Ошибка SSL java - получено фатальное предупреждение: handshake_failure - PullRequest
Новая
       2

Ошибка SSL java - получено фатальное предупреждение: handshake_failure

0 голосов
/ 26 октября 2019

Это ошибка, которую я получаю при попытке подключить SSLSocket в java8. Даже если я вытащу все данные из хранилища ключей и пар ключей и позволю алгоритму сделать это в одиночку, он выдаст ту же ошибку. 

Received fatal alert: handshake_failure
Authenticator() called AuthJScoket()
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:750)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at java.io.ObjectOutputStream$BlockDataOutputStream.drain(ObjectOutputStream.java:1877)
    at java.io.ObjectOutputStream$BlockDataOutputStream.setBlockDataMode(ObjectOutputStream.java:1786)
    at java.io.ObjectOutputStream.<init>(ObjectOutputStream.java:247)
    at DataIo.JavaSocketConxClient.AuthenticatorJSocket(JavaSocketConxClient.java:177)
    at user.Authenticator.Authenticate(Authenticator.java:46)
    at user.UserAdmin.startSession(UserAdmin.java:76)
    at core.Core.main(Core.java:18)
java.lang.NullPointerException
    at user.Authenticator.Authenticate(Authenticator.java:51)
    at user.UserAdmin.startSession(UserAdmin.java:76)
    at core.Core.main(Core.java:18)

Вот соответствующий код 

public static KeyStore createCertificateAuthority(String keyAlgorithm, int keyLength, char[] storePassword, char[] keyPassword, String alias, String signatureAlgorithm, String issuer, Date validFrom, Date validTo)
    throws GeneralSecurityException {
        String subject = issuer;
        String subjectAltName = null;
        String subjectIPAddress = null;//"127.0.0.1";
        KeyPair keyPair = generateKeyPair(keyAlgorithm, keyLength);
        X509Certificate x509Certificate = generateV3Certificate(new X500Principal(issuer), new X500Principal(subject),false, false, subjectAltName, subjectIPAddress,keyPair.getPublic(), keyPair.getPrivate(), validFrom, validTo, signatureAlgorithm);
        x509Certificate.checkValidity(new Date());
        x509Certificate.verify(keyPair.getPublic());
        @SuppressWarnings("deprecation")
        X509Certificate[] chain = new X509Certificate[1];
        chain[0] = x509Certificate;
        KeyStore keyStoreSigningKey = createKeyStore(storePassword);
        keyStoreSigningKey.setKeyEntry(alias, keyPair.getPrivate(), keyPassword, chain);
        return keyStoreSigningKey;
    }

Этометод выше и эти вниз я использую как на сервере, так и на клиенте 

/**
 * Generate RCA 1024bit private and public keys pair
 * 
 * @param algorithm the standard string name of the algorithm. i.e. "RSA"
 * @param keySize algorithm-specific metric, such as modulus length, specified in number of bits. i.e. 1024,2048,4096 for RSA
 * @return
 * @throws NoSuchAlgorithmException
 */
public static KeyPair generateKeyPair(String algorithm, int keySize) throws NoSuchAlgorithmException {
    KeyPairGenerator kpg = KeyPairGenerator.getInstance(algorithm);
    kpg.initialize(keySize);
    return kpg.generateKeyPair();
}

А теперь на стороне сервера 

 KeyStore ks = KPCrypt.createCertificateAuthority("RSA", 1028, "trialPassStore".toCharArray(), "trialPassKey".toCharArray(), "KeyStore", "SHA256WithRSAEncryption", "CN=serverBoladaun" , (Date) new GregorianCalendar(2019, Calendar.OCTOBER, 24).getTime(), (Date) new GregorianCalendar(2019, Calendar.OCTOBER, 26).getTime());
          ks.load(null, "trialPassStore".toCharArray());

          TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
          tmf.init(ks);

//        get a x509TrustManager from tmf
          X509TrustManager x509TrustManager = null;
          for (TrustManager trustManager : tmf.getTrustManagers()) {
              if (trustManager instanceof X509TrustManager) {
                  x509TrustManager = (X509TrustManager) trustManager;
                  break;
              }
          }
          if (x509TrustManager == null) throw new NullPointerException();         

          KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
          keyManagerFactory.init(ks,  "trialPassStore".toCharArray());
          X509KeyManager x509KeyManager = null;
          for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
              if (keyManager instanceof X509KeyManager) {
                  x509KeyManager = (X509KeyManager) keyManager;
                  break;
              }
          }
          if (x509KeyManager == null) throw new NullPointerException();

          SSLContext sslContext = SSLContext.getInstance("TLS");

          sslContext.init(new KeyManager[]{x509KeyManager},

              new TrustManager[]{x509TrustManager}, null);

          SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
          SSLServerSocket server = (SSLServerSocket) serverSocketFactory.createServerSocket(5555);
          server.setNeedClientAuth(true);
          server.setEnabledProtocols(new String[]{"TLSv1.2"});

А на стороне клиента: 

            KeyStore ks =tools. KPCrypt.createCertificateAuthority("RSA", 1028, "trialPassStore".toCharArray(), "trialPassKey".toCharArray(), "KeyStore", "SHA256WithRSAEncryption", "CN=serverBoladaun" , (Date) new GregorianCalendar(2019, Calendar.OCTOBER, 24).getTime(), (Date) new GregorianCalendar(2019, Calendar.OCTOBER, 26).getTime());
            ks.load(null, "trialPassStore".toCharArray());

            TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "SunJSSE");
            tmf.init(ks);

            //            get a x509TrustManager from tmf
            X509TrustManager x509TrustManager = null;
            for (TrustManager trustManager : tmf.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    x509TrustManager = (X509TrustManager) trustManager;
                    break;
                }
            }
            if (x509TrustManager == null) throw new NullPointerException();       

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            keyManagerFactory.init(ks,  "trialPassStore".toCharArray());
            X509KeyManager x509KeyManager = null;
            for (KeyManager keyManager : keyManagerFactory.getKeyManagers()) {
                if (keyManager instanceof X509KeyManager) {
                    x509KeyManager = (X509KeyManager) keyManager;
                    break;
                }
            }
            if (x509KeyManager == null) throw new NullPointerException();

            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(new KeyManager[]{x509KeyManager},

                    new TrustManager[]{x509TrustManager}, null);

            SSLSocketFactory SocketFactory = sslContext.getSocketFactory();
        SSLSocket client = (SSLSocket) SocketFactory.createSocket(ip, 5555);
//      client.startHandshake();
            client.setNeedClientAuth(true);
            client.setEnabledProtocols(new String[]{"TLSv1.2"});
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Нет похожих вопросов

...