3
我能够做没有问题,下列curl命令:卷曲CACERT相当于在Java中的HttpClient
curl -s --cacert cert_ca.pem -X POST --data-urlencode name=abcde https://abcd.com/resource
你能帮我想出一些Java的实现一样吗?我看过类似的帖子,但他们谈论完整的SSL握手。在这里,我只是提出CA证书来使用指定的证书文件来验证对等体。
另一个问题,我的理解是正确的 - >在这里,我需要配置信任库与CA证书来验证对端,不一定是任何密钥库,因为我不代表我提交任何证书?
谢谢
我确实有CA证书的JKS文件以及
在尝试用下面的代码罗伯特的建议:
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(new File("test_ca.jks")
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
String openEndpoint = "URL";
HttpPost httpPost = new HttpPost(openEndpoint);
httpPost.setEntity(new UrlEncodedFormEntity(reqBodyParams));
CloseableHttpResponse httpResponse = (CloseableHttpResponse) httpClient.execute(httpPost);
我收到以下异常:
javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1769)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1130)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1216)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1128)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
我得到'javax.net.ssl.SSLException:收到致命警报:unexpected_message \t在sun.security.ssl.Alerts.getSSLException(Alerts.java :208) ' 加载信任材料时,我不指定密码唯一的区别。不知道这里有什么错误 – user3688037
不要把代码放在注释中 - 这是完全不可读的。改为编辑你的问题。 SO不是论坛! – Robert
我的歉意,我更新了我的变化和我看到的结果的问题。例外情况并非详细,它不会提供任何有用的信息。 正如你可以在我的curl命令中看到的,我只需指定CA证书并拨打电话即可使用。我应该可以用java来实现同样的功能。请让我知道如果我在这里有任何误解 – user3688037