我正在尝试通过读取 PKCS12 文件来实现带有 SSL 的 java httpclient。
等效的 curl 命令是
curl -v --cacert ./keystore.pem -X POST -H "Content-Type: application/json" -d '{"username": "RAam"}' https://localhost:8080/listener
我已经通过使用将此 .pem 文件转换为 PKCS12 文件
openssl pkcs12 -export -out eneCert.pkcs12 -in keystore.pem
下面是我试图运行的代码。
public class HttpCilentExample {
public static void main(String[] args) throws Exception {
HttpCilentExample client = new HttpCilentExample();
client.post();
}
public void post() throws IOException {
String url = "https://localhost:8080/listener";
CloseableHttpClient client = null;
client = getHttpsClient();
Gson gson = new Gson();
HttpPost post = new HttpPost(url);
try {
pojoClass pojo1 = new pojoClass();
pojo1.setUsername("Hello" + new Timestamp(new Date().getTime()));
StringEntity postingString = new StringEntity(gson.toJson(pojo1));
post.setEntity(postingString);
post.setHeader("Content-type", "application/json");
HttpResponse response = client.execute(post);
} catch (IOException e) {
e.printStackTrace();
} finally {
client.close();
}
}
class pojoClass {
private String username;
public void setUsername(String username) {
this.username = username;
}
}
public CloseableHttpClient getHttpsClient() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
String password = "password123";
String truststore_loc = "/home/raam/keys/eneCert.pkcs12";
KeyStore keyStore = KeyStore.getInstance("PKCS12");
FileInputStream instream = new FileInputStream(new File(truststore_loc));
keyStore.load(instream, password.toCharArray());
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(keyStore, new TrustSelfSignedStrategy()).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
return httpclient;
}
现在面临以下异常:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
at org.apache.http.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:298)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:984)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
关于如何解决上述问题的任何建议。