1

尝试实现:根据 Apple Pay for Web 的要求,需要 2 路 TLS 1.2。在我的情况下,我试图从我的 java 中使用 json 有效负载(你可以说是客户端)访问苹果支付服务器。 https://developer.apple.com/reference/applepayjs/applepaysession#2166532

我的关注点:

1)列出所有支持的密码套件的任何命令?在 java 1.8 上运行。

2) 将 HttpsURLconnection.openconnection 设为 TLS1.2 需要什么?

3)我可以实现此连接的任何示例代码。

4) 证书和私钥等需要哪些设置?

任何帮助都会很有用。我知道我已经提出了非常直接的问题,但我会继续在此添加更具体的问题。

更新:前 3 点已完成。现在只关于第 4 点:我通过转换为 cert.p12 文件并保存为新的密钥库来发送文件密钥和证书。

openssl x509 -inform der -in merchant_id.cer -out merchant_id.pem
openssl pkcs12 -nodes -export -in merchant_id.pem -inkey clientprivate.key -out cert.p12 -name "Certificate"

之后在eclipse中运行带有VM参数的java代码:

-Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=cert.p12 -Djavax.net.debug=ssl

我可以在控制台中看到以下错误:

*ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
* Certificate chain

** ECDHClientKeyExchange
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: 
*
main, WRITE: TLSv1.2 Handshake, length = 64
main, handling exception: java.net.SocketException: Connection reset
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
main, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 48
main, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
main, called closeSocket()
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(Unknown Source)
    at java.net.SocketInputStream.read(Unknown Source)
    at sun.security.ssl.InputRecord.readFully(Unknown Source)
    at sun.security.ssl.InputRecord.read(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
    at java.net.HttpURLConnection.getResponseCode(Unknown Source)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)

这是java代码:

HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();  
conn.setSSLSocketFactory(factory);
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setRequestProperty("Content-Type", "application/json; charset=UTF-8");
conn.setRequestProperty("Accept", "application/json");
conn.setRequestMethod("POST");
OutputStream os = conn.getOutputStream();
os.write(jsonInString.getBytes("UTF-8"));

失败于

conn.getOutputStream();

使用 java 1.8

4

1 回答 1

0

按顺序询问的一般答案..

  1. 我发现这对列出所有密码很有帮助:https ://confluence.atlassian.com/stashkb/list-ciphers-used-by-jvm-679609085.html

  2. 我用它System.setProperty("https.protocols", "TLSv1.2");来将它设置为 TLS 1.2。

  3. 我不能在这里发布我的整个项目,它的代码太多......这是一个基本的 http 请求,其中包含所有必填字段。
  4. 首先在苹果网站上创建一个“Apple Pay 商家 ID”证书,下载它,将证书和密钥从其中提取到 2 个单独的文件中,连同您的请求一起发送(当然还有密码)。
于 2016-09-20T18:40:49.047 回答