apache httpclient:收到致命警报: bad_certificate
apache httpclient:收到致命警报: bad_certificate
提问于 2018-06-04 00:42:25
我正在使用自签名证书来支持客户端身份验证。我将服务器配置为仅在客户端包含client-keystore的情况下才接受连接。
这在soapUI工具中工作得很好。但是当我试图在我的代码中实现这一点时,它抛出了SSL错误,我非常确定我在微观层面遗漏了一些东西。我在SSL端没有可见性。任何建议或帮助都会对我有所帮助。
代码
package com;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
import org.junit.Test;
import javax.net.ssl.SSLContext;
import java.io.File;
import java.io.InputStream;
import java.security.KeyStore;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
public class MyClientCertTest {
private static final String KEYSTOREPATH = "/home/pasu/client-truststore.jks"; // or .p12
private static final String KEYSTOREPASS = "secret";
private static final String KEYPASS = "secret";
KeyStore readStore() throws Exception {
try (InputStream keyStoreStream = this.getClass().getResourceAsStream(KEYSTOREPATH)) {
KeyStore keyStore = KeyStore.getInstance("JKS"); // or "PKCS12"
keyStore.load(keyStoreStream, KEYSTOREPASS.toCharArray());
return keyStore;
}
}
public static void performClientRequest() throws Exception {
try {
org.apache.http.ssl.SSLContextBuilder builder = SSLContexts.custom();
//.loadKeyMaterial(readStore(), KEYPASS.toCharArray());
//builder.loadTrustMaterial(null, (chain, authType) -> true);
builder.loadTrustMaterial(new File(KEYSTOREPATH), KEYPASS.toCharArray(), (chain, authType) -> true);
SSLConnectionSocketFactory sslsf = new
SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);
/*SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(readStore(), KEYPASS.toCharArray()) // use null as second param if you don't have a separate key password
.build();*/
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpResponse response = httpClient.execute(new HttpPost("https://localhost:8443/publish/"));
assertEquals(200, response.getStatusLine().getStatusCode());
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
}catch(Exception e) {
e.printStackTrace();
}
}
}调试信息
adding as trusted cert:
Subject: CN=localhost, OU=CDN, O=Next Time Space, L=City, ST=State, C=US
Issuer: CN=localhost, OU=CDN, O=Next Time Space, L=City, ST=State, C=US
Algorithm: RSA; Serial number: 0x75894fb9
Valid from Sun Jun 03 11:28:56 CDT 2018 until Sat Sep 01 11:28:56 CDT 2018
trigger seeding of SecureRandom
done seeding SecureRandom
11:36:22.751 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
11:36:22.769 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
11:36:22.771 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://localhost:8443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
11:36:22.792 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://localhost:8443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
11:36:22.795 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://localhost:8443
11:36:22.799 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to localhost/127.0.0.1:8443
11:36:22.799 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to localhost/127.0.0.1:8443 with timeout 0
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
11:36:22.809 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
11:36:22.810 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
11:36:22.810 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1528043782 bytes = { 201, 221, 154, 64, 251, 188, 49, 50, 94, 97, 41, 74, 249, 82, 89, 82, 50, 116, 46, 63, 242, 158, 25, 242, 242, 177, 89, 204 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
main, WRITE: TLSv1.2 Handshake, length = 199
main, READ: TLSv1.2 Handshake, length = 1457
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1528043782 bytes = { 196, 222, 102, 241, 34, 60, 160, 243, 116, 141, 248, 68, 63, 140, 71, 214, 44, 156, 221, 65, 67, 71, 138, 20, 240, 201, 34, 149 }
Session ID: {91, 20, 25, 6, 92, 29, 169, 21, 77, 40, 228, 110, 233, 126, 5, 68, 89, 242, 126, 213, 77, 101, 168, 186, 160, 225, 110, 173, 32, 2, 226, 173}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=localhost, OU=CDN, O=Next Time Space, L=City, ST=State, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 21513698687508137025388999196541356972168504639653257899234638752220491580139697754094304568882600883116653898030703708695833968858890448445436773602063033284273917688038102700991283326099758819860496288358869995277118073235237048549587466739317653202050181344394882884336005397146275517500795611045892424102179980995969134451276706102140851542391737547232907463433299560966349514520878916627333020770036230530069102815476472579728727786025974673661017008360429513221482333183823490693798489858292685116318692675450549418075469698477207814374342639227293241391745069434436316625798338678315618848088755703162901980597
public exponent: 65537
Validity: [From: Sun Jun 03 11:28:56 CDT 2018,
To: Sat Sep 01 11:28:56 CDT 2018]
Issuer: CN=localhost, OU=CDN, O=Next Time Space, L=City, ST=State, C=US
SerialNumber: [ 75894fb9]
Certificate Extensions: 1
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BC D4 AB 47 04 B9 B1 8C 9A CD 9C 6B 93 66 42 39 ...G.......k.fB9
0010: 01 2E C7 55 ...U
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 2E 10 0C 90 EF ED 61 32 3D CA 5C A2 D4 C1 2E E6 ......a2=.\.....
