0

我有一个带有 JSON 有效负载的简单 http 服务,我想使用 Java 测试工具进行测试。最初,我使用 Basic Auth 设置了一个客户端,效果很好;服务器证书在 trustStore 中,我在代码中提供用户名/密码。我发送请求,我得到正确的响应。

public static void main(String[] args) {
    // TODO Auto-generated method stub

    String xxxURL = new String("https://www.xxx.yyy/zzz/AdminServlet?data=");
    String username = new String("username");
    String password = new String("password");
    String authString = new String (username+":"+password);

    String apiList = new String("{\"apiVersion\":\"1.4\",\"method\":\"api.list\",\"params\":{}}"); // Create JSON string. A bit ugly

    try
    {

        System.setProperty("javax.net.ssl.trustStore","C:\\workspace\\http_client_test\\security\\cacerts");



    String jsonStr = apiList;
        URL url = new URL(xxxURL + URLEncoder.encode(jsonStr, "UTF-8") );

        HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); // create connection object
        String encoded = Base64.encodeBase64String(authString.getBytes());
        httpConn.setRequestProperty("Authorization", "Basic "+encoded);

        httpConn.setRequestMethod("GET"); 
        httpConn.connect();          // open connection

        BufferedReader in = new BufferedReader(new InputStreamReader(httpConn.getInputStream()));
        String temp = null;
        StringBuilder sb = new StringBuilder();
        while((temp = in.readLine()) != null)
        {
            sb.append(temp).append(" ");
        }

        String result = sb.toString();
        System.out.println("result = " + result);

    }
    catch(Exception e)
    {
        e.printStackTrace();
    }


}

我想使用相互身份验证进行相同的测试。我已经在服务器和客户端上设置了密钥库和信任库,并在每个上都导入了必要的证书。

我的问题是我不知道如何告诉 HttpURLConnection 我想要相互证书身份验证。

我试过了:公共类Test3 {

public static void main(String[] args) {
    // TODO Auto-generated method stub

    String xxxURL = new String("https://www.xxx.yyy/zzz/AdminServlet?data=");

    String apiList = new String("{\"apiVersion\":\"1.4\",\"method\":\"api.list\",\"params\":{}}"); // Create JSON string. A bit ugly

    try
    {

        System.setProperty("javax.net.ssl.trustStore","C:\\workspace\\http_client_test\\security\\cacerts");
        System.setProperty("javax.net.ssl.trustStorePassword","changeit");
        System.setProperty("javax.net.ssl.keyStore","C:\\workspace\\http_client_test\\security\\keystore.jks");
        System.setProperty("javax.net.ssl.keyStorePassword","password");




        String jsonStr = apiList;
        URL url = new URL(netThingsURL + URLEncoder.encode(jsonStr, "UTF-8") );

        HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); // create connection object
        String encoded = Base64.encodeBase64String(authString.getBytes());
        httpConn.setRequestProperty("Authorization", "?????????");      //     ????????

        httpConn.setRequestMethod("GET"); 
        httpConn.connect();          // open connection

        BufferedReader in = new BufferedReader(new InputStreamReader(httpConn.getInputStream()));
        String temp = null;
        StringBuilder sb = new StringBuilder();
        while((temp = in.readLine()) != null)
        {
            sb.append(temp).append(" ");
        }

        String result = sb.toString();
        System.out.println("result = " + result);

    }
    catch(Exception e)
    {
        e.printStackTrace();
    }


}

}

我应该在这里: httpConn.setRequestProperty("Authorization", "?????????"); 我意识到我可能需要的不仅仅是这 1 行。我尝试了各种资源来找到合适的值,但还是一片空白。我尝试了各种直观的参数,但得到了“401”错误或 NoSuchAlgorithException。

非常感谢任何帮助、代码、资源链接。

4

1 回答 1

1

我的问题是我不知道如何告诉 HttpURLConnection 我想要相互证书身份验证。

你不能。您必须配置服务器以请求客户端证书。您在客户端所能做的就是指定客户端证书的位置。你不能强迫它被发送。只有服务器可以做到这一点。

于 2014-04-08T12:28:19.193 回答