- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
在我的程序中,我需要对两个不同的服务器执行安全(双向 SSL)请求。现在,当我尝试连接到 server1
时,我遇到了异常 javax.net.ssl.SSLHandshakeException
。最奇怪的是,在对 server1
的请求失败后,我无法收到来自 server2
的响应。我遇到异常 java.net.SocketTimeoutException
。如果对server1
的请求没有执行,server2
返回数据成功。
堆栈跟踪:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)
...
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 20 more
Exception in thread "main": java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at sun.security.ssl.AppInputStream.read(Unknown Source)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read1(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source)
at sun.net.www.http.HttpClient.parseHTTP(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
...
请求server1
的代码:
URL url = ...
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setRequestProperty("Content-type", "application/soap+xml; charset=UTF-8");
connection.setConnectTimeout(300000);
connection.setReadTimeout(300000);
connection.setDoInput(true);
connection.setDoOutput(true);
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection;
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
keyManagerFactory.init(keyStore, "password".toCharArray());
} finally {
is.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
trustManagerFactory.init(keyStore);
} finally {
is.close();
}
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),new SecureRandom());
httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory());
httpsConnection.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
});
try {
OutputStream os = connection.getOutputStream();
try {
String s = ...;
os.write(s.getBytes());
} finally {
os.close();
}
System.out.println("Response code: " + connection.getResponseCode());
} finally {
connection.disconnect();
}
请求server2
的代码:
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance("JKS");
FileInputStream is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
keyManagerFactory.init(localKeyStore, "password".toCharArray());
} finally {
is.close();
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyStore = KeyStore.getInstance("JKS");
is = new FileInputStream(new File(...));
try {
keyStore.load(is, "password".toCharArray());
trustManagerFactory.init(keyStore);
} finally {
is.close();
}
sslContext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), new SecureRandom());
URL url = ...
URLConnection connection = url.openConnection();
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
connection.setReadTimeout(40000);
connection.setConnectTimeout(40000);
connection.setDoInput(true);
connection.setDoOutput(false);
int respCode = ((HttpURLConnection) connection).getResponseCode();
if (respCode != 200)
throw new RuntimeException(...);
BufferedInputStream bufferedIs = new BufferedInputStream(connection.getInputStream());
try {
byte[] buf = new byte[512];
int j;
while ((j = bufferedIs.read(buf)) != -1) {
...
} finally {
bufferedIs.close();
}
如有任何帮助,我将不胜感激。
最佳答案
我不小心在代码片段中遗漏了一行非常重要的代码:System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")
。该属性在请求 server1
之后和请求 server2
之前设置,如果其值为 false
则请求 server2
失败,但主题除外。在探索了 OpenJDK 的来源之后,我发现类 com.sun.net.ssl.internal.ssl.Handshaker
带有静态和最终字段 boolean allowUnsafeRenegotiation
,它是通过以下方法调用初始化的: Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false)
。
所以在我的例子中,在第一次请求属性 sun.security.ssl.allowUnsafeRenegotiation
被初始化为默认值 (false
) 并且任何后续更改该属性的尝试都没有效果。
关于java.net.SocketTimeoutException : Read timed out after failed request,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22844906/
“Fail Early”是什么意思,在什么情况下这种方法最有用,你什么时候会避免这种方法? 最佳答案 本质上,快速失败 (又名 尽早失败 )是对您的软件进行编码,使得 当出现问题时,软件会尽快并尽可能
/* * 115200. Connect GPIO 0 of your ESP8266 to VCC and reset the board */ #include #include #inc
安装并注册 gitlab-runner 后,当我运行时 gitlab-runner start我收到此错误消息。这是什么原因? Runtime platform
我一直在尝试Windows Server 2016 TP5上的Windows容器。突然我在运行带有端口映射选项-p 80:80的容器时开始出错 c:\>docker run -it -p 80:80
我一直在关注 Hyperledger Fabric Multi-Org setup 的教程,我能够成功地做到这一点。现在我想根据我想要的组织名称对其进行自定义,并且在尝试连接网络时遇到以下错误。希望有
所以我不知道为什么这个测试失败了。当我运行 repl 中的语句时,一切似乎都正常工作,但 fiveam 测试失败。 以下要点中有一个测试用例:https://gist.github.com/Puerc
我安装了 Android Studio 1.2.1.1、Gradle 版本 2.2.1 和 Android 插件版本 1.2.3。我试图创建一个简单的 hello world 项目,它给了我一个构建失
我正在尝试设置一个简单的 WebTestCase,它使用 Symfony 4(和 "phpunit/phpunit": "^6.5")。但是,测试失败: Failed to start the ses
我已经使用 git clone 在本地克隆了一个包含 Vue 项目的 git 存储库. 然后我跑了npm install安装依赖项并获得 node_modules文件夹。 正在运行 npm run s
我有:http://windows.github.com/ 我当前的项目有大约 20k 个文件,大约 150MB(并且不说它有多慢而且我现在什么也做不了)它甚至不允许我提交!我收到此错误:提交失败:无
我正在使用 RxAndroidBle 库开发一个应用程序,该库大约每 30 秒定期执行 BLE 扫描,每分钟左右执行一些 BLE 操作。几个小时后,通常在 5 到 24 小时之间,扫描停止工作。每次应
每次我尝试使用 Pycharm 推送 GitHub 中的存储库时,它都会失败。 Push failed: fatal: Authentication failed for 'https://githu
此外,管理内置“管理结构”(如标题中的结构)的 Resque 的最佳实践是什么?我应该用 jedis.del(String key) 或类似的东西清除它们吗? 最佳答案 resque:failed 是
想象这样一种场景,我们想要在对“foo”和“bar”的并发请求成功完成后做一些事情,或者如果其中一个或两个失败则报告错误: $.when($.getJSON('foo'), $.getJSON('ba
这就是我所做的: 我使用的是 Windows XP SP3 我已经安装了 Python 2.7.1。 我下载了instantclient-basic-nt-11.2.0.3.0.zip,解压后放入C:
我已经设置了一个 vfsstream block 设备,我正在尝试对其调用 file_get_contents()。然而,对 vfsStreamWrapper::stream_open 的调用失败,因
我正在尝试在我的 React 应用程序中使用文件上传功能,但遇到了问题。当我尝试上传第一张图片时,它工作得很好。文件资源管理器对话框关闭并显示我的图片。用我的文件资源管理器中的另一张图片覆盖图片也可以
目标:将我的本地 mongodb 数据迁移到 mongodb atlas 集群。 尝试: 1.将本地数据导出为json。 2.导入json到集群。 操作系统:Linuxmint 19.1 Cinnam
我一直在从事一个需要在服务器(托管在 GCE 上)和多个客户端之间进行一些网络连接的项目。我创建了一个 Compute Engine 实例来运行 Python 脚本,如以下视频所示:https://w
我正在尝试使用 sqlx crate 和 Postgres 数据库连接到 Rust 中的数据库。 main.rs: use dotenv; use sqlx::Pool; use sqlx::PgPo
我是一名优秀的程序员,十分优秀!