我正在尝试制作的应用程序需要通过向 TaxCore 服务器提供从智能卡获取的个人证书来请求 token 。
我已经从智能卡中导出了证书,并将其命名为 buisness.cer。
我还需要另外 2 个证书来建立 https 连接(Sandbox SUF Issuing CA 1.cer
和 Sandbox SUF RCA.cer
)。
官方文档说明了以下步骤:
我已经浪费了好几天的时间来尝试完成这项工作,并测试了我在互联网上可以找到的所有示例,但尽管我付出了努力,我最终还是得到了 401 响应。
{"Message":"Authorization has been denied for this request."}
目前我有这个(非工作):private static X509Certificate getCert(String f) {
InputStream is0;
try {
CertificateFactory cf0 = CertificateFactory.getInstance("X.509");
is0 = new FileInputStream(f);
var cer = (X509Certificate) cf0.generateCertificate(is0);
is0.close();
return cer;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
public final static void main(String[] args) throws Exception {
var buisnessCert = getCert("someplace/buisness.cer");
var issuingCaCert = getCert("someplace/issuingCa.cer");
var rcaCert = getCert("someplace/rca.cer");
var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
ks.setCertificateEntry("issuingCaCert", issuingCaCert);
ks.setCertificateEntry("rcaCert", rcaCert);
ks.setCertificateEntry("buisnessCert", buisnessCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://taxcoreservergoeshere/api/v3/sdc/token");
httpget.setHeader("Accept", "application/json");
httpget.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println(EntityUtils.toString(entity));
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
非常感谢任何帮助。
最佳答案
证书不应该离开智能卡。您需要使用 PKCS#11 提供程序来实例化您的 keystore 。这个答案可能是一个很好的起点:
Java Access Token PKCS11 Not found Provider
关于java - TaxCore - 使用智能卡证书请求 token ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/70700788/