NutzCN Logo
问答 请问Http.post如何提交证书?
发布于 12天前 作者 FreeFox 71 次浏览 复制 上一个帖子 下一个帖子
标签:

有个https的接口是https双向认证的,每次访问都需要携带证书,请问通过Http.get或者post如何携带ca.crt client.crt client.key证书来访问呢?

4 回复

Sender,允许设置SSLSocketFactory

    public static String post(String url, Map<String, Object> params, int timeout, int connTimeout) {
        return Sender.create(Request.create(url, Request.METHOD.POST, params, null)).setSSLSocketFactory(xx).setTimeout(timeout).setConnTimeout(connTimeout).s.send().getContent();
    }

解决了,谢谢~

package test;

import org.nutz.http.Request;
import org.nutz.http.Response;
import org.nutz.http.Sender;
import org.nutz.repo.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;

public class SSLClient {

    public static final String CA_PATH = "E:\\workspace\\python\\paddledetection\\test\\ca\\ca.crt";
    public static final String CRT_PATH = "E:\\workspace\\python\\paddledetection\\test\\client\\client.crt";
    //需要转换成pkcs8格式秘钥
    //openssl pkcs8 -topk8 -inform PEM -in client.key -outform pem -nocrypt -out client_4j.key
    public static final String KEY_PATH = "E:\\workspace\\python\\paddledetection\\test\\client\\client_4j.key";

    public static final String PASSWORD = "123";

    public static SSLSocketFactory getSSLSocktetBidirectional() throws Exception {
        // CA certificate is used to authenticate server
        CertificateFactory cAf = CertificateFactory.getInstance("X.509");
        FileInputStream caIn = new FileInputStream(CA_PATH);
        X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
        KeyStore caKs = KeyStore.getInstance("JKS");
        caKs.load(null, null);
        caKs.setCertificateEntry("ca-certificate", ca);
        TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
        tmf.init(caKs);

        // client key and certificates are sent to server so it can authenticate us
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        FileInputStream crtIn = new FileInputStream(CRT_PATH);
        X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn);
        crtIn.close();

        KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
        ks.load(null, null);
        ks.setCertificateEntry("certificate", caCert);
        ks.setKeyEntry("private-key", getPrivateKey(KEY_PATH), PASSWORD.toCharArray(), new Certificate[]{caCert});
        KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
        kmf.init(ks, PASSWORD.toCharArray());

        // finally, create SSL socket factory
        SSLContext context = SSLContext.getInstance("TLSv1");
        context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());

        return context.getSocketFactory();
    }

    private static PrivateKey getPrivateKey(String path) throws Exception {
        Base64 base64 = new Base64();
        byte[] buffer = base64.decode(getKeyBase64(path));

        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return keyFactory.generatePrivate(keySpec);

    }

    private static String getKeyBase64(String path) throws Exception {
        FileInputStream fin = new FileInputStream(path);
        BufferedReader br = new BufferedReader(new InputStreamReader(fin));
        String readLine = null;
        StringBuilder sb = new StringBuilder();
        while ((readLine = br.readLine()) != null) {
            if (readLine.charAt(0) == '-') {
                continue;
            } else {
                sb.append(readLine);
                sb.append('\r');
            }
        }
        fin.close();
        return sb.toString();
    }

    public static void main(String[] args) throws Exception {

        Request req = Request.create("https://xx.xx.xx/", Request.METHOD.GET);
        Response resp=Sender.create(req).setSSLSocketFactory(getSSLSocktetBidirectional()).send();
        System.out.println(resp.getContent());

    }
}

s.send() 拼错了 多了 s.

添加回复
请先登陆
回到顶部