我正在尝试使用服务器的.cer证书文件建立https连接。我可以使用浏览器手动获取证书文件,并使用keytool将其放入密钥库。然后,我可以使用java代码访问密钥库,获取添加到密钥库的证书并连接到服务器。不过,我现在甚至想实现获取证书文件并使用java代码将其添加到密钥库的过程,而不需要使用keytool或browser来获取证书。有人能告诉我怎么做吗?我需要做什么?
0mkxixxg1#
编辑:这似乎正是你想要的。使用以下代码可以在运行时添加信任存储。
import java.io.InputStream; import java.security.KeyStore; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; public class SSLClasspathTrustStoreLoader { public static void setTrustStore(String trustStore, String password) throws Exception { TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("X509"); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream keystoreStream = SSLClasspathTrustStoreLoader.class.getResourceAsStream(trustStore); keystore.load(keystoreStream, password.toCharArray()); trustManagerFactory.init(keystore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustManagers, null); SSLContext.setDefault(sc); } }
我使用此代码与ActiveDirectory服务器建立了安全的ldap连接。这也可能是有用的,在底部有一个类,它能够在运行时导入证书。
ymdaylpp2#
为此,我编写了小型库ssl utils android。您只需从assets目录提供文件名即可加载任何证书。用法:
OkHttpClient client = new OkHttpClient(); SSLContext sslContext = SslUtils.getSslContextForCertificateFile(context, "BPClass2RootCA-sha2.cer"); client.setSslSocketFactory(sslContext.getSocketFactory());
qnzebej03#
就在后面https://docs.oracle.com/cd/e19509-01/820-3503/ggfgo/index.htmlhttps://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html
javac -cp .:/home/ec2-user/velu/*: QuickStart.java java -cp .:/home/ec2-user/velu/*: QuickStart [ec2-user@ip-10-30-0-66 velu]$ ls QuickStart.class commons-codec-1.2.jar input-payload.txt logback-core-1.1.3.jar QuickStart.java commons-httpclient-3.1.jar httpclient-4.5.jar jdk-8u101-linux-x64.rpm slf4j-api-1.7.12.jar certificates commons-logging-1.2.jar httpcore-4.4.1.jar logback-classic-1.1.3.jar import java.io.BufferedReader; import java.io.FileReader; import java.io.IOException; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpMethod; import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.methods.StringRequestEntity; import org.apache.commons.httpclient.params.HttpClientParams; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; public class QuickStart { public static void main(String[] args) throws Exception { System.setProperty("javax.net.ssl.keyStore", "/home/user/velu/certificates/myownOut.pkcs12"); System.setProperty("javax.net.ssl.keyStorePassword", "password"); System.setProperty("javax.net.ssl.trustStore", "/home/user/velu/certificates/myTrustStore"); System.setProperty("javax.net.ssl.trustStorePassword", "password"); System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "debug"); System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "debug"); CloseableHttpClient httpclient = HttpClients.createDefault(); HttpClientParams params = new HttpClientParams(); params.setConnectionManagerClass(MultiThreadedHttpConnectionManager.class); HttpClient client = new HttpClient(params); HttpMethod m = new PostMethod("https://velu.org:443/Services/com/Echo"); m.setRequestHeader("content-type", "application/xml"); //m.setRequestHeader("Accept", "application/xml"); // m.setRequestHeader("SOAPAction", "Echo"); try { ((PostMethod) m).setRequestEntity(new StringRequestEntity(getFileContent(), "application/xml", "UTF-8")); System.out.println("VELU EXCUTING"); client.executeMethod(m); if (m.getStatusCode() == 200) { System.out.println("VELU RECEIVED:" + m.getResponseBodyAsString()); } } catch (IOException e) { System.out.println(e.toString()); } finally { m.releaseConnection(); } } public static String getFileContent() { BufferedReader br = null; String fileContent = ""; try { br = new BufferedReader(new FileReader( "/home/user/velu/input-payload.txt")); // Note that this file format should be proper. String sCurrentLine = ""; while ((sCurrentLine = br.readLine()) != null) { fileContent += sCurrentLine; } System.out.println(fileContent); } catch (IOException e) { e.printStackTrace(); } finally { try { if (br != null) br.close(); } catch (IOException ex) { ex.printStackTrace(); } } return fileContent; }
3条答案
按热度按时间0mkxixxg1#
编辑:这似乎正是你想要的。
使用以下代码可以在运行时添加信任存储。
我使用此代码与ActiveDirectory服务器建立了安全的ldap连接。
这也可能是有用的,在底部有一个类,它能够在运行时导入证书。
ymdaylpp2#
为此,我编写了小型库ssl utils android。
您只需从assets目录提供文件名即可加载任何证书。
用法:
qnzebej03#
就在后面
https://docs.oracle.com/cd/e19509-01/820-3503/ggfgo/index.htmlhttps://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html