我是SSL / TLS中的新手,但最近我试图从我的Java客户端向一些第三方服务器发送常规POST请求(以接收一些数据)。
我开始用cURL请求的简单方法,这很简单
以下要求:
curl -v -X POST --header "Content-Type: application/json"
--header "Accept: application/json"
-H "X-Client-Id: xxxx"
-H "X-Client-Secret: yyyy"
--cert ../my_certificate.crt:password
--key ../my_private_key.pem
-d "{
some data
}" "https://hostname/some_url"
它的工作完美,我得到了适当的回应。
在那之后,我会跟随十几个指南并将其与一些类似的解决方案相结合,这些解决方案在此提出但没有成功
首先,我使用Java jdk8,我的客户端是okhttp3,我有从远程服务器收到的caCertificate,签名证书和private_key。
我当前的init客户端版本:
try (InputStream storeStream = this.getClass().getClassLoader().getResourceAsStream("client.p12")) {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(storeStream, "password".toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, "password".toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, null, new SecureRandom());
SSLContext.setDefault(sslContext);
HostnameVerifier hostnameVerifier = createHostnameVerifier();
client = new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(),trustManager)
.hostnameVerifier(hostnameVerifier)
.build();
} catch (Exception e) {
}
由以下命令生成的client.p12文件:
openssl pkcs12 -export -in certificate.crt -inkey private_key.pem -out client.p12 -password pass:password -CAfile caCertificate.pem
和我的要求:
private String post(String url, String json) throws IOException {
RequestBody body = RequestBody.create(JSON_MEDIA_TYPE, json);
Builder builder = new Request.Builder();
builder.addHeader("X-Client-Id", "xxxx");
builder.addHeader("X-Client-Secret", "yyyy");
}
Request request = builder.url(url).post(body).build();
Response response = client.newCall(request).execute();
return response.body().string();
}
我收到以下例外:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:267)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 59 common frames omitted
知道我在这里做错了什么吗? 或者有任何建议如何将cURL请求反映给Java客户端? 非常感谢!