在我的Java应用程序中,我需要将POST请求发送到位于https后面的服务器.在运行Java应用程序的计算机上,在/usr/local/comp.jks中有一个Java信任存储,其中包含我需要与之交互的服务器(已经导入)的证书.
问题是我无法控制将如何运行将运行Java应用程序的JVM-例如通过增加:
-Djavax.net.ssl.trustStore = /usr/local/comp.jks到VM参数.
JVM启动后,是否可以在运行时从我的应用程序在上述路径中将信任库加载到上述路径中,以便我可以对https站点进行身份验证?
我只找到了有关如何在运行时导入证书的指南,但是我无法使用-也是因为我没有/usr/local/comp.jks的密码
下面是我目前的实现(常规):
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import java.util.Base64;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HttpsClientImpl extends AbstractHttpClient {
private String username = null;
private String password = null;
public HttpsClientImpl (String username, String password) {
this.username=username;
this.password=password;
}
@Override
public String sendRequest(String request, String method) {
System.setProperty( "javax.net.ssl.trustStore", "/usr/local/comp.jks" );
URL url = new URL(request);
HttpsURLConnection con = (HttpsURLConnection) url.openConnection()
// Set auth
byte[] name = (username + ":" + password).getBytes();
String authStr = Base64.getEncoder().encodeToString(name);
con.setRequestProperty("Authorization", "Basic " + authStr)
con.setRequestMethod(method);
writeResult(con);
return con.getResponseCode();
}
private void writeResult(HttpsURLConnection con) throws IOException {
if(con!=null){
BufferedReader br = null;
if (200 <= con.getResponseCode() && con.getResponseCode() <= 299) {
br = new BufferedReader(new InputStreamReader(con.getInputStream()));
} else {
br = new BufferedReader(new InputStreamReader(con.getErrorStream()));
}
try {
String input;
while ((input = br.readLine()) != null){
System.out.println(input);
}
br.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
当我运行时,我得到:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
最佳答案
假设您尚未实例化任何SSL连接,则只需调用
System.setProperty( "javax.net.ssl.trustStore", "/usr/local/comp.jks" );
您可能还需要设置javax.net.ssl.trustStorePassword,也可能需要设置javax.net.ssl.trustStoreType.
如果默认的SSL基础结构已经实例化,则可能必须使用密钥库创建自己的SSLContext和SSLSocketFactory.
Inm小程序商店
Inm小程序商店收录了最新,最热门的微信小程序和微信小游戏,是国内内容最丰富的集小程序游戏、小程序分发、小程序推广为一体的综合性小程序门户网站之一。
Vultr中文网
最低 $2.5/月 的VPS, 稳定, 可靠