java ssl-重试sslsocketexception

j9per5c4  于 2021-10-10  发布在  Java
关注(0)|答案(0)|浏览(197)

构建用于安装证书的重试机制。重试,直到 SSLSocketException 没有被抛出。我的一个springboot服务间歇性地抛出握手异常,但在两次重新启动后最终会工作,所以不能说这也是一个证书问题。这是我目前拥有的。

char[] keyStoreKey = "changeit".toCharArray();
            File file = getJssCaCertFile();
            LOGGER.info("Loading KeyStore {} ...", file);
            KeyStore keyStore;
            try (InputStream in = new FileInputStream(file)) {
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(in, keyStoreKey);
            }

            SSLContext context = SSLContext.getInstance(sslProtocol == null || sslProtocol.trim().isEmpty() ? SSL_PROTOCOL : sslProtocol);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(keyStore);
            X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
            SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);

            context.init(null, new TrustManager[] { tm }, null);
            SSLSocketFactory factory = context.getSocketFactory();
            LOGGER.info("Opening connection to {}:{} ...", host, port);
            boolean installCerts = false;
            try (SSLSocket socket = (SSLSocket) factory.createSocket(host, port)) {
                socket.setSoTimeout(SSL_TIMEOUT);
                try {
                    LOGGER.info("Starting SSL handshake...");
                    socket.startHandshake();
                    installCerts = true;
                    LOGGER.info("No errors, certificate is already trusted");
                } catch (SSLException e) {
                    LOGGER.info("Certificate is not trusted - try getting it and installing it");
                    if(retryCount < 10) {
                        return null;
                    }
                }
            }

尝试10次后,使用 chain 在…上 TrustManager 以及增加 keystore ```
if(installCerts || retryCount == 10) {
X509Certificate[] chain = tm.chain;
if (chain == null || chain.length == 0) {
throw new CryptoUtilException("Error in getting server certificate. Host: " + host + ". Port: " + port);
}

            LOGGER.info("Server sent {} certificate(s):", chain.length);
            AtomicInteger counter = new AtomicInteger(0);
            Stream.of(chain).forEach(certificate -> {
                String alias = host + "-" + counter.getAndIncrement();
                try {
                    keyStore.setCertificateEntry(alias, certificate);
                    LOGGER.info("Certificate {} added successfully", alias);
                } catch (KeyStoreException e) {
                    LOGGER.error("Error while adding {} into keystore", alias);
                }
            });

            OutputStream out = new FileOutputStream(JSSECACERTS);
            keyStore.store(out, keyStoreKey);
            out.close();
        }
有没有更好的方法来处理这个问题,而不是在不抛出异常之前循环。
谢谢你的建议!!

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题