具有 TLSv1.2 证书身份验证的 java okhttp 客户端

问题描述 投票:0回答:1

我是 SSL/TLS 方面的新手,但最近我尝试从我的 Java 客户端向某些第三方服务器发送常规 POST 请求(以接收一些数据)。
我从 cURL 请求的简单方法开始,非常简单。
以下要求:

curl -v -X POST --header "Content-Type: application/json" 
--header "Accept: application/json" 
-H "X-Client-Id: xxxx" 
-H "X-Client-Secret: yyyy" 
--cert  ../my_certificate.crt:password 
--key ../my_private_key.pem 
-d "{
some data
}" "https://hostname/some_url"

它运行完美,我收到了正确的回应。 之后,我遵循了几十个指南,并将其与此处提出的一些类似的解决方案结合起来,但没有成功。 首先,我使用 Java jdk8,我的客户端是 okhttp3,并且我有 caCertificate 、签名证书和从远程服务器收到的 private_key 。
我当前版本的初始化客户端:

try (InputStream storeStream = this.getClass().getClassLoader().getResourceAsStream("client.p12")) {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(storeStream, "password".toCharArray());
        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyFactory.init(keyStore, "password".toCharArray());
        KeyManager[] keyManagers = keyFactory.getKeyManagers();

        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
           TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
           throw new IllegalStateException("Unexpected default trust managers:"
             + Arrays.toString(trustManagers));
        }
        X509TrustManager trustManager = (X509TrustManager) trustManagers[0];

        SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(keyManagers, null, new SecureRandom());
        SSLContext.setDefault(sslContext);
        HostnameVerifier hostnameVerifier = createHostnameVerifier();
        client = new OkHttpClient.Builder()
                .sslSocketFactory(sslContext.getSocketFactory(),trustManager)
                .hostnameVerifier(hostnameVerifier)
                .build();
    } catch (Exception e) {
    }

通过以下命令生成的client.p12文件:

openssl pkcs12 -export -in certificate.crt -inkey private_key.pem -out client.p12 -password pass:password -CAfile caCertificate.pem

以及我的要求:

private String post(String url, String json) throws IOException {
    RequestBody body = RequestBody.create(JSON_MEDIA_TYPE, json);
    Builder builder = new Request.Builder();
    builder.addHeader("X-Client-Id", "xxxx");
    builder.addHeader("X-Client-Secret", "yyyy");
    }
    Request request = builder.url(url).post(body).build();
    Response response = client.newCall(request).execute();
    return response.body().string();
}

我收到以下异常:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:267)

Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 59 common frames omitted

知道我在这里做错了什么吗? 或者有什么建议如何将 cURL 请求反映到 Java 客户端? 多谢!

java curl openssl tls1.2 okhttp
1个回答
0
投票

我也是!解决了吗?兄弟

© www.soinside.com 2019 - 2024. All rights reserved.