0

我正在尝试通过读取 PKCS12 文件来实现带有 SSL 的 java httpclient。

等效的 curl 命令是

curl -v --cacert ./keystore.pem -X POST -H "Content-Type: application/json" -d '{"username": "RAam"}' https://localhost:8080/listener

我已经通过使用将此 .pem 文件转换为 PKCS12 文件

openssl pkcs12 -export -out eneCert.pkcs12 -in keystore.pem

下面是我试图运行的代码。

public class HttpCilentExample {

    public static void main(String[] args) throws Exception {
        HttpCilentExample client = new HttpCilentExample();
        client.post();
    }


    public void post() throws IOException {
        String url = "https://localhost:8080/listener";
        CloseableHttpClient client = null;
        client = getHttpsClient();
        Gson gson = new Gson();
        HttpPost post = new HttpPost(url);
        try {
            pojoClass pojo1 = new pojoClass();
            pojo1.setUsername("Hello" + new Timestamp(new Date().getTime()));
            StringEntity postingString = new StringEntity(gson.toJson(pojo1));
            post.setEntity(postingString);
            post.setHeader("Content-type", "application/json");

            HttpResponse response = client.execute(post);
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            client.close();
        }
    }

    class pojoClass {
        private String username;

        public void setUsername(String username) {
            this.username = username;
        }
    }

    public CloseableHttpClient getHttpsClient() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {

         String password = "password123";
    String truststore_loc = "/home/raam/keys/eneCert.pkcs12";

    KeyStore keyStore = KeyStore.getInstance("PKCS12");
    FileInputStream instream = new FileInputStream(new File(truststore_loc));
    keyStore.load(instream, password.toCharArray());
    SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()).build();

    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);

    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();

    return httpclient;
    }

现在面临以下异常:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
    at org.apache.http.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:298)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:984)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)

关于如何解决上述问题的任何建议。

4

0 回答 0