如何将带有密钥和证书的curl命令转换为java spring Boot 代码

rur96b6h  于 2022-11-13  发布在  Java
关注(0)|答案(1)|浏览(139)

我正在执行这个curl命令,它运行良好。

curl --tlsv1.2 -k -iv -X POST -H "Content-Type:text/xml" --key node-key.key --cert node.crt  --data-raw 'PAYLOAD' https://IP_ADDRESS:PORT/uri -u "test:test"

我用密钥和证书创建了一个p12文件:

openssl pkcs12 -export -in node.crt -inkey node-key.key -out node-store.p12

并通过以下命令从服务器获取自签名证书(然后将输出保存在node-self-sign.pem中):

openssl s_client -connect IP_ADDRESS:PORT 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

并使用以下命令为node-self-sign.pem生成jks:

keytool -keystore node-KeyStore.jks -alias selfsigncert -import -file node-self-sign.pem

并在以下spring Boot 代码中使用jks文件和p12文件:

@PostConstruct
public void initEcwConnection() {
    try {
        File cert = new File(ecwCertPath);
        SSLContext sslContext = SSLContextBuilder.create()
                .loadTrustMaterial(jks,pass.toCharArray())
                .loadKeyMaterial(p12, pass.toCharArray(),pass.toCharArray())
                .build();
        CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
        requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(client);
    } catch (Exception exp) {
        LOGGER.error(exp.getMessage(), exp);
    }
}

并按如下方式使用restTemplate

HttpHeaders headers = new HttpHeaders();
    File file = new File("paybundle.xml");
    FileInputStream fis = new FileInputStream(file);
    String payload = new String(fis.readAllBytes());
    HttpEntity<String> entity = new HttpEntity<String>(payload, headers);
    ResponseEntity<String> response = ecwTemplate.exchange("https://IP_ADDRESS:8010/vsl/preapproval",HttpMethod.POST, entity,String.class);
    System.out.println(response.getBody());

输出:

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP_ADDRESS> doesn't match any of the subject alternative names: []
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ~[spring-web-5.3.19.jar:5.3.19]
enter code here
kxe2p93d

kxe2p93d1#

您几乎已完成,只需使用以下命令检查证书文件中的CN

openssl x509 -noout -subject -in node-self-sign.pem

并使用CN连接到服务器

相关问题