抱歉,这个问题可能有点含糊。
尝试建立与WebRTC网关的WebRTC连接。使用accept或connect函数执行dtls握手时,它会抛出SocketException。
这是错误:
java.net.SocketException: Socket is closed
at java.net.DatagramSocket.send(DatagramSocket.java:658)
at org.bouncycastle.crypto.tls.UDPTransport.send(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSRecordLayer.sendRecord(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSRecordLayer.send(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake$RecordLayerBuffer.sendToRecordLayer(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeHandshakeFragment(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeMessage(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.resendOutboundFlight(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.receiveMessage(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSServerProtocol.serverHandshake(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown Source)
at callProcessor.DTLSManager.startDTLS(DTLSManager.java:421)
at callProcessor.DTLSManager.processSTUNResponse(DTLSManager.java:554)
代码段:
tlsServer = new DefaultTlsServer2() {
public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException {
org.bouncycastle.asn1.x509.Certificate[] chain = clientCertificate.getCertificateList();
logger.debug("notifyClientCertificate: " + chain[0].getSignature());
/*// JFLog.log("Received client certificate chain of length " + chain.length);
for (int i = 0; i != chain.length; i++) {
org.bouncycastle.asn1.x509.Certificate entry = chain[i];
// JFLog.log("fingerprint:SHA-256 " + KeyMgmt.fingerprintSHA256(entry.getEncoded()) + " (" + entry.getSubject() + ")");
// JFLog.log("cert length=" + entry.getEncoded().length);
}*/
}
protected ProtocolVersion getMaximumVersion() {
logger.debug("getMaximumVersion: " + ProtocolVersion.DTLSv10);
return ProtocolVersion.DTLSv10;
}
protected ProtocolVersion getMinimumVersion() {
logger.debug("getMinimumVersion: " + ProtocolVersion.DTLSv10);
return ProtocolVersion.DTLSv10;
}
protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
logger.debug("getRSAEncryptionCredentials");
return new DefaultTlsEncryptionCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey());
}
@SuppressWarnings("rawtypes")
protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
Vector sigAlgs = supportedSignatureAlgorithms;
if (sigAlgs != null) {
for (int i = 0; i < sigAlgs.size(); ++i) {
SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
if (sigAlg.getSignature() == SignatureAlgorithm.rsa) {
signatureAndHashAlgorithm = sigAlg;
break;
}
}
if (signatureAndHashAlgorithm == null) {
return null;
}
}
logger.debug("getRSASignerCredentials");
return new DefaultTlsSignerCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey(), signatureAndHashAlgorithm);
}
@SuppressWarnings("rawtypes")
public Hashtable getServerExtensions() throws IOException {
//see : http://bouncy-castle.1462172.n4.nabble.com/DTLS-SRTP-with-bouncycastle-1-49-td4656286.html
Hashtable table = super.getServerExtensions();
if (table == null) table = new Hashtable();
int[] protectionProfiles = {
// TODO : need to pick ONE that client offers
SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80 //this is the only one supported for now
// SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_32
// SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_32
// SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_80
};
byte mki[] = new byte[0]; //should match client or use nothing
UseSRTPData srtpData = new UseSRTPData(protectionProfiles, mki);
TlsSRTPUtils.addUseSRTPExtension(table, srtpData);
logger.debug("getServerExtensions: " + table.size());
return table;
}
public void notifyHandshakeComplete() throws IOException {
logger.debug("SRTPChannel:DTLS:Server:Handshake complete");
super.notifyHandshakeComplete();
getKeys();
remoteKey = tlsServer.getRemoteKey();
remoteSalt = tlsServer.getRemoteSalt();
localKey = tlsServer.getLocalKey();
localSalt = tlsServer.getLocalSalt();
logger.debug("keys got here server");
isHandshakeComplete = 1;
logger.debug("isHandshakeComplete: " + isHandshakeComplete);
}
};
try {
logger.debug("SRTPChannel: accept dtlsCLient by DTLS server");
logger.debug("DTLS before accept:socket state:Socket is closed ?"+socket.isClosed()+socket.isConnected());
dtlsServer.accept(tlsServer, new UDPTransport(socket, 1500 - 20 - 8));
udp_started = true;
} catch (Exception e) {
logger.fatal("Exception: ",e);
}
注意:此系统已启动并正在运行,现在出现此问题,无法确定是什么触发了此问题。
最佳答案
问题在于它使用的是DTLSv10,而DTLSv10已从浏览器中删除。
将DTLSv10升级到DTLS12解决了套接字关闭问题,但在同一个DTLSServerProtocol.accept函数中引入了interal_error,这是由bouncyCaSTLe库的内部库错误bcprov-ext-jdkon-159.jar引起的。
将库jar升级到bcprov-ext-jdk15on-1.61.jar可以解决此问题,现在服务器已成功与浏览器进行握手,以使用webrtc进行VoIP调用。
关于java - 尽管套接字从未手动关闭,但由于SocketException而导致DTLS握手失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/65120897/