有个https的接口是https双向认证的,每次访问都需要携带证书,请问通过Http.get或者post如何携带ca.crt client.crt client.key证书来访问呢?
4 回复
public static String post(String url, Map<String, Object> params, int timeout, int connTimeout) {
return Sender.create(Request.create(url, Request.METHOD.POST, params, null)).setSSLSocketFactory(xx).setTimeout(timeout).setConnTimeout(connTimeout).s.send().getContent();
}
解决了,谢谢~
package test;
import org.nutz.http.Request;
import org.nutz.http.Response;
import org.nutz.http.Sender;
import org.nutz.repo.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStreamReader;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
public class SSLClient {
public static final String CA_PATH = "E:\\workspace\\python\\paddledetection\\test\\ca\\ca.crt";
public static final String CRT_PATH = "E:\\workspace\\python\\paddledetection\\test\\client\\client.crt";
//需要转换成pkcs8格式秘钥
//openssl pkcs8 -topk8 -inform PEM -in client.key -outform pem -nocrypt -out client_4j.key
public static final String KEY_PATH = "E:\\workspace\\python\\paddledetection\\test\\client\\client_4j.key";
public static final String PASSWORD = "123";
public static SSLSocketFactory getSSLSocktetBidirectional() throws Exception {
// CA certificate is used to authenticate server
CertificateFactory cAf = CertificateFactory.getInstance("X.509");
FileInputStream caIn = new FileInputStream(CA_PATH);
X509Certificate ca = (X509Certificate) cAf.generateCertificate(caIn);
KeyStore caKs = KeyStore.getInstance("JKS");
caKs.load(null, null);
caKs.setCertificateEntry("ca-certificate", ca);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX");
tmf.init(caKs);
// client key and certificates are sent to server so it can authenticate us
CertificateFactory cf = CertificateFactory.getInstance("X.509");
FileInputStream crtIn = new FileInputStream(CRT_PATH);
X509Certificate caCert = (X509Certificate) cf.generateCertificate(crtIn);
crtIn.close();
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null, null);
ks.setCertificateEntry("certificate", caCert);
ks.setKeyEntry("private-key", getPrivateKey(KEY_PATH), PASSWORD.toCharArray(), new Certificate[]{caCert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance("PKIX");
kmf.init(ks, PASSWORD.toCharArray());
// finally, create SSL socket factory
SSLContext context = SSLContext.getInstance("TLSv1");
context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom());
return context.getSocketFactory();
}
private static PrivateKey getPrivateKey(String path) throws Exception {
Base64 base64 = new Base64();
byte[] buffer = base64.decode(getKeyBase64(path));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
}
private static String getKeyBase64(String path) throws Exception {
FileInputStream fin = new FileInputStream(path);
BufferedReader br = new BufferedReader(new InputStreamReader(fin));
String readLine = null;
StringBuilder sb = new StringBuilder();
while ((readLine = br.readLine()) != null) {
if (readLine.charAt(0) == '-') {
continue;
} else {
sb.append(readLine);
sb.append('\r');
}
}
fin.close();
return sb.toString();
}
public static void main(String[] args) throws Exception {
Request req = Request.create("https://xx.xx.xx/", Request.METHOD.GET);
Response resp=Sender.create(req).setSSLSocketFactory(getSSLSocktetBidirectional()).send();
System.out.println(resp.getContent());
}
}
添加回复
请先登陆