我试图将以下curl调用转换为Java调用
curl --verbose --cert bobauth.crt --key bobauth.key https://test1.mobileticket.se/api/v1/auth/andreas
Curl调用按照我的预期工作,但是当我尝试在java中执行相同的调用时,我只收到错误消息。 然而,这就是我试图做到的,不知道这是否是最好的方法。
使用以下命令创建bobauth证书。这与卷曲调用中使用的bobauth相同。
openssl req -new -x509 -sha256 -days 1000 \
-newkey rsa:2048 -nodes -keyout bobauth.key \
-subj "/CN=anders@clonecorps.com" -out bobauth.crt
然后我使用以下代码创建一个java密钥库。
# Create PKCS12 keystore from private key and public certificate.
openssl pkcs12 -export -name myservercert -in bobauth.crt -inkey bobauth.key -out keystore.p12
# Convert PKCS12 keystore into a JKS keystore
keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
这是我放在一起的java代码,它不能完全运行。
try {
KeyStore keyStore = KeyStore.getInstance("JKS");
java.io.FileInputStream fis = null;
try {
fis = new java.io.FileInputStream("mykeystore.jks");
keyStore.load(fis, "password".toCharArray());
} finally {
if (fis != null) {
fis.close();
}
}
SSLContext sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, "password".toCharArray())
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient client = HttpClients.custom()
.setHostnameVerifier(SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
.setSSLSocketFactory(sslsf)
.build();
HttpGet httpGet = new HttpGet("https://test1.mobileticket.se/api/v1/auth/andreas");
CloseableHttpResponse response = client.execute(httpGet);
String responseString = new BasicResponseHandler().handleResponse(response);
//Close and return
client.close();
}
catch(IOException e){
log.info("IOException: " + e.getMessage());
}catch(Exception e){
log.info("Exception: " + e.getMessage());
}
当我运行此代码时,我收到以下错误消息
IOException:sun.security.validator.ValidatorException:PKIX路径 建筑失败: sun.security.provider.certpath.SunCertPathBuilderException:无法 找到所请求目标的有效证书路径
所以如果有人怎么能看到什么是错的,或者指出一个例子如何修复它将非常感激。
要访问API,我必须上传我创建的bobauth.crt。
这是我从运行命令得到的。 openssl s_client -connect test1.mobileticket.se/api/v1/auth/andreas:443 -showcerts
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = test1.mobileticket.se
verify return:1
---
Certificate chain
0 s:/CN=test1.mobileticket.se
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
-----BEGIN CERTIFICATE-----
xxxx
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=test1.mobileticket.se
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 3060 bytes and written 475 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: B08AD5731BAA93949683F40D6BD0189C346AF455D84985932E891768B63E94C1
Session-ID-ctx:
Master-Key: 7C3EBFA054F4B5C351D3F6579777BF479405529B67AC3590C76B630D39598C118D4439267B06333574C77320108A4CCB
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1501852200
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
closed