
import org.apache.http.Consts;

import javax.net.ssl.HttpsURLConnection;
import java.io.*;
import java.net.URL;

public class HttpsUtils {

    /**
     * content-type类型为xml方式发送post请求
     *
     * @param urlPath
     * @param data
     * @param charSet
     * @return
     */
    public static String postXml(String urlPath, String data, String charSet) {
        String result = httpPostData(urlPath, data, charSet, null, "application/xml", "application/xml");
        return result;
    }

    private static String httpPostData(String urlPath, String data, String charSet, String[] header, String contentType, String accpect) {
        String result = null;
        URL url = null;
        HttpsURLConnection httpurlconnection = null;
        OutputStreamWriter out = null;
        BufferedReader reader = null;
        try {
            url = new URL(urlPath);
            httpurlconnection = (HttpsURLConnection) url.openConnection();
            httpurlconnection.setSSLSocketFactory(new TSLSocketConnectionFactory());
            httpurlconnection.setDoInput(true);
            httpurlconnection.setDoOutput(true);

            if (header != null) {
                for (int i = 0; i < header.length; i++) {
                    String[] content = header[i].split(":");
                    httpurlconnection.setRequestProperty(content[0], content[1]);
                }
            }

            httpurlconnection.setRequestMethod("POST");
            httpurlconnection.setRequestProperty("Content-Type", contentType);
            if (null != accpect) {
                httpurlconnection.setRequestProperty("Accpect", accpect);
            }

            httpurlconnection.connect();
            out = new OutputStreamWriter(httpurlconnection.getOutputStream(), charSet); // utf-8编码
            out.append(data);
            out.flush();
            out.close();

            int code = httpurlconnection.getResponseCode();

            if (code == 200) {
                // 读取响应
                int length = (int) httpurlconnection.getContentLength();// 获取长度
                InputStream is = httpurlconnection.getInputStream();
                reader = new BufferedReader(new InputStreamReader(is));
                String line = reader.readLine();
                StringBuilder builder = new StringBuilder();
                while (line != null) {
                    builder.append(line);
                    line = reader.readLine();
                }
                result = builder.toString();
            } else {
                // TODO
            }
        } catch (Exception e) {
            // TODO
        } finally {
            url = null;
            if (httpurlconnection != null) {
                httpurlconnection.disconnect();
            }
            try {
                if (out != null) {
                    out.close();
                }
                if (reader != null) {
                    reader.close();
                }
            } catch (IOException e) {
                // TODO
            }
        }
        return result;
    }

    public static void main(String[] args) throws Exception {
        String dtdXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?><!DOCTYPE cXML SYSTEM \"http://xml.cxml.org/schemas/cXML/1.2.014/cXML.dtd\"><cXML timestamp=\"2017-01-19T19:56:30\" payloadID=\"bac4b4a82e3342da919c7b427ee0fef2\"><Header><From><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity></Credential></From><To><Credential domain=\"NetworkID\"><Identity>Didipur</Identity></Credential></To><Sender><Credential domain=\"NetworkID\"><Identity>JDVEP4DIDI</Identity><SharedSecret>OGNmNGM3OGYtNWJhYi00ZTUwLTk0YTYtODAwZDVmYTU4NjMx</SharedSecret></Credential><UserAgent>JD VEP</UserAgent></Sender></Header><Message><PunchOutOrderMessage><BuyerCookie>3e3e68a280f45796cc24e59573e88ef7</BuyerCookie><PunchOutOrderMessageHeader operationAllowed=\"edit\"><Total><Money currency=\"CNY\">102.00</Money></Total><Shipping><Money currency=\"CNY\">0.00</Money><Description xml:lang=\"zh-CN\">运费</Description></Shipping></PunchOutOrderMessageHeader><ItemIn quantity=\"1\"><ItemID><SupplierPartID>102196</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">102.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">维氏VICTORINOX瑞士军刀星座系列双鱼座0.6223.2PISC</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn><ItemIn quantity=\"1\"><ItemID><SupplierPartID>150706</SupplierPartID><SupplierPartAuxiliaryID>46666778472</SupplierPartAuxiliaryID></ItemID><ItemDetail><UnitPrice><Money currency=\"CNY\">0.00</Money></UnitPrice><Description xml:lang=\"zh-CN\">锐步Reebok女短袖T恤R537589 M码</Description><UnitOfMeasure>EA</UnitOfMeasure></ItemDetail></ItemIn></PunchOutOrderMessage></Message></cXML>";
        String url = "https://www.baidu.com";
        String result = "";
//                postXml(url, dtdXml, "UTF-8");
        result = httpPostData(url, dtdXml, Consts.UTF_8.name(), null, "application/xml", "application/xml");
        System.out.println(result);
    }

}
时间: 2024-10-03 01:50:24

jdk1.6 支持 tls1.2协议 并忽略身份验证的相关文章

用户不能用质询握手身份验证协议(CHAP)作身份验证

错误提示: 用户不能用质询握手身份验证协议(CHAP)作身份验证.没有此用户的可逆加密的密码.为了确保启用了可逆加密的密码,可以检查网域密码策略或用户帐户上的密码设置. 解决办法:I had that policy set and it was not fixing my issue.  The reason why it wasn't fixing my issue, once you have this policy set you have to reset the password. 

