What is the reason for

支付中心Project重构完成，经过本地测试，并未发现问题。发布到测试环境后，测试发现请求光大扫码https接口时，出现了如下的异常：

javax.net.ssl.SSLException: Server key
	at sun.security.ssl.Handshaker.throwSSLException(Handshaker.java:1202) ~[na:1.7.0_65]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) ~[na:1.7.0_65]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_65]
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_65]
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) ~[na:1.7.0_65]
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312) ~[na:1.7.0_65]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339) ~[na:1.7.0_65]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323) ~[na:1.7.0_65]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.3.6.jar:4.3.6]
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106) ~[httpclient-4.3.6.jar:4.3.6]
	at com.emax.paycenter.common.util.PayCenterHttpClient.httpsPost(PayCenterHttpClient.java:87) ~[emax-paycenter-common-1.0.0-SNAPSHOT.jar:na]
	at com.emax.paycenter.thirdPlatform.swiftpass.service.impl.SwiftpassCommunicationUtil.communicate(SwiftpassCommunicationUtil.java:39)

Caused by: java.security.spec.InvalidKeySpecException: Unknown KeySpec type: java.security.spec.ECPublicKeySpec
	at org.bouncycastle.jce.provider.asymmetric.ec.KeyFactory.engineGeneratePublic(Unknown Source) ~[bcprov-jdk14-1.45.jar:1.45.0]
	at java.security.KeyFactory.generatePublic(KeyFactory.java:334) ~[na:1.7.0_65]
	at sun.security.ssl.HandshakeMessage$ECDH_ServerKeyExchange.(HandshakeMessage.java:1057) ~[na:1.7.0_65]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:218) ~[na:1.7.0_65]
	... 74 common frames omitted

这个问题曾困扰了一哥们好几天，做了一些尝试，奇迹却未如愿出现。加上工作任务多，哥们很有些烦恼。

领导说让我来协助一下。分析caused by的堆栈，可以看到问题出在bcprov-jdk14-1.45.jar包。

最终呢，我在stackoverflow.com里看到一个帖子，说的是bcprov的jar版本问题。后尝试从maven官方库将bcprov-jdk14-1.45.jar升级到bcprov-jdk16-1.46.jar。经过这几天的复测和不断测试，测试环境未出现以上bug。

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcmail-jdk16</artifactId>
            <version>${bcmail-jdk16.version}</version>
        </dependency>
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk16</artifactId>
            <version>${bcprov-jdk16.version}</version>
        </dependency>

 

总结：

1.问题虽然解决了，其实还是有一些疑问的，为什么之前用bcprov-jdk14-1.45.jar没有问题呢？ 也许是在这次Project重构时有些相关的jar的版本变更了， 或是在这段时间接新通道时引入了相关的jar，导致了bcprov-jdk14-1.45.jar的版本问题。

2.百度了一下bouncy castle。它是一种用于 Java 平台的开源的轻量级密码术包；它支持大量的密码术算法，并提供JCE 1.2.1的实现。同时大概接触了一下java.security.*。

3.nothing is difficult if you put your heart into it.

BTW，“bouncy castle”这名字取的真不错。castle是城堡，城堡给人安全。而bouncy是轻快的。bouncy castle意即充气城堡，看来用bouncycastle作为轻量级安全包的名字是再合适不过了。类似的，“zookeeper”这个名字取得也让人不折不扣地佩服，java平台的软件就像一个动物园，而它是动物园管理者，牛逼至极！

ref：stackoverflow What is the reason for - java.security.spec.InvalidKeySpecException: does not support java.security.spec.ECPublicKeySpec?