我无法通过HTTPS与私钥连接到远程服务器。我从此链接获得证书:https://drive.google.com/file/d/0B6Z9wNTXyUEebFo2bVdEbWVKQlU/view?usp=sharing 此证书的密码是Geslo123#
在Java中,我做了这个例子:
package com.test;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
public class KeystoreHTTPS {
public KeystoreHTTPS() throws FileNotFoundException {
try {
System.out.println("Begin");
URL url = new URL("https://blagajne-test.fu.gov.si:9002/v1/cash_registers");
String USER_AGENT = "Mozilla/5.0";
String keyStore = "c:/cert/10031685-1.p12";
String keyStorePassword = "Geslo123#";
String keyPassword = "Geslo123#";
String KeyStoreType = "PKCS12";
String KeyManagerAlgorithm = "SunX509";
String SSLVersion = "TLSv1";
HttpsURLConnection con = getHttpsURLConnection(url, keyStore, keyStorePassword, keyPassword, KeyStoreType, KeyManagerAlgorithm, SSLVersion);
//add reuqest header
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", USER_AGENT);
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
String urlParameters = "sn=C02G8416DRJM&cn=&locale=&caller=&num=12345";
// Send post request
con.setDoOutput(true);
DataOutputStream wr = new DataOutputStream(con.getOutputStream());
wr.writeBytes(urlParameters);
wr.flush();
wr.close();
int responseCode = con.getResponseCode();
System.out.println("\nSending 'POST' request to URL : " + url);
System.out.println("Post parameters : " + urlParameters);
System.out.println("Response Code : " + responseCode);
BufferedReader in = new BufferedReader(
new InputStreamReader(con.getInputStream()));
String inputLine;
StringBuffer response = new StringBuffer();
while ((inputLine = in.readLine()) != null) {
response.append(inputLine);
}
in.close();
//print result
System.out.println(response.toString());
} catch (Exception ex) {
Logger.getLogger(KeystoreHTTPS.class.getName()).log(Level.SEVERE, null, ex);
}
}
public static HttpsURLConnection getHttpsURLConnection(URL url, String keystore,
String keyStorePass, String keyPassword, String KeyStoreType, String KeyManagerAlgorithm, String SSLVersion)
throws NoSuchAlgorithmException, KeyStoreException,
CertificateException, FileNotFoundException, IOException,
UnrecoverableKeyException, KeyManagementException {
System.setProperty("javax.net.debug", "ssl,handshake,record");
SSLContext sslcontext = SSLContext.getInstance(SSLVersion);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerAlgorithm);
KeyStore ks = KeyStore.getInstance(KeyStoreType);
ks.load(new FileInputStream(keystore), keyStorePass.toCharArray());
kmf.init(ks, keyPassword.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks);
TrustManager[] tm = tmf.getTrustManagers();
sslcontext.init(kmf.getKeyManagers(), tm, null);
SSLSocketFactory sslSocketFactory = sslcontext.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) url.openConnection();
return httpsURLConnection;
}
public static void main(String[] args) throws FileNotFoundException {
KeystoreHTTPS a = new KeystoreHTTPS();
}
}
我得到了这种例外:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
我想要的是在没有java密钥库的情况下建立与指定URL的连接(直接使用文件中的证书)。
这可能吗? (我正在使用Java 1.6)
如果我在SOAP-UI中使用此证书,我可以毫无问题地建立与远程URL的连接......
谢谢你的帮助