游戏协议加密及身份验证

时间如白驹过隙,一眨眼就过去了,本打算在2月份发这篇的,结果一直误以为2月有31日-- 这一块之前一直感兴趣,终于在2月份争取到机会去做这一块的工作.前辈给我留下了一个鉴权的框架: 客户端连接服务器 服务器将随机数发给客户端 客户端用客户端私钥加密,发回到服务器 服务器端用客户端公钥解开密文,比对解开的随机数是否与原来的一致 如果一致,则客户端发送随机数到服务器,服务器用服务器端私钥加密,将密文发送到客户端:同时,产生新的随机数,用于稍后对会话进行rc4加密,并将这个随机数以客户端公钥加密,发送

CentOS6下基于Nginx搭建mp4/flv流媒体服务器(可随意拖动)并支持RTMP/HLS协议(含转码工具)

1.先添加几个RPM下载源 1.1)安装RPMforge的CentOS6源      [[email protected] ~]# wget -c http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm      [[email protected] ~]# rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt      [[email 

SQL Server 2008, 2008 R2, 2012 and 2014 完全支持TLS1.2加密传输

SQL Server 2008, 2008 R2, 2012 and 2014 完全支持TLS1.2加密传输 微软高兴地宣布所有主流SQL Server客户端驱动和SQL Server发行版已经支持Transport Layer Security 1.2简称TLS 1.2. 发布时间是 2016年1月29日,这次发布提供了SQL Server 2008, SQL Server 2008 R2, SQL Server 2012 and SQL Server 2014对TLS1.2的完全支持. 支持

SQL 2005远程连接是出错(provider: SQL 网络接口, error: 28 - 服务器不支持请求的协议

SQL 2005远程连接是出错(provider: SQL 网络接口, error: 28 - 服务器不支持请求的协议 sql远程连接服务器网络sql serversqlserver 解决方法:在服务器端:打开SQL2005的SQL Server Management Studio程序 (1)连接数据库, (2)在试图菜单下选择已注册的服务器 如果出来的窗口中没有东东,则对数据库引擎右击选择更新本地服务器注册 (3)对准本地希望远程访问的数据库,右击选择SQL Server 配置管理器 (4)在

C#不支持此安全协议

开始在本地调用HTTPS接口的时候,程序抛出”基础连接已关闭“的错误. 后来在代码中加上: ServicePointManager.ServerCertificateValidationCallback = delegate { return true; }; ServicePointManager.SecurityProtocol = (SecurityProtocolType)192 | (SecurityProtocolType)768 | (SecurityProtocolType)30

出现身份验证错误,要求的函数不受支持(这可能是由于CredSSP加密Oracle修正)

问题描述: 从5月8\9日开始客户端Win10\WinSer2016突然无法访问测试环境下所有远程Win Ser2012/16资源,提示"出现身份验证错误.要求的函数不受支持... 这可能是由于CredSSP加密Oracle修正..." Win7中英文版本分别提示"发生身份验证错误.要求的函数不受支持"或"An authentication error has occurred and the required function is not suppor

RDO远程连接时提示“远程计算机需要网络级别身份验证,而您的计算机不支持该验证,请联系您的系统管理员或者技术人员来获得帮助”

当服务器重装操作系统后使用RDO远程连接时会出现错误提示"远程计算机需要网络级别身份验证,而您的计算机不支持该验证,请联系您的系统管理员或者技术人员来获得帮助" 如下图所示 原因是服务器版操作系统提高了安全级别,使用了网络级别的身份验证信息.RDO模拟的是WinXP系统的远程连接,安全系数较低.所以会出现在同一个win764旗舰版机器上使用系统自带的远程桌面能连接,但使用RDO就连接不上去的情况. 解决方法如下:  第一步: 使用系统自带的远程桌面(mstsc.exe)连接服务器, 运

Windows XP SP3远程桌面连接支持网络级身份验证配置

知识点:网络级别身份验证 (NLA) 是一项新的身份验证方法,即在您建立完整的远程桌面连接前就完成了用户身份验证并显示登录屏幕.它是一项更加安全的身份验证方法,可以防止远程计算机受到 黑客或恶意软件的攻击.NLA 的优点是: 最初只需要少量的远程计算机资源.对用户进行身份验证之前,远程计算机仅使用有限的资源,而不是像在先前版本中启动整个远程桌面连接.  可以通过降低拒绝服务攻击(尝试限制或阻止访问 Internet)的风险提供更高的安全保障.  使用远程计算机身份验证可以防止我们连接到因恶意目的