我尝试在 Java 类上实现,该类将使用 p12 证书和“基本授权”连接到 https 服务器。您能否概述一下如何将这两者结合起来,包括安装 p12 证书?
更新。下面是我使用的类:
public static void main(String[] args) {
try {
KeyStore clientStore = KeyStore.getInstance("PKCS12");
clientStore.load(new FileInputStream("d:\\certs\\api\\xx.p12"), "W*53as_G".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, "W*53as_G".toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("c:\\jdk1.8.0_51\\jre\\lib\\security\\cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(kms, tms, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL url = new URL("https://apis2s.ee/test");
HttpsURLConnection urlConn = (HttpsURLConnection) url.openConnection();
urlConn.setRequestProperty("Authorization", "Basic " + Base64.encode("andrey:pass_1".getBytes()));
urlConn.setUseCaches(false);
urlConn.setAllowUserInteraction(true);
urlConn.setRequestProperty("Pragma", "no-cache");
urlConn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
urlConn.setRequestProperty("Content-length", Integer.toString("id=1288210&ip=127.0.0.1".length()));
StringBuilder builder = new StringBuilder();
builder.append(urlConn.getResponseCode())
.append(" ")
.append(urlConn.getResponseMessage())
.append("\n");
System.out.println(builder);
} catch (Exception e) {
e.printStackTrace();
}
}
}
结果是
SunCertPathBuilderException:无法找到请求目标的有效证书路径
并带有 SSL 调试
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
pool-2-thread-1, SEND TLSv1 ALERT: fatal, description = certificate_unknown
pool-2-thread-1, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
pool-2-thread-1, called closeSocket()
pool-2-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
我还安装了 p12 证书。命令 keytool -list -v -keystore c:\jdk1.8.0_51\jre\lib\security\cacerts 显示证书。信息:
Alias name: 1
Creation date: 28.02.2017
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=xx, O=APIs2s Sandbox Api
Issuer: CN=apis2s.ee
Serial number: 12
Valid from: Thu Feb 23 18:57:05 CST 2017 until: Fri Feb 23 18:57:05 CST 2018
Certificate fingerprints:
MD5: E0:E0:1E:8F:09:R3:82:6C:D9:A0:7C:FD:B3:D7:7B:76
SHA1: A0:8A:87:03:7A:14:CD:3A:C6:48:4B:98:8C:89:EK:EB:73:B7:BC:BD
SHA256: 31:1B:2E:98:66:8C:F3:53:6C:FA:4E:BC:48:67:C1:DE:02:4D:71:E8:46:CE:2B:7C:B1:9F:EA :86:69:D6:97:15 Signature algorithm name: MD5withRSA
Version: 1
Certificate[2]:
Owner: CN=apis2s.ee
Issuer: CN=apis2s.ee
Serial number: bc7428f41765c74e
Valid from: Fri Jun 24 14:52:01 CST 2016 until: Sat Jun 24 14:52:01 CST 2017
Certificate fingerprints:
MD5: 21:F3:46:A8:30:B2:1B:D6:0C:2D:E6:2F:4F:4F:8G:B SHA1: 1C:F0:FE:4E:94:70:5E:6E:2C:5D:E6:B1:24:77:2H:0F:72:DB:F6:01
SHA256: 51:14:82:5B:80:63:57:5B:B7:6B:CB:C9:EC:FB:C3:96:07:89:A0:4E:B5:51:B7:6D:34:08:CA :B4:B3:2F:E6
Signature algorithm name: SHA256withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 89 A1 81 25 17 41 EB E6 DD 7A B6 D2 23 2E 4B 40 ...%.A...z..#.K@
0010: 54 50 58 58 TXXX
]
]
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483646
]
#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 89 A2 81 25 17 41 EB E6 DD 7A B6 D2 23 2E 4B 40 ...%.A...z..#.K@
0010: 54 51 58 58 TXXX
]
]
*******************************************