java - Java SSL - 重试 SSLSocketException
问题描述
建立安装证书的重试机制。重试直到SSLSocketException
不被抛出。我的一项 Springboot 服务间歇性地抛出握手异常,但在几次重新启动后最终可以正常工作,因此也不能说它是证书问题。这是我目前所拥有的。
char[] keyStoreKey = "changeit".toCharArray();
File file = getJssCaCertFile();
LOGGER.info("Loading KeyStore {} ...", file);
KeyStore keyStore;
try (InputStream in = new FileInputStream(file)) {
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(in, keyStoreKey);
}
SSLContext context = SSLContext.getInstance(sslProtocol == null || sslProtocol.trim().isEmpty() ? SSL_PROTOCOL : sslProtocol);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
X509TrustManager defaultTrustManager = (X509TrustManager) tmf.getTrustManagers()[0];
SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
context.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory factory = context.getSocketFactory();
LOGGER.info("Opening connection to {}:{} ...", host, port);
boolean installCerts = false;
try (SSLSocket socket = (SSLSocket) factory.createSocket(host, port)) {
socket.setSoTimeout(SSL_TIMEOUT);
try {
LOGGER.info("Starting SSL handshake...");
socket.startHandshake();
installCerts = true;
LOGGER.info("No errors, certificate is already trusted");
} catch (SSLException e) {
LOGGER.info("Certificate is not trusted - try getting it and installing it");
if(retryCount < 10) {
return null;
}
}
}
chain
尝试 10 次后,使用onTrustManager
和 add to检查证书keystore
if(installCerts || retryCount == 10) {
X509Certificate[] chain = tm.chain;
if (chain == null || chain.length == 0) {
throw new CryptoUtilException("Error in getting server certificate. Host: " + host + ". Port: " + port);
}
LOGGER.info("Server sent {} certificate(s):", chain.length);
AtomicInteger counter = new AtomicInteger(0);
Stream.of(chain).forEach(certificate -> {
String alias = host + "-" + counter.getAndIncrement();
try {
keyStore.setCertificateEntry(alias, certificate);
LOGGER.info("Certificate {} added successfully", alias);
} catch (KeyStoreException e) {
LOGGER.error("Error while adding {} into keystore", alias);
}
});
OutputStream out = new FileOutputStream(JSSECACERTS);
keyStore.store(out, keyStoreKey);
out.close();
}
有没有更好的方法来处理这个问题,而不是循环直到没有抛出异常。
感谢您的建议!
解决方案
推荐阅读
- c# - C# Lamba 表达式选择元素
- swift - 如何快速安装 Google-Maps-iOS-Utils?
- laravel - Laravel 分离不起作用 - 它只是将枢轴列更新为 null 而不是分离整个模型
- python - 如何构建具有模块依赖关系的独立 Python 程序?(Tweet2Vec)
- html - 试图创建这个 css 功能区。与丝带的曲线作斗争
- php - 带有选择下拉选项的前端注册表单
- python - 如何在 Visual Studio Code 中更改 Anaconda/Jupyter Notebooks 使用的端口
- shell - 在 Jenkins 服务器上执行 shell 脚本无法访问
- liferay-7 - 在 liferay 7 QUERY 上寻找用户/角色权限,
- python - 如何从 1m 字符串输入中计算唯一值?