0

我正在开发一个 Java 应用程序,尝试使用 Rest API 调用从 Cyber​​ark Vault 检索密码。导入客户端证书后,我通过浏览器 ( Edge/Chrome )获取 API 调用的数据。我尝试将相同的证书添加到 java 信任库“ C:\jdk1.8.0_77\jre\lib\security\cacerts”但是在拨打电话时,我收到以下错误

403 - 禁止:访问被拒绝。您无权使用您提供的凭据查看此目录或页面。

在我导入客户端证书之前,我曾经在浏览器中遇到此错误。那么我现在缺少什么?是否需要设置任何属性/变量才能进行调用?我正在使用 Apache HttpClient。我在 Eclipse 中将信任库、密码作为 VM 参数传递。

        KeyStore keyStore = null;
    String baseUrl = "https://cyberarkservices:23456/api/Accounts?AppID=myapp&Safe=Test&Object=testobject";
            try {
        keyStore = KeyStore.getInstance("JKS");
    } catch (KeyStoreException e) {
        System.out.println(e.getStackTrace());
                }

    FileInputStream instream = null;
    try {
        instream = new FileInputStream(new File(System.getProperty("javax.net.ssl.trustStore")));
        keyStore.load(instream, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray());
    } catch (Exception e) {
        System.out.println("Exception occured loading cacerts: " + e);
    } finally {
        instream.close();
    }

    // Trust own CA and all self-signed certs
    SSLContext sslcontext = null;
    try {
        sslcontext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray())
                .build();

    } catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
        System.out.println("Exception occured loading SSL key material: " + e);
    }

    HttpClientBuilder builder = HttpClientBuilder.create();
    SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslcontext,
            new String[] { "TLSv1.1", "TLSv1.2" }, null,
         NoopHostnameVerifier.INSTANCE);
            builder.setSSLSocketFactory(sslConnectionFactory);
    builder.setSSLSocketFactory(sslConnectionFactory);

    CloseableHttpClient httpclient = builder.build();
    CloseableHttpResponse response = null;

    try {
        
        HttpGet httpget = new HttpGet(baseUrl);
    
        // CALL API
        String reply = "";
        response = httpclient.execute(httpget);

        String res_xml = EntityUtils.toString(response.getEntity());
        if(res_xml!=null && !res_xml.isEmpty())
        {
             reply = res_xml;   
             System.out.println(reply);
            
        }
4

1 回答 1

0

我让它工作了。只需在进行 API 调用时直接从 java 读取/加载客户端证书(.p12),而无需将其导入信任库或密钥库文件。将证书位置/密码作为 VM 参数传递,它工作得很好。

于 2021-09-14T16:53:22.307 回答