1. 首页
  2. 问答
  3. java.net.SocketTimeoutException:请求失败后读取超时

java.net.SocketTimeoutException:请求失败后读取超时

2014-04-03 187 views
1

在我的程序中,我需要对两个不同的服务器执行安全(双向SSL)请求。现在,当我尝试连接到时,我收到异常javax.net.ssl.SSLHandshakeException。最奇怪的是,在对失败的请求失败后,我无法收到server2的响应。我得到例外java.net.SocketTimeoutException。如果未执行到的请求,则server2将成功返回数据。java.net.SocketTimeoutException:请求失败后读取超时

堆栈跟踪:

请求 
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.Handshaker.fatalSE(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) 
    at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) 
    at sun.security.ssl.Handshaker.processLoop(Unknown Source) 
    at sun.security.ssl.Handshaker.process_record(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) 
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source) 
... 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(Unknown Source) 
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) 
    at sun.security.validator.Validator.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) 
    ... 14 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) 
    at java.security.cert.CertPathBuilder.build(Unknown Source) 
    ... 20 more 

Exception in thread "main": java.net.SocketTimeoutException: Read timed out 
    at java.net.SocketInputStream.socketRead0(Native Method) 
    at java.net.SocketInputStream.read(Unknown Source) 
    at java.net.SocketInputStream.read(Unknown Source) 
    at sun.security.ssl.InputRecord.readFully(Unknown Source) 
    at sun.security.ssl.InputRecord.read(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source) 
    at sun.security.ssl.AppInputStream.read(Unknown Source) 
    at java.io.BufferedInputStream.fill(Unknown Source) 
    at java.io.BufferedInputStream.read1(Unknown Source) 
    at java.io.BufferedInputStream.read(Unknown Source) 
    at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source) 
    at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) 
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) 
    at java.net.HttpURLConnection.getResponseCode(Unknown Source) 
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source) 
    ...

守则:

请求 
URL url = ... 
HttpURLConnection connection = (HttpURLConnection) url.openConnection(); 
connection.setRequestMethod("POST"); 
connection.setRequestProperty("Content-type", "application/soap+xml; charset=UTF-8"); 
connection.setConnectTimeout(300000); 
connection.setReadTimeout(300000); 
connection.setDoInput(true); 
connection.setDoOutput(true); 
HttpsURLConnection httpsConnection = (HttpsURLConnection) connection; 
SSLContext sslContext = SSLContext.getInstance("TLS"); 
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
FileInputStream is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    keyManagerFactory.init(keyStore, "password".toCharArray()); 
} finally { 
    is.close(); 
} 
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    trustManagerFactory.init(keyStore); 
} finally { 
    is.close(); 
} 
sslContext.init(keyManagerFactory.getKeyManagers(), 
    trustManagerFactory.getTrustManagers(),new SecureRandom()); 
httpsConnection.setSSLSocketFactory(sslContext.getSocketFactory()); 
httpsConnection.setHostnameVerifier(new HostnameVerifier() { 
    @Override 
    public boolean verify(String s, SSLSession sslSession) { 
     return true; 
    } 
}); 
try { 
    OutputStream os = connection.getOutputStream(); 
    try { 
     String s = ...; 
     os.write(s.getBytes()); 
    } finally { 
     os.close(); 
    } 
    System.out.println("Response code: " + connection.getResponseCode()); 
} finally { 
    connection.disconnect(); 
}

守则server2

SSLContext sslContext = SSLContext.getInstance("TLS"); 
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
KeyStore keyStore = KeyStore.getInstance("JKS"); 
FileInputStream is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    keyManagerFactory.init(localKeyStore, "password".toCharArray()); 
} finally { 
    is.close(); 
} 
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
keyStore = KeyStore.getInstance("JKS"); 
is = new FileInputStream(new File(...)); 
try { 
    keyStore.load(is, "password".toCharArray()); 
    trustManagerFactory.init(keyStore); 
} finally { 
    is.close(); 
} 
sslContext.init(keyManagerFactory.getKeyManagers(), 
    trustManagerFactory.getTrustManagers(), new SecureRandom()); 
URL url = ... 
URLConnection connection = url.openConnection(); 
((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory()); 
connection.setReadTimeout(40000); 
connection.setConnectTimeout(40000); 
connection.setDoInput(true); 
connection.setDoOutput(false); 
int respCode = ((HttpURLConnection) connection).getResponseCode(); 
if (respCode != 200) 
    throw new RuntimeException(...); 
BufferedInputStream bufferedIs = new BufferedInputStream(connection.getInputStream()); 
try { 
    byte[] buf = new byte[512]; 
    int j; 
    while ((j = bufferedIs.read(buf)) != -1) { 
     ... 
} finally { 
    bufferedIs.close(); 
}

我将不胜感激的任何帮助。

来源

2014-04-03 briarheart

+0

您使用两个不同的密钥库和信任库吗?如果你是,你不应该,如果你不是,你应该两次使用相同的SSLContext,而不是费力地构造两次。 – EJP

+0

@EJP当然,我为每个案例使用不同的密钥/信任库。 'SSLContext'的创建与代码示例完全相同 - 两次。 – briarheart

回答

0

大大咧咧我在我的代码片段省略了一个非常重要的一行:System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true")。在对的请求之后以及在对server2的请求之前以及如果其值为false,对server2的请求失败,并且主体的异常失败。探索OpenJDK的来源后,我发现有静态和最终场boolean allowUnsafeRenegotiation是用下面的方法调用初始化类com.sun.net.ssl.internal.ssl.HandshakerDebug.getBooleanProperty("sun.security.ssl.allowUnsafeRenegotiation", false)

所以在第一次请求属性sun.security.ssl.allowUnsafeRenegotiation初始化为默认值(false)后,我的情况下,任何后续尝试更改该属性没有任何影响。

来源

2014-04-04 20:00:46 briarheart

相关问题

 相关问题