본문 바로가기

JAVA/LIBRARY

jdk5와 https tls1.2 연동 삽질 후기

lahuman 2021. 7. 9. 00:04

우선 jdk5에서 tls1.2 연결을 위해서 bouncy castle를 사용해보았습니다.

TlsClientTest 소스로 테스트를 해보았지만, 결국 아래와 같은 오류를 만나고 말았습니다.

TLS client negotiated TLS 1.2
TLS client received server certificate chain of length 3
    fingerprint:SHA-256 83:9E:08:A5:4F:CC:73:F7:F8:DE:2E:23:89:DB:40:E1:B5:E1:E4:9E:6C:33:4C:A8:EE:30:68:01:76:4F:ED:69 (C=KR,ST=Seoul,L=Yeongdeungpo-gu,O=GS Ho                                                                              me Shopping Inc.,OU=IT Team,CN=*.gsshop.com)
    fingerprint:SHA-256 9A:5E:EC:EE:9C:7D:89:8B:D8:1D:C3:BF:06:6D:AF:6A:EF:B8:DB                                                                              :1C:59:67:62:06:D2:BF:DD:68:23:12:C6:F6 (C=US,O=DigiCert Inc,OU=www.digicert.com                                                                              ,CN=Thawte RSA CA 2018)
    fingerprint:SHA-256 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96                                                                              :62:BD:26:DB:25:7F:89:34:A4:43:C7:01:61 (C=US,O=DigiCert Inc,OU=www.digicert.com                                                                              ,CN=DigiCert Global Root CA)
TLS client raised alert: fatal(2), internal_error(80)
> Failed to read record
java.lang.NullPointerException
        at java.io.Reader.<init>(Reader.java:61)
        at java.io.InputStreamReader.<init>(InputStreamReader.java:55)
        at TlsTestUtils.loadPemResource(TlsTestUtils.java:478)
        at TlsTestUtils.loadCertificateResource(TlsTestUtils.java:368)
        at TlsTestUtils.getTrustedCertPath(TlsTestUtils.java:502)
        at MockTlsClient$1.notifyServerCertificate(MockTlsClient.java:128)
        at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source                                                                              )
        at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknow                                                                              n Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown                                                                               Source)
        at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source                                                                              )
        at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
        at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
        at TlsClientTest.openTlsConnection(TlsClientTest.java:62)
        at TlsClientTest.main(TlsClientTest.java:30)
Exception in thread "main" org.bouncycastle.tls.TlsFatalAlert: internal_error(80)
        at org.bouncycastle.tls.TlsProtocol.safeReadRecord(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.blockForHandshake(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.connect(Unknown Source)
        at TlsClientTest.openTlsConnection(TlsClientTest.java:62)
        at TlsClientTest.main(TlsClientTest.java:30)
Caused by: java.lang.NullPointerException
        at java.io.Reader.<init>(Reader.java:61)
        at java.io.InputStreamReader.<init>(InputStreamReader.java:55)
        at TlsTestUtils.loadPemResource(TlsTestUtils.java:478)
        at TlsTestUtils.loadCertificateResource(TlsTestUtils.java:368)
        at TlsTestUtils.getTrustedCertPath(TlsTestUtils.java:502)
        at MockTlsClient$1.notifyServerCertificate(MockTlsClient.java:128)
        at org.bouncycastle.tls.TlsUtils.processServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleServerCertificate(Unknown Source)
        at org.bouncycastle.tls.TlsClientProtocol.handleHandshakeMessage(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processHandshakeQueue(Unknown Source)
        at org.bouncycastle.tls.TlsProtocol.processRecord(Unknown Source)
        at org.bouncycastle.tls.RecordStream.readRecord(Unknown Source)
        ... 5 more

많은 삽질을 하며 시간을 보내다가,
다시 원점으로 돌아가서 왜와 환경에 대하여 고민하였습니다.

꼭 jdk5 에서 접근해야 할까? Linux환경이라면 curl이라는 훌륭한 툴을 이용하면 어떨까?

결국 Curl을 Java에서 Command Line으로 실행하는 코드를 만들었습니다.

import java.lang.Process;
import java.lang.Runtime;
import java.io.InputStreamReader;
import java.io.BufferedReader;
import java.io.IOException;

public class CurlJavaTest {
    public static void main(String[] args) throws java.lang.InterruptedException {
        String output = "";
        String command = "curl -k http://gsshop.com";
        try {
            Process p = Runtime.getRuntime().exec(command);
            p.waitFor();
            BufferedReader reader = new BufferedReader(new InputStreamReader(p.getInputStream()));
            String line = "";
            while ((line = reader.readLine()) != null) {
                output = output.concat(line + "\n");
            }
        } catch (IOException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
        System.out.println(output);
    }
}

생각의 관점을 바꾸어서 시도해보면 좋은 결과가 나오기도 하네요.

'JAVA > LIBRARY' 카테고리의 다른 글

jdk5와 https tls1.2 연동 삽질 후기 (0)	2021.07.09
Srping Batch Meta 정보를 조회하는 기능입니다. (0)	2021.06.28
다른 위치의 DB 테이블 복사 기능 만들기 (0)	2017.10.27
[벤치 마크 라이브러리]JMH (0)	2016.01.26
[Lombok]사용 설명 (0)	2015.07.21
[easyExcelMaker] 쉽게 만드는 Excel (0)	2014.07.22

이전 1 ··· 17 18 19 20 21 22 23 24 25 ··· 346 다음