我正在开发一个 Java 应用程序,尝试使用 Rest API 调用从 Cyberark Vault 检索密码。导入客户端证书后,我通过浏览器 ( Edge/Chrome )获取 API 调用的数据。我尝试将相同的证书添加到 java 信任库“ C:\jdk1.8.0_77\jre\lib\security\cacerts”但是在拨打电话时,我收到以下错误
403 - 禁止:访问被拒绝。您无权使用您提供的凭据查看此目录或页面。
在我导入客户端证书之前,我曾经在浏览器中遇到此错误。那么我现在缺少什么?是否需要设置任何属性/变量才能进行调用?我正在使用 Apache HttpClient。我在 Eclipse 中将信任库、密码作为 VM 参数传递。
KeyStore keyStore = null;
String baseUrl = "https://cyberarkservices:23456/api/Accounts?AppID=myapp&Safe=Test&Object=testobject";
try {
keyStore = KeyStore.getInstance("JKS");
} catch (KeyStoreException e) {
System.out.println(e.getStackTrace());
}
FileInputStream instream = null;
try {
instream = new FileInputStream(new File(System.getProperty("javax.net.ssl.trustStore")));
keyStore.load(instream, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray());
} catch (Exception e) {
System.out.println("Exception occured loading cacerts: " + e);
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext = null;
try {
sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray())
.build();
} catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
System.out.println("Exception occured loading SSL key material: " + e);
}
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslcontext,
new String[] { "TLSv1.1", "TLSv1.2" }, null,
NoopHostnameVerifier.INSTANCE);
builder.setSSLSocketFactory(sslConnectionFactory);
builder.setSSLSocketFactory(sslConnectionFactory);
CloseableHttpClient httpclient = builder.build();
CloseableHttpResponse response = null;
try {
HttpGet httpget = new HttpGet(baseUrl);
// CALL API
String reply = "";
response = httpclient.execute(httpget);
String res_xml = EntityUtils.toString(response.getEntity());
if(res_xml!=null && !res_xml.isEmpty())
{
reply = res_xml;
System.out.println(reply);
}