dtls握手失败,原因是socketexception,尽管套接字从未关闭

l7mqbcuq  于 2021-07-05  发布在  Java
关注(0)|答案(1)|浏览(996)

抱歉,这个问题可能有点模糊。正在尝试建立到webrtc网关的webrtc连接。当使用accept或connect函数执行dtls握手时,它抛出socketexception。
错误如下:

java.net.SocketException: Socket is closed
    at java.net.DatagramSocket.send(DatagramSocket.java:658)
    at org.bouncycastle.crypto.tls.UDPTransport.send(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSRecordLayer.sendRecord(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSRecordLayer.send(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSReliableHandshake$RecordLayerBuffer.sendToRecordLayer(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeHandshakeFragment(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeMessage(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSReliableHandshake.resendOutboundFlight(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSReliableHandshake.receiveMessage(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSServerProtocol.serverHandshake(Unknown Source)
    at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown Source)
    at callProcessor.DTLSManager.startDTLS(DTLSManager.java:421)
    at callProcessor.DTLSManager.processSTUNResponse(DTLSManager.java:554)

如果有其他线程正在关闭套接字但没有,则检查多次,如果套接字已关闭,则在传递套接字之前检查多次,得到false。(sotimeout为60000)
代码段:

tlsServer = new DefaultTlsServer2() {
                    public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException {
                        org.bouncycastle.asn1.x509.Certificate[] chain = clientCertificate.getCertificateList();

                        logger.debug("notifyClientCertificate: " + chain[0].getSignature());

                        /*// JFLog.log("Received client certificate chain of length " + chain.length);
                        for (int i = 0; i != chain.length; i++) {
                            org.bouncycastle.asn1.x509.Certificate entry = chain[i];
                            // JFLog.log("fingerprint:SHA-256 " + KeyMgmt.fingerprintSHA256(entry.getEncoded()) + " (" + entry.getSubject() + ")");
                            // JFLog.log("cert length=" + entry.getEncoded().length);
                        }*/
                    }

                    protected ProtocolVersion getMaximumVersion() {
                        logger.debug("getMaximumVersion: " + ProtocolVersion.DTLSv10);
                        return ProtocolVersion.DTLSv10;
                    }

                    protected ProtocolVersion getMinimumVersion() {
                        logger.debug("getMinimumVersion: " + ProtocolVersion.DTLSv10);
                        return ProtocolVersion.DTLSv10;
                    }

                    protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
                        logger.debug("getRSAEncryptionCredentials");
                        return new DefaultTlsEncryptionCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey());
                    }

                    @SuppressWarnings("rawtypes")
                    protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
                        SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
                        Vector sigAlgs = supportedSignatureAlgorithms;
                        if (sigAlgs != null) {
                            for (int i = 0; i < sigAlgs.size(); ++i) {
                                SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
                                if (sigAlg.getSignature() == SignatureAlgorithm.rsa) {
                                    signatureAndHashAlgorithm = sigAlg;
                                    break;
                                }
                            }

                            if (signatureAndHashAlgorithm == null) {
                                return null;
                            }
                        }

                        logger.debug("getRSASignerCredentials");
                        return new DefaultTlsSignerCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey(), signatureAndHashAlgorithm);
                    }

                    @SuppressWarnings("rawtypes")
                    public Hashtable getServerExtensions() throws IOException {
                        //see : http://bouncy-castle.1462172.n4.nabble.com/DTLS-SRTP-with-bouncycastle-1-49-td4656286.html
                        Hashtable table = super.getServerExtensions();
                        if (table == null) table = new Hashtable();
                        int[] protectionProfiles = {
                            // TODO : need to pick ONE that client offers
                            SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80  //this is the only one supported for now
                            // SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_32
                            // SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_32
                            // SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_80
                        };
                        byte mki[] = new byte[0];  //should match client or use nothing
                        UseSRTPData srtpData = new UseSRTPData(protectionProfiles, mki);
                        TlsSRTPUtils.addUseSRTPExtension(table, srtpData);

                        logger.debug("getServerExtensions: " + table.size());

                        return table;
                    }

                    public void notifyHandshakeComplete() throws IOException {
                        logger.debug("SRTPChannel:DTLS:Server:Handshake complete");
                        super.notifyHandshakeComplete();
                        getKeys();
                        remoteKey = tlsServer.getRemoteKey();
                        remoteSalt = tlsServer.getRemoteSalt();
                        localKey = tlsServer.getLocalKey();
                        localSalt = tlsServer.getLocalSalt();

                        logger.debug("keys got here server");
                        isHandshakeComplete = 1;
                        logger.debug("isHandshakeComplete: " + isHandshakeComplete);

                    }
                };

                try {
                    logger.debug("SRTPChannel: accept dtlsCLient by DTLS server");
                    logger.debug("DTLS before accept:socket state:Socket is closed ?"+socket.isClosed()+socket.isConnected());
                    dtlsServer.accept(tlsServer, new UDPTransport(socket, 1500 - 20 - 8));      
                    udp_started = true;
               } catch (Exception e) {
                  logger.fatal("Exception:  ",e);     
               }

使用bcprov-ext-jdkon-159.jar和bcprov-jdk15on-160b04.jar中的bouncycastle.crypto.tls库
注意:此系统已启动并正在运行,现在出现此问题,无法确定是什么触发了此问题。

hpcdzsge

hpcdzsge1#

问题是它使用的是dtlsv10,它已经从浏览器中删除了。
将dtlsv10升级到dtls12解决了套接字关闭问题,但在同一dtlsserverprotocol.accept函数中引入了内部错误,该错误是由bouncycastle库bcprov-ext-jdkon-159.jar的内部库错误引起的。
将库jar升级到bcprov-ext-jdk15on-1.61.jar解决了这个问题,现在服务器正在成功地与浏览器握手,以便使用webrtc进行voip呼叫。

相关问题