我有一个证书文件及其密钥。 使用这两个我能够使用postman成功调用给定的服务api。
现在我正在尝试编写一个应该使用这两个并调用API的客户端。在编写java代码之前,使用openssl使用现有的cert文件及其相应的密钥创建了一个pfx文件。经过一些示例之后over internet / stackoverflow:
private static String trustStorePath = "/Library/Java/JavaVirtualMachines/jdk1.8.0_144.jdk/Contents/Home/jre/lib/security/cacerts";
private static final String trustStorePassword = "changeit";
private static final String keyStoreFile = "/pathTocert/mycert.pfx";
private static final String keyStorePassword = "changeit";
public static SSLSocketFactory enableSSL() {
SSLContext context = null;
InputStream keyInput = null, truststream = null, certInput = null;
KeyStore trustks;
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyInput = new FileInputStream(new File(keyStoreFile));
keyStore.load(keyInput, keyStorePassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
trustks = KeyStore.getInstance("JKS");
File trustcert = new File(trustStorePath);
truststream = new FileInputStream(trustcert);
trustks.load(truststream, trustStorePassword.toCharArray());
truststream.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(trustks);
context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return context.getSocketFactory();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return null;
}
在我的main方法中执行后,我正在设置SSLSocketFactory并进行https调用:
URL myUrl = new URL(httpsURL);
SSLSocketFactory sslSocketFactory = enableSSL();
HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
conn.setSSLSocketFactory(sslSocketFactory);
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String inputLine;
while ((inputLine = br.readLine()) != null) {
System.out.println(inputLine);
}
br.close();
我是Java安全库的新手,我坚持使用
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:没有可信证书 结果
我已经尝试了一些步骤,例如在JDK的cacerts中安装pfx或更改URL上给出的代码
How to connect to a secure website using SSL in Java with a pkcs12 file?
但是到目前为止我还没有任何工作。我将非常感谢您的帮助。如果需要更多信息,请写评论。