创建以下SSLSocketFactory工厂实现,在请求客户端设置该工厂即可解决该报错。
import javax.net.ssl.*;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
public class TLSSocketFactory extends SSLSocketFactory {
private SSLSocketFactory mInternalSSLSocketFactory;
public TLSSocketFactory() throws SSLException {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init((KeyManager[])null, (TrustManager[])null, (SecureRandom)null);
this.mInternalSSLSocketFactory = sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException var2) {
throw new SSLException(var2.getMessage());
} catch (KeyManagementException var3) {
throw new SSLException(var3.getMessage());
}
}
public TLSSocketFactory(InputStream certificateStream) throws SSLException {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load((InputStream)null, (char[])null);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates = cf.generateCertificates(certificateStream);
Iterator var5 = certificates.iterator();
while(var5.hasNext()) {
Certificate cert = (Certificate)var5.next();
if (cert instanceof X509Certificate) {
String subject = ((X509Certificate)cert).getSubjectDN().getName();
keyStore.setCertificateEntry(subject, cert);
}
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init((KeyManager[])null, tmf.getTrustManagers(), (SecureRandom)null);
this.mInternalSSLSocketFactory = sslContext.getSocketFactory();
} catch (Exception var18) {
throw new SSLException(var18.getMessage());
} finally {
try {
certificateStream.close();
} catch (IOException var16) {
} catch (NullPointerException var17) {
}
}
}
public String[] getDefaultCipherSuites() {
return this.mInternalSSLSocketFactory.getDefaultCipherSuites();
}
public String[] getSupportedCipherSuites() {
return this.mInternalSSLSocketFactory.getSupportedCipherSuites();
}
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return this.enableTLSOnSocket(this.mInternalSSLSocketFactory.createSocket(s, host, port, autoClose));
}
public Socket createSocket(String host, int port) throws IOException {
return this.enableTLSOnSocket(this.mInternalSSLSocketFactory.createSocket(host, port));
}
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
return this.enableTLSOnSocket(this.mInternalSSLSocketFactory.createSocket(host, port, localHost, localPort));
}
public Socket createSocket(InetAddress host, int port) throws IOException {
return this.enableTLSOnSocket(this.mInternalSSLSocketFactory.createSocket(host, port));
}
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return this.enableTLSOnSocket(this.mInternalSSLSocketFactory.createSocket(address, port, localAddress, localPort));
}
private Socket enableTLSOnSocket(Socket socket) {
if (socket instanceof SSLSocket) {
ArrayList<String> supportedProtocols = new ArrayList(Arrays.asList(((SSLSocket)socket).getSupportedProtocols()));
supportedProtocols.retainAll(Arrays.asList("TLSv1.2", "TLSv1.1", "TLSv1"));
((SSLSocket)socket).setEnabledProtocols((String[])supportedProtocols.toArray(new String[supportedProtocols.size()]));
}
return socket;
}
}
网友评论