我试图向需要证书的服务发出https发布请求。我已经获得了在SOAPUI和Postman中工作的相同请求。我还能够使用restTemplate在Spring Boot中获得其他非证书要求的POST请求。但是,当我尝试使用restTemplate进行证书POST请求时,我收到以下异常:
http-nio-8080-exec-5, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
2017-08-04 10:13:23.953 ERROR 54082 --- [nio-8080-exec-5] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on POST request for "htpps://...": Received fatal alert: bad_certificate; nested exception is javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate] with root cause
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
下面是SOAPUI生成的原始请求。:
POST https://... HTTP/1.1
Accept-Encoding: gzip,deflate
Content-Type: application/json
Content-Length: 0
Host: ...
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.1.1 (java 1.5)
这是相关的Spring Boot代码,它不起作用
// request info
logger.info("enter");
String endpoint = "https://...";
String certFileName = "src/main/resources/keystore.jks";
String pass = "tempPass";
String body = "{}";
// set up cert
logger.info("begin load cert");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(new File(certFileName)), pass.toCharArray());
SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).loadKeyMaterial(keyStore, pass.toCharArray()).build());
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
// set up request
logger.info("setup request");
RestTemplate restTemplate = new RestTemplate(requestFactory);
HttpHeaders headers = new HttpHeaders();
headers.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<String> entity = new HttpEntity<>(body);
// make request
logger.info("make request");
ResponseEntity<Object> res = restTemplate.postForEntity(endpoint, entity, Object.class);
// ResponseEntity<Object> res = restTemplate.exchange(endpoint, HttpMethod.POST, entity, Object.class);
// handle output
logger.info("received output");
if (res.getStatusCode().is2xxSuccessful())
return res.getBody().toString();
else
return res.getStatusCode().toString();
进一步详情:
我不确定这是否重要,但我也尝试了-Dtrust_all_cert=true标志,但结果相同。我也尝试了-Djavax.net.debug=all标志,但所有输出看起来都很成功。我可以包括调试,如果它会有所帮助,但它们很长。我没有特定于此证书-POST请求的其他配置设置。
我正在使用Java 1.8。
我应该添加,我的代码的证书部分,我从Spring Boot restTemplate POST request bad_certificate, but works in SOAPUI and Postman
上的答案复制答案 0 :(得分:2)
如果其他人遇到这种情况,
原因最终是我使用的密钥库包含多个证书。 SoapUI和Postman对此没有任何问题,但restTemplate(我认为是apache)只会尝试使用密钥库中的第一个证书。使用java密钥库工具从密钥库中删除无关证书解决了这个问题。