摘要:背景微信退款接口需要使用到證書�,我參考微信的官方進(jìn)行,部分代碼如下上面的代碼���,在本地調(diào)試的時(shí)候正常跑過����,沒有出現(xiàn)任何異常�,但是放到測(cè)試環(huán)境之后便會(huì)出現(xiàn)下面的異常,這三種異常都是從這里拋出來的�����。
背景
微信退款接口需要使用到證書�����,我參考微信的官方Demo進(jìn)行��,部分代碼如下:
char[] password = config.getMchID().toCharArray();
InputStream certStream = config.getCertStream();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(certStream, password);
上面的代碼����,在本地調(diào)試的時(shí)候正常跑過����,沒有出現(xiàn)任何異常���,但是放到測(cè)試環(huán)境之后便會(huì)出現(xiàn)下面的異常�,這三種異常都是從ks.load(certStream, password)這里拋出來的����。定位這個(gè)問題花費(fèi)了一些時(shí)間���,且讓我小小總結(jié)一下����,供大家遇到相同問題時(shí)有個(gè)參考�。
異常類型1
java.io.IOException: Short read of DER length
at sun.security.util.DerInputStream.getLength(DerInputStream.java:582)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.(DerValue.java:332)
at sun.security.util.DerValue.(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.lingyejun.authenticator.ReadPKCS12File$LoadCertInputStream.run(ReadPKCS12File.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
異常類型2
java.io.IOException: DerInputStream.getLength(): lengthTag=7, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:599)
at sun.security.util.DerValue.init(DerValue.java:391)
at sun.security.util.DerValue.(DerValue.java:332)
at sun.security.util.DerValue.(DerValue.java:345)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.lingyejun.authenticator.ReadPKCS12File$LoadCertInputStream.run(ReadPKCS12File.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
異常類型3
java.io.IOException: toDerInputStream rejects tag type 54
at sun.security.util.DerValue.toDerInputStream(DerValue.java:874)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1915)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.lingyejun.authenticator.ReadPKCS12File$LoadCertInputStream.run(ReadPKCS12File.java:53)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
結(jié)論:keyStore.load(InputStream stream, char[] password)中的InputStream在嘗試加載的過程中,如果有其他的線程正在使用或者進(jìn)行同樣的讀加載�,那么就會(huì)拋出上面的異常。
模擬復(fù)現(xiàn)
package com.lingyejun.authenticator;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.security.cert.CertificateException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
/**
* 模擬加載certStream問題
*
* @Author: lingyejun
* @Date: 2019/6/24
* @Describe:
* @Modified By:
*/
public class ReadPKCS12File {
// 線程個(gè)數(shù)
private static final int THREAD_POOL_SIZE = 10;
// 初始化線程池
private ExecutorService executorService = new ThreadPoolExecutor(THREAD_POOL_SIZE, THREAD_POOL_SIZE,
0L, TimeUnit.MILLISECONDS,
new LinkedBlockingQueue());
// HTTPS證書的本地路徑
private static final String CERT_LOCAL_PATH = "apiclient_cert.p12";
// HTTPS證書密碼����,默認(rèn)密碼等于商戶號(hào)MCHID
private static final String CERT_PASSWORD = "1509107311";
private static InputStream certStream = ReadPKCS12File.class.getClassLoader().getResourceAsStream(CERT_LOCAL_PATH);
public static void main(String[] args) {
ReadPKCS12File readPKCS12File = new ReadPKCS12File();
for (int threadNo = 0; threadNo < THREAD_POOL_SIZE; threadNo++) {
readPKCS12File.executorService.execute(readPKCS12File.new LoadCertInputStream());
}
readPKCS12File.executorService.shutdown();
}
public class LoadCertInputStream implements Runnable {
@Override
public void run() {
// 證書
char[] password = CERT_PASSWORD.toCharArray();
InputStream certStream = ReadPKCS12File.certStream;
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(certStream, password);
// 實(shí)例化密鑰庫(kù) & 初始化密鑰工廠
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, password);
// 創(chuàng)建 SSLContext
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), null, new SecureRandom());
// 余下代碼就不寫了,��,,
System.out.println("初始化SSL成功����!");
} catch (IOException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
}
}
知道問題之后,我們只需要將certStream由全局唯一更改為方法的局部變量即可
InputStream certStream = ReadPKCS12File.certStream
改為
InputStream certStream = ReadPKCS12File.class.getClassLoader().getResourceAsStream(CERT_LOCAL_PATH)
究其原因
微信的官方Demo中的����,InputStream certStream = config.getCertStream(),這行代碼把我給"誤導(dǎo)"了�����,我是在外部讀取的pkcs12文件輸入流且config對(duì)象是單例的�,導(dǎo)致多個(gè)線程共同訪問這行代碼時(shí),certStream不能被正常加載����,故出現(xiàn)了上面的問題。
文章版權(quán)歸作者所有�,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除��。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/74978.html
