我是java中的ssl新手,需要帮助,我的应用程序需要使用他们提供的证书和我的公钥来调用一个支付提供商的服务器。
我做过的事情:1.使用openssl创建私钥和公钥,并将公钥提供给服务提供商(服务器)2.从服务器接收证书文件(crt)3.使用keytool创建一个jks文件4.将证书文件添加到trust store5.将keystore文件导入我的spring boot应用程序。
我的代码。
final String password = "password";
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(ResourceUtils.getFile("/home/workspace/gop/javaclient.jks"), password.toCharArray())
.build();
CloseableHttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory
= new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(client);
RestTemplate restTemplate = new RestTemplate(requestFactory);
String url = "https://someurl.com/rndpoint"; // Web Service endpoint that requires SSL
ResponseEntity<String> response = restTemplate.exchange(url, HttpMethod.POST, HttpEntity.EMPTY, String.class);
ResponseEntity<String> response2 = restTemplate.exchange(url, HttpMethod.GET, HttpEntity.EMPTY, String.class);
System.out.println("Result = " + response.getBody());
return response.getBody() + response2.getBody();
我已经仔细检查过了,我肯定已经把证书导入了cacerts。
我的输出。
{
"timestamp": "2020-04-19T08:28:18.871+0000",
"status": 500,
"error": "Internal Server Error",
"message": "I/O error on POST request for \"https://nabiltest.compassplus.com:8444/Exec\":
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to
requested target",
"path": "/nabil-payment"
}
我终于设法解决了这个问题。这是我的代码片段。
private RestTemplate getRestTemplateClientAuthentication()
throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException,
KeyStoreException, KeyManagementException {
final String allPassword = "123456";
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = SSLContextBuilder
.create()
//if you use keystore
.loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"),
allPassword.toCharArray(), allPassword.toCharArray())
//if you want to use truststore instead
//.loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
HttpClient client = HttpClients.custom()
.setSSLContext(sslContext)
.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(client);
RestTemplate restTemplate = new RestTemplate(requestFactory);
return restTemplate;
}
现在只需使用这个函数调用你的端点
// url -> endpoint url
getRestTemplateClientAuthentication().exchange(url, HttpMethod.POST, HttpEntity.EMPTY, String.class);