1
試圖實現: 按照Apple Pay for Web的要求,需要2路TLS 1.2。在我的情況下,我試圖從我的java與json有效載荷(您可以說作爲客戶端)打蘋果支付服務器。 https://developer.apple.com/reference/applepayjs/applepaysession#2166532Java客戶端和Apple支付服務器之間的2路TLS(1.2)
我關注的點:
1)列出所有的加密套件的任何命令的支持?運行在Java 1.8上。
2)將HttpsURLconnection.openconnection設置爲TLS1.2時需要什麼?
3)我可以實現這種連接的任何示例代碼。
4)需要什麼設置,如證書和私鑰?
任何幫助將是有用的。 我知道我已經提出了非常直接的問題,但我會繼續在此添加更具體的問題。
更新:前3分完成。 現在只關注點4:我通過轉換爲cert.p12文件並保存爲新密鑰庫來發送文件密鑰和證書。
openssl x509 -inform der -in merchant_id.cer -out merchant_id.pem
openssl pkcs12 -nodes -export -in merchant_id.pem -inkey clientprivate.key -out cert.p12 -name "Certificate"
在Eclipse中VM參數是運行Java代碼後:
-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=cert.p12 -Djavax.net.debug=ssl
我可以看到下面的錯誤控制檯:
*ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
* Certificate chain
** ECDHClientKeyExchange
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:
*
main, WRITE: TLSv1.2 Handshake, length = 64
main, handling exception: java.net.SocketException: Connection reset
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 48
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
下面是Java代碼:
HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
conn.setSSLSocketFactory(factory);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setRequestProperty("Accept", "application/json");
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(jsonInString.getBytes("UTF-8"));
未能在
conn.getOutputStream();
使用在要求順序的Java 1.8
謝謝yyf。上述3點已經解決了。但是我很困難地停留在第4點。我通過添加密鑰庫來發送密鑰和證書。但是在ServerHello之後,我得到了以下錯誤:WRITE:TLSv1.2 Handshake,長度= 64 main,處理異常:java.net。SocketException:連接重置 %%失效:[會話-1,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA] 主,SEND TLSv1.2工作ALERT:致命的,描述= unexpected_message 主,WRITE:TLSv1.2工作異動,長度= 48 主,異常發送報警: java.net.SocketException:通過peer重置連接:套接字寫入錯誤 main,調用closeSocket() – user2737800
我也掙扎了很多,直到我得到它的工作......我從蘋果下載了證書並從中提取了** **證書'openssl pkcs12 -nodes --nokeys -in merchant_id.pem -inkey clientprivate.key -out cert.p12'和一個鍵'openssl pkcs12 -nodes --nocerts -in merchant_id.pem -inkey clientprivate.key -out key .p12「,然後將其設置爲請求的密鑰庫。 – yyf
我想弄清楚有什麼區別。所以,可以說你從蘋果獲得merchant_id.cer。然後,您必須先創建csr和私鑰。之後從.cer文件轉換爲merchant_id.pem。接着你提到創建的證書和密鑰。那麼你如何將這兩者都設置爲密鑰庫?你也可以分享這一步嗎? – user2737800