Java ssl连接异常， Remote host closed connection during handshake

zjd_byr 2015-06-10 09:16:35

目前项目需要，利用java模拟登录一个https的网站，这个网站采用的ssl双向认证，客户端对服务器的认证直接采用的是信任所有。目前问题主要出现在服务器对客户端的认证上：客户端的证书是在一个usb key中，也导出来放到了密钥库中。具体异常如下：



Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:543)

	at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:409)

	at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)

	at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)

	at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)

	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)

	at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:882)

	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)

	at LoginAction.MockLogin.main(MockLogin.java:107)

Caused by: java.io.EOFException: SSL peer shut down incorrectly

	at sun.security.ssl.InputRecord.read(Unknown Source)

	... 14 more

用于模拟登录的post请求的代码如下：



public class MockLogin {

	private final static String KEYSTORE_FILEPATH = "d:/ssl/myclient.jks";  //客户端密钥库证书

	private final static String KEYSTORE_PASSWORD = "123456";

	

	

	public static DefaultHttpClient testHttpClient(HttpClient httpClient) throws ClientProtocolException, IOException{

		SSLContext sslContext = null;

		try {

			KeyStore ks = KeyStore.getInstance("JKS");

			ks.load(new FileInputStream(KEYSTORE_FILEPATH), KEYSTORE_PASSWORD.toCharArray());

			KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

			kmf.init(ks, KEYSTORE_PASSWORD.toCharArray());

			X509TrustManager tm = new X509TrustManager() {

				

				@Override

				public X509Certificate[] getAcceptedIssuers() {

					// TODO Auto-generated method stub

					return null;

				}

				

				@Override

				public void checkServerTrusted(X509Certificate[] chain, String authType)

						throws CertificateException {

					// TODO Auto-generated method stub

					

				}

				

				@Override

				public void checkClientTrusted(X509Certificate[] chain, String authType)

						throws CertificateException {

					// TODO Auto-generated method stub

					

				}

			};

			

			sslContext = SSLContext.getInstance("SSL");

			sslContext.init(kmf.getKeyManagers(), new TrustManager[]{tm}, null);

			SSLSocketFactory ssf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

			

			ClientConnectionManager ccm = httpClient.getConnectionManager();

			SchemeRegistry sr = ccm.getSchemeRegistry();

			sr.register(new Scheme("https", 443, ssf));

			

			return new DefaultHttpClient(ccm, httpClient.getParams());



		} catch (Exception e) {

			// TODO: handle exception

			return null;

		}

		

	}

	

	public static void main(String[] args) throws ClientProtocolException, IOException {

		

		CloseableHttpClient httpClient = MockLogin.testHttpClient(new DefaultHttpClient());

		HttpPost post = new HttpPost("https://xxxx:9988/login.jsp");

		List<NameValuePair> nvps = new ArrayList<NameValuePair>();

		nvps.add(new BasicNameValuePair("username", "xxxx"));

		nvps.add(new BasicNameValuePair("password", "xxxx"));

		post.setEntity(new UrlEncodedFormEntity(nvps,"utf-8"));

		HttpResponse response = httpClient.execute(post);

		HttpEntity entity = response.getEntity();

		String content = EntityUtils.toString(entity);

		EntityUtils.consume(entity);

		System.out.println(content);

		 

	}



}