如果使用jpackage构建的应用程序，则Java SSL handshake_failure

如何解决如果使用jpackage构建的应用程序，则Java SSL handshake_failure

我正在使用jpackage在Mac和PC上分发Java应用程序，当它尝试从某些站点使用https加载图像时遇到了handhake_failure。如果我在Mac和PC上都从Eclipse或从命令行运行该代码，则该代码运行良好，但如果以打包的应用程序运行，则该代码无法正常运行。 如果我从某些站点加载图像，问题就解决了：例如，https://st4.depositphotos.com。这使我认为“问题站点”不在信任链中。

但是作为打包应用程序运行时，为什么信任链应该有所不同？

使用Java 14.0.2和15可以看到相同的行为。下面的示例使用OpenJDK运行时环境（内部版本15 + 36-1562）。

请注意，jpackage将运行时集成到应用程序中。这是一个非模块化应用程序（我在下面显示了jpackage选项）。

在Mac上调试并使用-Djavax.net.debug = all选项，我查找了打包应用程序正在使用的trustStore。打印的路径是无效的，因为它以/ Applications而不是/ Volumes开头，但是除此之外还可以。也许这只是打印问题？无论哪种方式，我都使用-Djavax.net.ssl.trustStore = / Library / Java / JavaVirtualMachines / jdk-15.jdk / Contents / Home / lib / security / cacerts来强制打包的应用程序使用与JDK相同的trustStore和这并没有改善问题。

您认为我的代码有错误，还是jpackage中存在问题？非常感谢您的帮助！

这是打包命令：

--verbose \
--type pkg \
--input HelloTest \
--name HelloTest \
--main-class HelloTest.HelloTest \
--main-jar HelloTest.jar \
--runtime-image target/java-runtime \
--java-options -Djavax.net.ssl.trustStore=/Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home/lib/security/cacerts \
--java-options -Djavax.net.debug=all \
--vendor "Acme Inc." \
--copyright "copyright © 2019-20 Acme Inc." \
--mac-package-identifier com.acme.app \
--mac-package-name Acme

代码如下：

public class HelloTest{

    public static void main(String... args) throws IOException {

        System.out.println("javax.net.ssl.trustStore = " + System.getProperty("javax.net.ssl.trustStore"));
        
        JFrame f = new JFrame(); //creates jframe f
        Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); //this is your screen size
        int halfWidth = screenSize.width/2;
        int halfheight = screenSize.height/2;

        ImageIcon img = new ImageIcon();
        //OK: ... https://st4.depositphotos.com seems to be well trusted
        // String urlName = "https://st4.depositphotos.com/36188500/38581/i/1600/depositphotos_385811360-stock-photo-woman-lingerie-dog-rose.jpg";
        //KO: ... https://en.iconda.solutions is only trusted when code is run from Eclipse or the command line
        String urlName = "https://en.iconda.solutions/wp-content/uploads/2020/07/getting_equipped.png";
        
        JLabel lbl = new JLabel();
        URL url;
        
        try {
         url = new URL(urlName);
         HttpsURLConnection httpsConnection = (HttpsURLConnection)url.openConnection();

            try {
                /* The following works from Eclipse and from the command line,but not from an app with an integrated runtime
                 * that was produced using jpackage ... */
                try {
                    
                    img = new ImageIcon(ImageIO.read(httpsConnection.getInputStream())
                            .getScaledInstance(screenSize.width,screenSize.height,Image.SCALE_SMOOTH));
        
                } catch(Exception e) {
                    System.out.println("went wrong #1 for " + urlName);
                    e.printstacktrace();
                }
                
            } catch(Exception e) {
                System.out.println("went wrong #2 for " + urlName);
                e.printstacktrace();
            }
            
        } catch (MalformedURLException e) {
         e.printstacktrace();
        } catch (IOException e) {
         e.printstacktrace();
        }

        lbl.setIcon(img);
        
        f.getContentPane().add(lbl); //puts label inside the jframe
        f.setSize(halfWidth,halfheight); // set frame size to half of screen ... but need to resize the image
        int x = (screenSize.width - f.getSize().width)/2; //These two lines are the dimensions
        int y = (screenSize.height - f.getSize().height)/2;//of the center of the screen
        f.setLocation(x,y); //sets the location of the jframe
        f.setVisible(true); //makes the jframe visible
    }
    