0010: 2D 36 D8 8B 28 AB C6 22 0F F1 28 D7 CD 1A B6 A6 -6..(.."..(.....
0020: 4C 6A FA A1 2A 32 6F 61 DB 60 DE 71 CB 4C 6F BD Lj..*2oa.`.q.Lo.
0030: 2F B9 B1 1A 11 8F 45 E0 D6 D3 97 2B 80 16 B2 AE /.....E....+....
0040: 3C 3E 51 4D 9E F3 A4 5C 4E 5E B7 72 1F 1A 38 24 <>QM...\N^.r..8$
0050: 5D C6 93 59 A3 92 5B 9F 99 30 B8 98 A3 43 A2 B8 ]..Y..[..0...C..
0060: 1F 6E F8 72 FD A3 2D DB DD 03 C3 E7 F5 4D 0F D7 .n.r..-......M..
0070: A5 A6 14 7B B2 F8 5A BA 5D B2 0E FA 3F 8F 99 1E ......Z.]...?...
0080: ED D6 28 1C 57 79 B1 20 92 18 36 6D DC D1 5D 1A ..(.Wy. ..6m..].
0090: EC C0 7F A4 B0 2D 71 1A 21 C6 D2 6A 53 85 42 12 .....-q.!..jS.B.
00A0: 90 FD E9 84 8A 65 F3 9D 3B 7D AB D8 78 16 F6 1E .....e..;...x...
00B0: 14 BB DB 73 86 B7 AD 90 06 E3 28 68 9F 0E 0C 4E ...s......(h...N
00C0: 53 80 7D 33 50 86 47 E8 09 54 D5 4E 98 9C 65 B2 S..3P.G..T.N..e.
00D0: 8A F0 F2 02 2D F2 F8 30 D3 83 1B 2C 79 77 5A E5 ....-..0...,ywZ.
00E0: 1C F4 1D 1A 09 89 CD 0E 1B DE DA 03 E6 84 7E 23 ...............#
00F0: 15 F6 98 63 E3 E4 4C B9 88 10 8D A7 A6 25 21 E1 ...c..L......%!.
]
***
*** ECDH ServerKeyExchange
Signature Algorithm SHA512withRSA
Server key: Sun EC public key, 256 bits
public x coord: 70172521039422248909320195719533803837374541434423491941153258668318553652765
public y coord: 113130271971725885827866310055272414913641185740108701041895983651138628140605
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Cert Authorities:
<CN=local, OU=CDN, O=Next Time Space, L=City, ST=State, C=US>
*** ServerHelloDone
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
ECDH Public value: { 4, 222, 204, 248, 55, 53, 216, 226, 189, 242, 50, 7, 23, 62, 68, 167, 44, 92, 95, 163, 11, 57, 53, 226, 4, 10, 212, 157, 57, 6, 96, 127, 254, 220, 31, 81, 230, 66, 48, 12, 66, 243, 163, 83, 207, 82, 137, 28, 63, 145, 172, 144, 31, 225, 48, 65, 176, 187, 57, 139, 139, 46, 68, 169, 119 }
main, WRITE: TLSv1.2 Handshake, length = 77
SESSION KEYGEN:
PreMaster Secret:
0000: 34 BE AC 97 14 32 4F 04 6C A8 21 A6 24 F0 6F 43 4....2O.l.!.$.oC
0010: D5 FB 4B AF DD 85 95 44 42 79 24 B1 40 D2 65 89 ..K....DBy$.@.e.
CONNECTION KEYGEN:
Client Nonce:
0000: 5B 14 19 06 C9 DD 9A 40 FB BC 31 32 5E 61 29 4A [......@..12^a)J
0010: F9 52 59 52 32 74 2E 3F F2 9E 19 F2 F2 B1 59 CC .RYR2t.?......Y.
