HttpUrlConnection을 통해 사이트에서 데이터를 다운로드하는 간단한 클라이언트 애플리케이션이 있습니다. 서버는 cert auth를 사용합니다. 앱 (Weblogic 외부)이 적절하게 작동합니다. 독립 모드에서는 SSLSocketFactory를 통해 인증서를 설정합니다.WebLogic 클라이언트 앱에서 HttpUrlConnection을 통한 Http 인증서 인증
하지만 앱은 WebLogic 응용 프로그램 서버에서 작동해야합니다.
나는 인증서를 cacerts에 추가했으며 WebLogic의 ID 저장소에도 추가했습니다. 로그에서 WL이 찾은 것을 봅니다. 하지만 RECV TLSv1 ALERT: fatal, handshake_failure
오류가 발생했습니다.
내가 다른 방식으로 무엇을할까요? 고맙습니다!
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnabledCipherSuites(String[]): value=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,TLS_EMPTY_RENEGOTIATION_INFO_SCSV.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnabledProtocols(String[]): value=SSLv2Hello,SSLv3,TLSv1.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setEnableSessionCreation(boolean):value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setWantClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setNeedClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setNeedClientAuth(boolean): value=false.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.setUseClientMode(boolean): value=true.>
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1377072614 bytes = { 22, 18, 8, 150, 85, 185, 67, 160, 51, 252, 172, 191, 141, 100, 201, 254, 187, 63, 235, 175, 246, 17, 165, 128, 216, 209, 228, 102 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 75
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: SSLv2 client hello message, length = 101
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 103.>
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 74
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK bytesConsumed = 79 bytesProduced = 0.>
*** ServerHello, TLSv1
RandomCookie: GMT: 1377072630 bytes = { 90, 186, 22, 195, 56, 131, 89, 24, 40, 175, 153, 6, 104, 172, 220, 160, 93, 105, 251, 97, 118, 101, 103, 72, 243, 179, 201, 87 }
Session ID: {146, 153, 76, 87, 103, 112, 44, 239, 163, 85, 147, 205, 99, 91, 81, 62, 74, 79, 82, 96, 106, 103, 78, 165, 35, 242, 44, 71, 227, 192, 111, 253}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
Warning: No renegotiation indication extension in ServerHello
%% Created: [Session-3, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP
bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 1667
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK
bytesConsumed = 1672 bytesProduced = 0.>
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: [email protected], CN=*.takarnet.hu, O=Foldhivatal, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: ************
public exponent: 65537
Validity: [From: Tue Sep 14 15:01:48 CEST 2010,
To: Fri Dec 11 14:01:48 CET 2037]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 341c]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
S/MIME
Object Signing
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
chain [1] = [
[
Version: V3
Subject: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: ************
public exponent: 65537
Validity: [From: Tue Feb 12 11:25:51 CET 2002,
To: Sat Jun 30 12:25:51 CEST 2029]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 00]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL server
SSL CA
S/MIME CA
]
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
[[email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU]
SerialNumber: [ 00]
]
[4]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
***
Found trusted certificate:
[
[
Version: V3
Subject: [email protected], CN=*.takarnet.hu, O=Foldhivatal, L=Budapest, ST=Hungary, C=HU
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: **************
public exponent: 65537
Validity: [From: Tue Sep 14 15:01:48 CEST 2010,
To: Fri Dec 11 14:01:48 CET 2037]
Issuer: [email protected], CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU
SerialNumber: [ 341c]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 32 16 30 54 68 69 73 20 43 65 72 74 69 66 69 .2.0This Certifi
0010: 63 61 74 65 20 77 61 73 20 47 65 6E 65 72 61 74 cate was Generat
0020: 65 64 20 62 79 20 46 6F 6C 64 68 69 76 61 74 61 ed by Foldhivata
0030: 6C 20 43 41 l CA
[2]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
SSL server
S/MIME
Object Signing
]
[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]
]
Algorithm: [MD5withRSA]
Signature:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
]
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Handshake, length = 152
<2013.08.21. 10:14:30 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = OK HandshakeStatus = NEED_TASK bytesConsumed = 157 bytesProduced = 0.>
*** CertificateRequest
Cert Types: RSA, DSS, Ephemeral DH (RSA sig)
Cert Authorities:
<EMAILADDRESS=***, CN=TAKARNET CA, O=FOLDHIVATAL, L=Budapest, ST=Hungary, C=HU>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
CONNECTION KEYGEN:
Client Nonce:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server Nonce:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Master Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client MAC write Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server MAC write Secret:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client write key:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server write key:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Client write IV:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
Server write IV:
0000: ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ** ****************
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 60, 110, 8, 97, 250, 71, 53, 6, 54, 184, 165, 165 }
***
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1 Handshake, length = 48
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_WRAP bytesConsumed = 0 bytesProduced = 146.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_WRAP bytesConsumed = 0 bytesProduced = 6.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.wrap(ByteBuffer,ByteBuffer) called: result=Status = OK HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 53.>
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: SSLEngine.unwrap(ByteBuffer,ByteBuffer[]) called: result=Status = BUFFER_UNDERFLOW HandshakeStatus = NEED_UNWRAP bytesConsumed = 0 bytesProduced = 0.>
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1 Alert, length = 2
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', RECV TLSv1 ALERT: fatal, handshake_failure
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
<2013.08.21. 10:14:31 CEST> <Debug> <SecuritySSL> <BEA-000000> <[Thread[[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)',5,Pooled Threads]]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.unwrap(ByteBuffer,ByteBuffer[]).
javax.net.ssl.SSLException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1467)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1435)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1601)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1031)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:647)
at weblogic.security.SSL.jsseadapter.JaSSLEngine$5.run(JaSSLEngine.java:134)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.doAction(JaSSLEngine.java:732)
at weblogic.security.SSL.jsseadapter.JaSSLEngine.unwrap(JaSSLEngine.java:132)
at weblogic.socket.JSSEFilterImpl.unwrap(JSSEFilterImpl.java:585)
at weblogic.socket.JSSEFilterImpl.unwrapAndHandleResults(JSSEFilterImpl.java:490)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:93)
at weblogic.socket.JSSEFilterImpl.doHandshake(JSSEFilterImpl.java:71)
at weblogic.socket.JSSEFilterImpl.write(JSSEFilterImpl.java:434)
at weblogic.socket.JSSESocket$JSSEOutputStream.write(JSSESocket.java:78)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:186)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:400)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
또 다른 질문에 대한 답변을 찾았습니다. http://stackoverflow.com/questions/14875094/ssl-server-socket-want-auth-option 아마 도움이 될 것입니다. –