CA认证,idea证书加载编码报错java.io.IOException: Invalid Keystore format
pom文件中添加忽略自动转码:
POM文件配置
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<delimiters>
<delimiter>@</delimiter>
</delimiters>
<useDefaultDelimiters>false</useDefaultDelimiters>
<!-- 过滤后缀为pem、pfx的证书文件 -->
<nonFilteredFileExtensions>
<nonFilteredFileExtension>p12</nonFilteredFileExtension>
<nonFilteredFileExtension>pem</nonFilteredFileExtension>
<nonFilteredFileExtension>pfx</nonFilteredFileExtension>
</nonFilteredFileExtensions>
</configuration>
</plugin>
CA认证过程(java)
private Logger logger = LoggerFactory.getLogger(HttpsUtil.class);
// 客户端证书路径,用了本地绝对路径,需要修改
private final static String CLIENT_CERT_FILE = "C:\\Users\\*.p12";
/**客户端证书路径*/
private static final ClassPathResource KEY_STORE_CLIENT_PATH = new ClassPathResource("certificate/*.p12");
/** keystore类型JKS*/
private static final String KEY_STORE_TYPE_JKS = "JKS";
/** keystore密码*/
private static final String KEYSTORE_PASSWORD = "******";
private CloseableHttpClient httpClient;
/**
* @throws Exception
*/
public HttpsUtil() throws Exception {
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_JKS);
KeyStore trustKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
System.out.println(KEY_STORE_CLIENT_PATH.getFile());
InputStream instream = KEY_STORE_CLIENT_PATH.getInputStream(); //new FileInputStream(CLIENT_CERT_FILE);
try {
//密钥库口令
keyStore.load(instream, KEYSTORE_PASSWORD.toCharArray());
} catch (CertificateException e) {
logger.error("加载客户端端可信任证书出错了", e);
} finally {
try {
if (instream != null) instream.close();
// instream.close();
} catch (Exception ignore) {
}
}
SSLContext sslcontext = SSLContexts.custom()
//忽略掉对服务器端证书的校验
.loadTrustMaterial(new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
})
.loadKeyMaterial(keyStore, KEYSTORE_PASSWORD.toCharArray())
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
sslcontext,
new String[]{"TLSv1.1"},
null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
this.httpClient = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.build();
}