使用curl
我有一个端点说“foo.bar.com”
curl -k https://foo.bar.com/get --cert foo-keystore.pem:changeit
{"response":"Hello!"}
使用Javaclient
我想现在使用带有key& cert添加到信任存储区的java客户端来访问相同的端点(在我的情况下为/usr/lib/jvm/java-1.8/jre/security/cacert)但是我收到带有消息的HandshakeException“收到致命警报:handshake_failure“。
客户端
import java.io.File;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.FileRequestEntity;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.RequestEntity;
public class PostSOAP {
public static void main(String[] args) throws Exception {
if (args.length != 3) {
System.out.println("Usage: java -classpath <classpath> [-Dorg.apache.commons.logging.simplelog.defaultlog=<loglevel>] PostSOAP <url> <soapaction> <filename>]");
System.out.println("<classpath> - must contain the commons-httpclient.jar and commons-logging.jar");
System.out.println("<loglevel> - one of error, warn, info, debug, trace");
System.out.println("<url> - the URL to post the file to");
System.out.println("<soapaction> - the SOAP action header value");
System.out.println("<filename> - file to post to the URL");
System.out.println();
System.exit(1);
}
// Get target URL
String strURL = args[0];
// Get SOAP action
String strSoapAction = args[1];
// Get file to be posted
String strXMLFilename = args[2];
File input = new File(strXMLFilename);
// Prepare HTTP post
PostMethod post = new PostMethod(strURL);
// Request content will be retrieved directly
// from the input stream
RequestEntity entity = new FileRequestEntity(input, "text/xml; charset=ISO-8859-1");
post.setRequestEntity(entity);
// consult documentation for your web service
post.setRequestHeader("SOAPAction", strSoapAction);
// Get HTTP client
HttpClient httpclient = new HttpClient();
// Execute request
try {
int result = httpclient.executeMethod(post);
// Display status code
System.out.println("Response status code: " + result);
// Display response
System.out.println("Response body: ");
System.out.println(post.getResponseBodyAsString());
} finally {
// Release current connection to the connection pool once you are done
post.releaseConnection();
}
}
}
Env变量
-Djavax.net.debug=ssl
-Djavax.net.ssl.keyStoreType=pkcs12
-Djavax.net.ssl.keyStore=/root/foo-certificates.jks
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts
-Djavax.net.ssl.trustStorePassword=changeit
错误
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at com.proxt.PostSOAP.main(PostSOAP.java:72)
将客户端证书添加到cacert
keytool -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -importcert -alias <alias-name> -file client.cer