java.net.SocketTimeoutException：請求失敗後讀取超時

Question

在我的程序中，我需要對兩個不同的服務器執行安全（雙向SSL）請求。現在，當我嘗試連接到時，我收到異常javax.net.ssl.SSLHandshakeException。最奇怪的是，在對失敗的請求失敗後，我無法收到server2的響應。我得到例外java.net.SocketTimeoutException。如果未執行到的請求，則server2將成功返回數據。

堆棧跟蹤：

請求

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at sun.security.ssl.Handshaker.processLoop(Unknown Source) 
    at sun.security.ssl.Handshaker.process_record(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) 
... 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 14 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 20 more 

Exception in thread "main": java.net.SocketTimeoutException: Read timed out 
    at java.net.SocketInputStream.socketRead0(Native Method) 
    at java.net.SocketInputStream.read(Unknown Source) 
    at java.net.SocketInputStream.read(Unknown Source) 
    at sun.security.ssl.InputRecord.readFully(Unknown Source) 
    at sun.security.ssl.InputRecord.read(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) 
    at sun.security.ssl.AppInputStream.read(Unknown Source) 
    at java.io.BufferedInputStream.fill(Unknown Source) 
    at java.io.BufferedInputStream.read1(Unknown Source) 
    at java.io.BufferedInputStream.read(Unknown Source) 
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source) 
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at java.net.HttpURLConnection.getResponseCode(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source) 
    ... 

守則：

請求

URL url = ... 
HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 
connection.setRequestMethod("POST"); 
connection.setRequestProperty("Content-type", "application/soap+xml; charset=UTF-8"); 
connection.setConnectTimeout(300000); 
connection.setReadTimeout(300000); 
connection.setDoInput(true); 
connection.setDoOutput(true); 
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; 
SSLContext sslContext = SSLContext.getInstance("TLS"); 
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
FileInputStream is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    keyManagerFactory.init(keyStore, "password".toCharArray()); 
} finally { 
    is.close(); 
} 
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    trustManagerFactory.init(keyStore); 
} finally { 
    is.close(); 
} 
sslContext.init(keyManagerFactory.getKeyManagers(), 
    trustManagerFactory.getTrustManagers(),new SecureRandom()); 
httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory()); 
httpsConnection.setHostnameVerifier(new HostnameVerifier() { 
    @Override 
    public boolean verify(String s, SSLSession sslSession) { 
     return true; 
    } 
}); 
try { 
    OutputStream os = connection.getOutputStream(); 
    try { 
     String s = ...; 
     os.write(s.getBytes()); 
    } finally { 
     os.close(); 
    } 
    System.out.println("Response code: " + connection.getResponseCode()); 
} finally { 
    connection.disconnect(); 
} 

守則server2：

SSLContext sslContext = SSLContext.getInstance("TLS"); 
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
KeyStore keyStore = KeyStore.getInstance("JKS"); 
FileInputStream is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    keyManagerFactory.init(localKeyStore, "password".toCharArray()); 
} finally { 
    is.close(); 
} 
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
keyStore = KeyStore.getInstance("JKS"); 
is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    trustManagerFactory.init(keyStore); 
} finally { 
    is.close(); 
} 
sslContext.init(keyManagerFactory.getKeyManagers(), 
    trustManagerFactory.getTrustManagers(), new SecureRandom()); 
URL url = ... 
URLConnection connection = url.openConnection(); 
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory()); 
connection.setReadTimeout(40000); 
connection.setConnectTimeout(40000); 
connection.setDoInput(true); 
connection.setDoOutput(false); 
int respCode = ((HttpURLConnection) connection).getResponseCode(); 
if (respCode != 200) 
    throw new RuntimeException(...); 
BufferedInputStream bufferedIs = new BufferedInputStream(connection.getInputStream()); 
try { 
    byte[] buf = new byte[512]; 
    int j; 
    while ((j = bufferedIs.read(buf)) != -1) { 
     ... 
} finally { 
    bufferedIs.close(); 
} 

我將不勝感激的任何幫助。

Answer 1

大大咧咧我在我的代碼片段省略了一個非常重要的一行：System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")。在對的請求之後以及在對server2的請求之前以及如果其值爲false，對server2的請求失敗，並且主體的異常失敗。探索OpenJDK的來源後，我發現有靜態和最終場boolean allowUnsafeRenegotiation是用下面的方法調用初始化類com.sun.net.ssl.internal.ssl.Handshaker：Debug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false)。

所以在第一次請求屬性sun.security.ssl.allowUnsafeRenegotiation初始化爲默認值（false）後，我的情況下，任何後續嘗試更改該屬性沒有任何影響。