我是 java 中的 ssl 新手,需要帮助。 我的应用程序需要使用支付提供商提供的证书和我的公钥来调用支付提供商服务器。
我做过的事情: 1.使用openssl创建私钥和公钥并将公钥提供给服务提供商(服务器) 2.从服务器收到证书文件(crt) 3.使用keytool创建jks文件 4.将证书文件添加到信任存储区 5.将 keystore 文件导入到我的Spring Boot应用程序中。
我的代码:
final String password = "password";
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(ResourceUtils.getFile("/home/workspace/gop/javaclient.jks"), password.toCharArray())
.build();
CloseableHttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory
= new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(client);
RestTemplate restTemplate = new RestTemplate(requestFactory);
String url = "https://someurl.com/rndpoint"; // Web Service endpoint that requires SSL
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, HttpEntity.EMPTY, String.class);
ResponseEntity<String> response2 = restTemplate.exchange(url, HttpMethod.GET, HttpEntity.EMPTY, String.class);
System.out.println("Result = " + response.getBody());
return response.getBody() + response2.getBody();
我已经仔细检查过,并且我肯定已将证书导入到 cacerts。
我的输出:
{
"timestamp": "2020-04-19T08:28:18.871+0000",
"status": 500,
"error": "Internal Server Error",
"message": "I/O error on POST request for \"https://nabiltest.compassplus.com:8444/Exec\":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target",
"path": "/nabil-payment"
}
最佳答案
我终于解决了这个问题。这是我的代码片段。
private RestTemplate getRestTemplateClientAuthentication()
throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException {
final String allPassword = "123456";
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = SSLContextBuilder
.create()
//if you use keystore
.loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"),
allPassword.toCharArray(), allPassword.toCharArray())
//if you want to use truststore instead
//.loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
HttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(client);
RestTemplate restTemplate = new RestTemplate(requestFactory);
return restTemplate;
}
现在只需使用此函数调用您的端点
// url -> endpoint url
getRestTemplateClientAuthentication().exchange(url, HttpMethod.POST, HttpEntity.EMPTY, String.class);
关于java - 如何在Spring Boot中使用客户端私钥和服务器提供的证书来调用服务器?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/61301532/