我正在使用 HttpClient 从 Java 文件调用 Rest API。通过使用它,我可以调用 http API,但不能调用 https API。
我在调用 httpsapi 时遇到以下错误。
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:965)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379)
我想使用
CloseableHttpClient
调用 https API。
我有带有私钥的证书文件。 请告诉我如何使用这个私钥来调用API?
要使用
https
调用 API,您需要配置 SSLContext
并将其设置为您的 HttpClient
。请参阅下面的示例代码。这只是示例,您可以以不同的方式加载密钥库和信任库,例如从类路径、表单文件系统等..,进行相应的更改。
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
KeyStore identity = KeyStore.getInstance(KeyStore.getDefaultType());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(identity, "password".toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.3");
sslContext.init(
keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(),
null
);
HttpClient httpClient = HttpClients.custom()
.setSSLContext(sslContext)
.setSSLHostnameVerifier(new DefaultHostnameVerifier())
.build();