}

这是调试输出中的几行：

$ /Applications/HelloTest.app/Contents/MacOS/HelloTest ; exit;
javax.net.ssl.trustStore = /Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home/lib/security/cacerts
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:05.852 CEST|null:-1|System property jdk.tls.client.cipherSuites is set to 'null'
…
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.130 CEST|null:-1|trustStore is: /Library/Java/JavaVirtualMachines/jdk-15.jdk/Contents/Home/lib/security/cacerts
trustStore type is: pkcs12
trustStore provider is: 
the last modified time is: Wed Aug 12 02:19:32 CEST 2020
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.131 CEST|null:-1|Reload the trust store
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.283 CEST|null:-1|Reload trust certs
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.286 CEST|null:-1|Reloaded 91 trust certs
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.430 CEST|null:-1|adding as trusted certificates (
  "certificate" : {
    "version"            : "v3","serial number"      : "00 A6 8B 79 29 00 00 00 00 50 D0 91 F9","signature algorithm": "SHA384withECDSA","issuer"             : "CN=entrust Root Certification Authority - EC1,OU="(c) 2012 entrust,Inc. - for authorized use only",OU=See www.entrust.net/legal-terms,O="entrust,Inc.",C=US",…
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.445 CEST|null:-1|keyStore is : 
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.445 CEST|null:-1|keyStore type is : pkcs12
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.445 CEST|null:-1|keyStore provider is : 
javax.net.ssl|ALL|01|main|2020-09-17 07:27:06.445 CEST|null:-1|init keystore
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.446 CEST|null:-1|init keymanager of type SunX509
javax.net.ssl|ALL|01|main|2020-09-17 07:27:06.447 CEST|null:-1|trigger seeding of SecureRandom
javax.net.ssl|ALL|01|main|2020-09-17 07:27:06.449 CEST|null:-1|done seeding of SecureRandom
javax.net.ssl|DEBUG|01|main|2020-09-17 07:27:06.476 CEST|null:-1|System property jdk.tls.client.SignatureSchemes is set to 'null'
javax.net.ssl|WARNING|01|main|2020-09-17 07:27:06.478 CEST|null:-1|Signature algorithm,ed25519,not supported by JSSE
javax.net.ssl|WARNING|01|main|2020-09-17 07:27:06.479 CEST|null:-1|Signature algorithm,ed448,not supported by JSSE
javax.net.ssl|WARNING|01|main|2020-09-17 07:27:06.480 CEST|null:-1|No AlgorithmParameters for x25519 (
"throwable" : {
  java.security.NoSuchAlgorithmException: Algorithm x25519 not available
    at java.base/javax.crypto.KeyAgreement.getInstance(UnkNown Source)
    at java.base/sun.security.ssl.NamedGroup.<init>(UnkNown Source)
…
javax.net.ssl|ERROR|01|main|2020-09-17 07:27:09.230 CEST|null:-1|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure (
"throwable" : {
  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at java.base/sun.security.ssl.Alert.createSSLException(UnkNown Source)

下面是对我的问题的有帮助的评论，下面是解决问题的打包脚本示例：

detected_modules=`jdeps \
  -q \
  --ignore-missing-deps \
  --print-module-deps \
  --class-path "MyApp.jar:../sandBox/jars/*" \
  -recursive MyApp.jar \
    MyApp/MyApp.class`
echo "detected modules: ${detected_modules}"

manual_modules=jdk.crypto.cryptoki
echo "manual modules: ${manual_modules}"

rm -rf ../runtime

jlink \
  --no-header-files \
  --no-man-pages  \
  --compress=2  \
  --strip-debug \
  --add-modules "${detected_modules},${manual_modules}" \
  --output ../runtime

jpackage \
--verbose \
--type pkg \
--input ../sandBox \
--dest ../output \
--name MyApp \
--app-version $1 \
--main-class MyApp.MyApp \ 
--main-jar MyApp.jar \
--runtime-image ../runtime \
--mac-package-name MyApp 

解决方法

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。