본문 바로가기

JAVA/LIBRARY

jdk5와 https tls1.2 연동 삽질 후기

728x90

우선 jdk5에서 tls1.2 연결을 위해서 bouncy castle를 사용해보았습니다.

TlsClientTest 소스로 테스트를 해보았지만, 결국 아래와 같은 오류를 만나고 말았습니다.

TLS client negotiated TLS 1.2
TLS client received server certificate chain of length 3
    fingerprint:SHA-256 83:9E:08:A5:4F:CC:73:F7:F8:DE:2E:23:89:DB:40:E1:B5:E1:E4:9E:6C:33:4C:A8:EE:30:68:01:76:4F:ED:69 (C=KR,ST=Seoul,L=Yeongdeungpo-gu,O=GS Ho                                                                              me Shopping Inc.,OU=IT Team,CN=*.gsshop.com)
    fingerprint:SHA-256 9A:5E:EC:EE:9C:7D:89:8B:D8:1D:C3:BF:06:6D:AF:6A:EF:B8:DB                                                                              :1C:59:67:62:06:D2:BF:DD:68:23:12:C6:F6 (C=US,O=DigiCert Inc,OU=www.digicert.com                                                                              ,CN=Thawte RSA CA 2018)
    fingerprint:SHA-256 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96                                                                              :62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61 (C=US,O=DigiCert Inc,OU=www.digicert.com                                                                              ,CN=DigiCert Global Root CA)
TLS client raised alert: fatal(2), internal_error(80)
> Failed to read record
java.lang.NullPointerException
        at java.io.Reader.<init>(Reader.java:61)
        at java.io.InputStreamReader.<init>(InputStreamReader.java:55)
        at TlsTestUtils.loadPemResource(TlsTestUtils.java:478)
        at TlsTestUtils.loadCertificateResource(TlsTestUtils.java:368)
        at TlsTestUtils.getTrustedCertPath(TlsTestUtils.java:502)
        at MockTlsClient$1.notifyServerCertificate(MockTlsClient.java:128)
        at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source                                                                              )
        at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknow                                                                              n Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown                                                                               Source)
        at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source                                                                              )
        at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
        at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
        at TlsClientTest.openTlsConnection(TlsClientTest.java:62)
        at TlsClientTest.main(TlsClientTest.java:30)
Exception in thread "main" org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
        at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
        at TlsClientTest.openTlsConnection(TlsClientTest.java:62)
        at TlsClientTest.main(TlsClientTest.java:30)
Caused by: java.lang.NullPointerException
        at java.io.Reader.<init>(Reader.java:61)
        at java.io.InputStreamReader.<init>(InputStreamReader.java:55)
        at TlsTestUtils.loadPemResource(TlsTestUtils.java:478)
        at TlsTestUtils.loadCertificateResource(TlsTestUtils.java:368)
        at TlsTestUtils.getTrustedCertPath(TlsTestUtils.java:502)
        at MockTlsClient$1.notifyServerCertificate(MockTlsClient.java:128)
        at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
        at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
        ... 5 more

많은 삽질을 하며 시간을 보내다가,
다시 원점으로 돌아가서 환경에 대하여 고민하였습니다.

꼭 jdk5 에서 접근해야 할까? Linux환경이라면 curl이라는 훌륭한 툴을 이용하면 어떨까?

결국 Curl을 Java에서 Command Line으로 실행하는 코드를 만들었습니다.

import java.lang.Process;
import java.lang.Runtime;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.IOException;

public class CurlJavaTest {
    public static void main(String[] args) throws java.lang.InterruptedException {
        String output = "";
        String command = "curl -k http://gsshop.com";
        try {
            Process p = Runtime.getRuntime().exec(command);
            p.waitFor();
            BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
            String line = "";
            while ((line = reader.readLine()) != null) {
                output = output.concat(line + "\n");
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        System.out.println(output);
    }
}

생각의 관점을 바꾸어서 시도해보면 좋은 결과가 나오기도 하네요.