RestTemplate中的CertificateParsingException - pem证书

时间:2017-09-19 07:12:54

标签: java spring certificate x509 resttemplate

我的pem证书有问题。我正在尝试使用证书授权从其他服务器调用服务。 

@Override
public void changeAnalitycsState(Device device) {

    SSLContext context = null;

    Security.addProvider(new BouncyCastleProvider());

    context = SSLContexts.custom()
            .loadTrustMaterial(null, new TrustSelfSignedStrategy())
            .useProtocol("TLS").build();

    byte[] certificate = getCertificate();

    byte[] certBytes = parseDERFromPEM(certificate,
            "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");

    X509Certificate cert = generateCertificateFromDER(certBytes);

    KeyStore keystore = KeyStore.getInstance("JKS");
    keystore.load(null);
    keystore.setCertificateEntry("cert-alias", cert);

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(keystore, "changeit".toCharArray());

    KeyManager[] km = kmf.getKeyManagers();

    context.init(km, null, null);

    @SuppressWarnings("deprecation")
    HttpClient httpClient =  HttpClientBuilder.create().setSslcontext(context)
            .setSSLSocketFactory(new SSLConnectionSocketFactory(context.getSocketFactory(), new AllowAllHostnameVerifier()))
            .build();

    ClientHttpRequestFactory httpClientRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);

    String plainCreds = "user:pass";
    byte[] plainCredsBytes = plainCreds.getBytes();
    byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
    String base64Creds = new String(base64CredsBytes);

    RestTemplate restTemplate = new RestTemplate(httpClientRequestFactory);

    HttpHeaders httpHeaders = new HttpHeaders();
    httpHeaders.add(HttpHeaders.AUTHORIZATION, "Basic " + base64Creds);
    httpHeaders.setContentType(MediaType.APPLICATION_JSON);

    HttpEntity<Device> entity = new HttpEntity<Device>(
            device, httpHeaders);
    restTemplate
            .exchange("https://xxx:8666/yyy/", HttpMethod.POST, entity, Void.class);

}

private byte[] parseDERFromPEM(byte[] pem, String beginDelimiter,
        String endDelimiter) {
    String data = new String(pem);
    String[] tokens = data.split(beginDelimiter);
    tokens = tokens[1].split(endDelimiter);
    return DatatypeConverter.parseBase64Binary(tokens[0]);
}

private X509Certificate generateCertificateFromDER(byte[] certBytes) {
    CertificateFactory factory;
    X509Certificate cert = null;
    factory = CertificateFactory.getInstance("X.509");
    cert = (X509Certificate) factory
    .generateCertificate(new ByteArrayInputStream(certBytes));

    return cert;
}

错误是:

org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://xxx":no more data allowed for version 1 certificate; nested exception is javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

Caused by: javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate

10:35:08,479 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)

10:35:08,480 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

10:35:08,480 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.Handshaker.processLoop(Unknown Source)

10:35:08,481 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.Handshaker.process_record(Unknown Source)

10:35:08,481 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

10:35:08,482 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

Caused by: java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.x509.X509CertInfo.parse(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.x509.X509CertInfo.<init>(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.x509.X509CertImpl.parse(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.x509.X509CertImpl.<init>(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)   at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)

10:35:08,489 INFO  [stdout] (http-0.0.0.0-0.0.0.0-8443-1)

我尝试过这个解决方案:RestTemplate with pem certificate,但它对我不起作用。方法 getCertificate()返回byte []中的证书(我有一个返回证书的服务。我知道,这是个坏主意,但这就是它的工作原理。)

这是我第一次接触证书。 我该如何解决?

1 个答案:

答案 0 :(得分:0)

尝试将此代码添加到方法的开头。如果是这样,请将代码移动到应用程序的开头:

java.lang.System.setProperty("javax.net.ssl.trustStore", "NONE");
相关问题
最新问题