我是 SSL/TLS 方面的新手,但最近我尝试从我的 Java 客户端向某些第三方服务器发送常规 POST 请求(以接收一些数据)。
我从 cURL 请求的简单方法开始,非常简单。
以下要求:
curl -v -X POST --header "Content-Type: application/json"
--header "Accept: application/json"
-H "X-Client-Id: xxxx"
-H "X-Client-Secret: yyyy"
--cert ../my_certificate.crt:password
--key ../my_private_key.pem
-d "{
some data
}" "https://hostname/some_url"
它运行完美,我收到了正确的回应。
之后,我遵循了几十个指南,并将其与此处提出的一些类似的解决方案结合起来,但没有成功。
首先,我使用 Java jdk8,我的客户端是 okhttp3,并且我有 caCertificate 、签名证书和从远程服务器收到的 private_key 。
我当前版本的初始化客户端:
try (InputStream storeStream = this.getClass().getClassLoader().getResourceAsStream("client.p12")) {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(storeStream, "password".toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, "password".toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(keyManagers, null, new SecureRandom());
SSLContext.setDefault(sslContext);
HostnameVerifier hostnameVerifier = createHostnameVerifier();
client = new OkHttpClient.Builder()
.sslSocketFactory(sslContext.getSocketFactory(),trustManager)
.hostnameVerifier(hostnameVerifier)
.build();
} catch (Exception e) {
}
通过以下命令生成的client.p12文件:
openssl pkcs12 -export -in certificate.crt -inkey private_key.pem -out client.p12 -password pass:password -CAfile caCertificate.pem以及我的要求:
private String post(String url, String json) throws IOException {
RequestBody body = RequestBody.create(JSON_MEDIA_TYPE, json);
Builder builder = new Request.Builder();
builder.addHeader("X-Client-Id", "xxxx");
builder.addHeader("X-Client-Secret", "yyyy");
}
Request request = builder.url(url).post(body).build();
Response response = client.newCall(request).execute();
return response.body().string();
}
我收到以下异常:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:267)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 59 common frames omitted
知道我在这里做错了什么吗? 或者有什么建议如何将 cURL 请求反映到 Java 客户端? 多谢!
我也是!解决了吗?兄弟