1、jar包
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.0</version>
</dependency>
2、证书
我的pem是通过jks生成的
jks生成key文件
keytool -importkeystore -srckeystore mfi-key.jks -destkeystore server.p12 -srcstoretype jks -deststoretype pkcs12
openssl pkcs12 -in server.p12 -nocerts -nodes -out server.key
3、逻辑代码
public class apple {
public static void main(String[] args) throws Exception {
// post body 参数
String param = "";
//证书路径
String pemPath = "";
//key文件路径
String keyPath = "";
SSLSocketFactory sslsf =getSocketFactoryPEM(pemPath, keyPath);
String body = HttpRequest.post("")
.setSSLSocketFactory(sslsf)
.body(param)
.execute().body();
System.out.println(body);
}
protected static SSLSocketFactory getSocketFactoryPEM(String pemPath, String keypath) throws Exception {
byte[] pem = fileToBytes(pemPath);
byte[] pemKey = fileToBytes(keypath);
byte[] certBytes = parseDERFromPEM(pem, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
byte[] keyBytes = parseDERFromPEM(pemKey, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
X509Certificate cert = generateCertificateFromDER(certBytes);
RSAPrivateKey key = generatePrivateKeyFromDER(keyBytes);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null);
keystore.setCertificateEntry(cert.getSubjectX500Principal().getName(), cert);
//生成证书的密码,修改为自己的
keystore.setKeyEntry("key-alias", key, "123456".toCharArray(), new Certificate[] {cert});
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, "123456".toCharArray());
KeyManager[] km = kmf.getKeyManagers();
//根据你的jdk版本决定是TLS、TLSv1.1、TLSv1.2
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(km, null, null);
SSLSocketFactory sslsf = context.getSocketFactory();
return sslsf;
}
public static byte[] parseDERFromPEM(byte[] pem, String beginDelimiter, String endDelimiter) {
String data = new String(pem);
String[] tokens = data.split(beginDelimiter);
tokens = tokens[1].split(endDelimiter);
return DatatypeConverter.parseBase64Binary(tokens[0]);
}
public static RSAPrivateKey generatePrivateKeyFromDER(byte[] keyBytes) throws InvalidKeySpecException, NoSuchAlgorithmException {
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory factory = KeyFactory.getInstance("RSA");
return (RSAPrivateKey)factory.generatePrivate(spec);
}
public static X509Certificate generateCertificateFromDER(byte[] certBytes) throws CertificateException {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return (X509Certificate)factory.generateCertificate(new ByteArrayInputStream(certBytes));
}
public static byte[] fileToBytes(String filePath) {
//传文件名字,自动获取根目录下
Resource resource = new ClassPathResource(filePath);
InputStream is = resource.getStream();
byte[] buffer = null;
//File file = new File(filePath);
//FileInputStream fis = null;
ByteArrayOutputStream bos = null;
try {
//fis = new FileInputStream(is);
bos = new ByteArrayOutputStream();
byte[] b = new byte[1024];
int n;
while ((n = is.read(b)) != -1) {
bos.write(b, 0, n);
}
buffer = bos.toByteArray();
} catch (FileNotFoundException ex) {
ex.printStackTrace();
} catch (IOException ex) {
ex.printStackTrace();
} finally {
try {
if (null != bos) {
bos.close();
}
} catch (IOException ex) {
} finally{
try {
if(null!=is){
is.close();
}
} catch (IOException ex) {
ex.printStackTrace();
}
}
}
return buffer;
}
}
如果出现401权限问题,有可能是你证书读取错误,或者body参数传的不对,或者更换httpClient版本