Server Nonce:
0000: 5B 14 19 06 C4 DE 66 F1 22 3C A0 F3 74 8D F8 44 [.....f."<..t..D
0010: 3F 8C 47 D6 2C 9C DD 41 43 47 8A 14 F0 C9 22 95 ?.G.,..ACG....".
Master Secret:
0000: 17 A5 34 3F 3D 6A B0 43 FD D7 0A C1 BF 10 EE 14 ..4?=j.C........
0010: 34 04 3F 53 8A 44 25 43 4D 2A 98 1C 40 EA 5C A9 4.?S.D%CM*..@.\.
0020: 87 7B C4 82 86 25 7E D5 34 BF 74 39 FD 41 11 02 .....%..4.t9.A..
Client MAC write Secret:
0000: 4B 13 3B 1B B0 2B 8C 6E 66 31 AC 4A 01 72 D9 59 K.;..+.nf1.J.r.Y
0010: EF 38 D7 B9 E7 1C DB 84 C2 C4 A0 1B B3 F4 F8 F3 .8..............
0020: 6A CF 37 2A 15 B9 A7 3E 50 FB 72 EC 2F CA FA BD j.7*...>P.r./...
Server MAC write Secret:
0000: 79 BB 95 F5 0C 23 A6 91 A7 54 FC AC 64 EA 41 41 y....#...T..d.AA
0010: 79 3B 22 E8 09 A1 59 5C 0A 5D 20 5D 21 EC 54 B4 y;"...Y\.] ]!.T.
0020: 16 98 DF 16 DE 06 20 FC D4 57 FE E3 F7 E7 40 75 ...... ..W....@u
Client write key:
0000: CF EA 2E 13 1F 0C F1 18 51 0D 7D F2 1B BA 3F 59 ........Q.....?Y
0010: AD 54 78 24 98 74 20 2E 1B 9B 26 0F A6 53 DC FC .Tx$.t ...&..S..
Server write key:
0000: F3 52 86 B8 86 A3 0D ED F5 25 F1 FD AF 62 91 80 .R.......%...b..
0010: 44 E3 09 99 36 4C 39 D2 EF 93 00 2D B8 51 4B A3 D...6L9....-.QK.
... no IV derived for this protocol
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data: { 193, 22, 27, 106, 183, 71, 24, 242, 153, 181, 33, 133 }
***
main, WRITE: TLSv1.2 Handshake, length = 96
main, waiting for close_notify or alert: state 1
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, bad_certificate
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
main, called closeSocket()
main, Exception while waiting for close javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
11:36:22.921 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection
11:36:22.921 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded
11:36:22.921 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://localhost:8443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2038)回答 1
Stack Overflow用户
发布于 2018-06-05 08:47:11
在喝了两天的咖啡因之后,我找到了解决办法。我需要加载keymetrial和trust metrial,并且需要加载带有别名的keymetrial。以下是可行的解决方案
package com.nexttimespace.analligence.eukarya.rille;
import static org.junit.Assert.assertEquals;
import java.io.File;
import java.net.Socket;
import java.net.URI;
import java.util.Map;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.PrivateKeyDetails;
import org.apache.http.ssl.PrivateKeyStrategy;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
import org.junit.Test;
public class MyClientCertTest {
private static final String KEYSTOREPATH = "/home/pasu/ntscerts/client-keystore.jks"; // or .p12
private static final String KEYSTOREPASS = "secret";
private static final String KEYPASS = "secret";
@Test
public void performClientRequest() throws Exception {
try {
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(new URI("file:" + KEYSTOREPATH).toURL(), KEYPASS.toCharArray(), KEYPASS.toCharArray(), new PrivateKeyStrategy() {
@Override
public String chooseAlias(Map<String, PrivateKeyDetails> aliases, Socket socket) {
return "client";
}
})
.loadTrustMaterial(new File(KEYSTOREPATH), KEYPASS.toCharArray(), (chain, authType) -> true)
.build();
SSLConnectionSocketFactory sslsf = new
SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpResponse response = httpClient.execute(new HttpPost("https://localhost:8443/publish/cdn1"));
assertEquals(200, response.getStatusLine().getStatusCode());
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getAllHeaders());
EntityUtils.consume(entity);
}catch(Exception e) {
e.printStackTrace();
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/50668666
复制相关文章
相似问题