我正在尝试使用从两个文件(.p12和.p7b)加载的证书创建SSL连接。
我尝试了以下代码来加载.p12文件
char []passwKey = "1234567".toCharArray();
KeyStore ts = KeyStore.getInstance("PKCS12");
ts.load(new FileInputStream("/home/user/Desktop/file.p12"), passwKey);
KeyManagerFactory tmf = KeyManagerFactory.getInstance("SunX509");
tmf.init(ts,passwKey);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(tmf.getKeyManagers(), null, null);
SSLSocketFactory factory =sslContext.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(factory);
SSLSocket socket = (SSLSocket) factory.createSocket("www.host.com", 8883); // Create the ServerSocket
String[] suites = socket.getSupportedCipherSuites();
socket.setEnabledCipherSuites(suites);
socket.startHandshake();
但我收到例外:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到所请求目标的有效证书路径
我相信我必须从.p12和.p7b文件(包含整个CA链)创建一个.jks文件,但我是一个菜鸟,我不知道该怎么做。我发现的示例基于单个文件/证书。
更新:
我使用认证文件来创建一个密钥库(我相信我只需要.p12文件),但没有运气。所以我直接访问了该站点,并将证书导出为.pem并将其添加到密钥库中。在我的调试信息中,我现在收到“ServerHello”,但最后,我仍然得到
handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
我尝试了几种解决方案,例如。 Java client certificates over HTTPS/SSL 要么 Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Error 收到来自.p12文件的证书和从浏览器导出的证书,但没有一个工作...
更新2:
我试过这个:https://stackoverflow.com/a/11908693/1215791并设法获得ServerHelloDone(和Found Trusted Certificate ...)。
但是,我现在要做的是使用SOAP请求登录,我得到了这个:
com.sun.xml.internal.messaging.saaj.soap.MessageImpl identifyContentType
SEVERE: SAAJ0537: Invalid Content-Type. Could be an error message instead of a SOAP message
Exception in thread "main" com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:148)
at SoapT.login(SoapT.java:241)
at SoapT.main(SoapT.java:75)
我认为附加的证书不是问题,但是在为服务器创建soap请求或错误(html)时出错。
答案 0 :(得分:1)
非常容易使用SSL-Library。创建SSLClient并添加信任材料
网页示例:
Client Example:
SSLClient client = new SSLClient();
// Let's trust usual "cacerts" that come with Java. Plus, let's also trust a self-signed cert
// we know of. We have some additional certs to trust inside a java keystore file.
client.addTrustMaterial( TrustMaterial.DEFAULT );
client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) );
// To be different, let's allow for expired certificates (not recommended).
client.setCheckHostname( true ); // default setting is "true" for SSLClient
client.setCheckExpiry( false ); // default setting is "true" for SSLClient
client.setCheckCRL( true ); // default setting is "true" for SSLClient
// Let's load a client certificate (max: 1 per SSLClient instance).
client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) );
SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );