抱歉,这个问题可能有点模糊。正在尝试建立到webrtc网关的webrtc连接。当使用accept或connect函数执行dtls握手时,它抛出socketexception。
错误如下:
java.net.SocketException: Socket is closed
at java.net.DatagramSocket.send(DatagramSocket.java:658)
at org.bouncycastle.crypto.tls.UDPTransport.send(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSRecordLayer.sendRecord(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSRecordLayer.send(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake$RecordLayerBuffer.sendToRecordLayer(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeHandshakeFragment(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.writeMessage(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.resendOutboundFlight(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSReliableHandshake.receiveMessage(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSServerProtocol.serverHandshake(Unknown Source)
at org.bouncycastle.crypto.tls.DTLSServerProtocol.accept(Unknown Source)
at callProcessor.DTLSManager.startDTLS(DTLSManager.java:421)
at callProcessor.DTLSManager.processSTUNResponse(DTLSManager.java:554)如果有其他线程正在关闭套接字但没有,则检查多次,如果套接字已关闭,则在传递套接字之前检查多次,得到false。(sotimeout为60000)
代码段:
tlsServer = new DefaultTlsServer2() {
public void notifyClientCertificate(org.bouncycastle.crypto.tls.Certificate clientCertificate) throws IOException {
org.bouncycastle.asn1.x509.Certificate[] chain = clientCertificate.getCertificateList();
logger.debug("notifyClientCertificate: " + chain[0].getSignature());
/*// JFLog.log("Received client certificate chain of length " + chain.length);
for (int i = 0; i != chain.length; i++) {
org.bouncycastle.asn1.x509.Certificate entry = chain[i];
// JFLog.log("fingerprint:SHA-256 " + KeyMgmt.fingerprintSHA256(entry.getEncoded()) + " (" + entry.getSubject() + ")");
// JFLog.log("cert length=" + entry.getEncoded().length);
}*/
}
protected ProtocolVersion getMaximumVersion() {
logger.debug("getMaximumVersion: " + ProtocolVersion.DTLSv10);
return ProtocolVersion.DTLSv10;
}
protected ProtocolVersion getMinimumVersion() {
logger.debug("getMinimumVersion: " + ProtocolVersion.DTLSv10);
return ProtocolVersion.DTLSv10;
}
protected TlsEncryptionCredentials getRSAEncryptionCredentials() throws IOException {
logger.debug("getRSAEncryptionCredentials");
return new DefaultTlsEncryptionCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey());
}
@SuppressWarnings("rawtypes")
protected TlsSignerCredentials getRSASignerCredentials() throws IOException {
SignatureAndHashAlgorithm signatureAndHashAlgorithm = null;
Vector sigAlgs = supportedSignatureAlgorithms;
if (sigAlgs != null) {
for (int i = 0; i < sigAlgs.size(); ++i) {
SignatureAndHashAlgorithm sigAlg = (SignatureAndHashAlgorithm) sigAlgs.elementAt(i);
if (sigAlg.getSignature() == SignatureAlgorithm.rsa) {
signatureAndHashAlgorithm = sigAlg;
break;
}
}
if (signatureAndHashAlgorithm == null) {
return null;
}
}
logger.debug("getRSASignerCredentials");
return new DefaultTlsSignerCredentials(context, dtlsInfo.getCertChain(), dtlsInfo.getPrivateKey(), signatureAndHashAlgorithm);
}
@SuppressWarnings("rawtypes")
public Hashtable getServerExtensions() throws IOException {
//see : http://bouncy-castle.1462172.n4.nabble.com/DTLS-SRTP-with-bouncycastle-1-49-td4656286.html
Hashtable table = super.getServerExtensions();
if (table == null) table = new Hashtable();
int[] protectionProfiles = {
// TODO : need to pick ONE that client offers
SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_80 //this is the only one supported for now
// SRTPProtectionProfile.SRTP_AES128_CM_HMAC_SHA1_32
// SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_32
// SRTPProtectionProfile.SRTP_NULL_HMAC_SHA1_80
};
byte mki[] = new byte[0]; //should match client or use nothing
UseSRTPData srtpData = new UseSRTPData(protectionProfiles, mki);
TlsSRTPUtils.addUseSRTPExtension(table, srtpData);
logger.debug("getServerExtensions: " + table.size());
return table;
}
public void notifyHandshakeComplete() throws IOException {
logger.debug("SRTPChannel:DTLS:Server:Handshake complete");
super.notifyHandshakeComplete();
getKeys();
remoteKey = tlsServer.getRemoteKey();
remoteSalt = tlsServer.getRemoteSalt();
localKey = tlsServer.getLocalKey();
localSalt = tlsServer.getLocalSalt();
logger.debug("keys got here server");
isHandshakeComplete = 1;
logger.debug("isHandshakeComplete: " + isHandshakeComplete);
}
};
try {
logger.debug("SRTPChannel: accept dtlsCLient by DTLS server");
logger.debug("DTLS before accept:socket state:Socket is closed ?"+socket.isClosed()+socket.isConnected());
dtlsServer.accept(tlsServer, new UDPTransport(socket, 1500 - 20 - 8));
udp_started = true;
} catch (Exception e) {
logger.fatal("Exception: ",e);
}使用bcprov-ext-jdkon-159.jar和bcprov-jdk15on-160b04.jar中的bouncycastle.crypto.tls库
注意:此系统已启动并正在运行,现在出现此问题,无法确定是什么触发了此问题。
1条答案
按热度按时间hpcdzsge1#
问题是它使用的是dtlsv10,它已经从浏览器中删除了。
将dtlsv10升级到dtls12解决了套接字关闭问题,但在同一dtlsserverprotocol.accept函数中引入了内部错误,该错误是由bouncycastle库bcprov-ext-jdkon-159.jar的内部库错误引起的。
将库jar升级到bcprov-ext-jdk15on-1.61.jar解决了这个问题,现在服务器正在成功地与浏览器握手,以便使用webrtc进行voip呼叫。