如何使用IBMJSSE2默认提供程序从SSLContext获取所有TLS会话?

2022-06-29 00:00:00 ssl tls1.2 security java websphere

我使用IBMJSSEProvider2作为TLS连接的默认设置,并使用以下代码显示有关TLS会话的信息:

SSLSessionContext sslSessionContext = SSLContext.getDefault().getClientSessionContext();
Enumeration<byte[]> sessionIds = sslSessionContext.getIds();
while (sessionIds.hasMoreElements()) {
  SSLSession sslSession = sslSessionContext.getSession(sessionIds.nextElement());
  writer.write("Client: " + sslSession.getPeerHost() + ":" + sslSession.getPeerPort() + "
");
  writer.write("	Protocol: " + sslSession.getProtocol() + "
");
  writer.write("	SessionID: " + byteArrayToHex(sslSession.getId()) + "
");
  writer.write("	CipherSuite: " + sslSession.getCipherSuite() + "
");
  for (X509Certificate certificate : sslSession.getPeerCertificateChain()) {
    writer.write("	X509 Certificate: " + certificate.getSubjectDN() + "
");
    writer.write("		Issuer: " + certificate.getIssuerDN().getName() + "
");
    writer.write("		Algorithm: " + certificate.getSigAlgName() + "
");
    writer.write("		Validity: " + certificate.getNotAfter() + "
");
  }
}

上面的代码在一个WebSphere8.5实例上运行。当我运行该算法时,它不会打印有关我使用Spring3.2中的RestTemplate实现连接到任何HTTPS URL的任何信息。 使用其他提供程序(如Oracle提供程序)显示了相关信息。我是否遗漏了使其正常工作的内容?

我正在尝试创建一个简单的解决方案来解决一个活动的WebSphere实例支持哪些TLS版本的问题。当然,对于实时客户端,不建议这样做。


解决方案

问题可能是底层库没有使用WebSphere上的默认上下文。因此,我必须创建一个定制的客户端,使其使用特定的SSLContext,这样我就可以列出我需要的所有信息。以下是实现此目的的代码:

    private static String URL = "https://www.google.com";
    private static String TRUST_STORE_FILE = "/Users/xpto/trust.p12";
    private static String TRUST_STORE_PASS = "truststore";
    private static String TRUST_STORE_TYPE = "PKCS12";
    private static String TLS_VERSION = "TLSv1.2";

    public static void main(String[] args) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(TRUST_STORE_TYPE);
        keyStore.load(new FileInputStream(TRUST_STORE_FILE), TRUST_STORE_PASS.toCharArray());

        SSLContext sslContext = SSLContexts
                .custom()
                .loadTrustMaterial(keyStore)
                .useProtocol(TLS_VERSION)
                .build();

        HttpComponentsClientHttpRequestFactory clientFactory = new HttpComponentsClientHttpRequestFactory(HttpClients
                .custom()
                .setSSLSocketFactory(new SSLConnectionSocketFactory(sslContext))
                .build());

        RestTemplate restTemplate = new RestTemplate(clientFactory);

        HttpHeaders requestHeaders = new HttpHeaders();
        requestHeaders.setContentType(MediaType.APPLICATION_JSON);
        requestHeaders.setAccept(Arrays.asList(MediaType.APPLICATION_JSON));

        HttpEntity<String> requestEntity = new HttpEntity<String>(requestHeaders);
        print("Requesting: " + URL);
        ResponseEntity<String> response = restTemplate.exchange(URL, HttpMethod.GET, requestEntity, String.class);
        print("Response: " + response.getBody());

        printSSLContextInfo(sslContext);
    }

    private static void printSSLContextInfo(SSLContext sslContext) throws Exception {
        print("-------------
Printing TLS Client Information");
        SSLSessionContext sslSessionContext = sslContext.getClientSessionContext();
        Enumeration<byte[]> sessionIds = sslSessionContext.getIds();
        while (sessionIds.hasMoreElements()) {
            SSLSession sslSession = sslSessionContext.getSession(sessionIds.nextElement());
            print("Client: " + sslSession.getPeerHost() + ":" + sslSession.getPeerPort());
            print("	Protocol: " + sslSession.getProtocol());
            print("	SessionID: " + byteArrayToHex(sslSession.getId()));
            print("	CipherSuite: " + sslSession.getCipherSuite());
            for (X509Certificate certificate : sslSession.getPeerCertificateChain()) {
                print("	X509 Certificate: " + certificate.getSubjectDN());
                print("		Issuer: " + certificate.getIssuerDN().getName());
                print("		Algorithm: " + certificate.getSigAlgName());
                print("		Validity: " + certificate.getNotAfter());
            }
        }
    }

    public static String byteArrayToHex(byte[] a) {
        StringBuilder sb = new StringBuilder(a.length * 2);
        for (byte b : a)
            sb.append(String.format("%02x", b));
        return sb.toString();
    }

    public static void print(Object msg) {
        System.out.println(msg);
    }

相关文章