我正在尝试了解如何配置Web客户端。我所拥有的是一个工作的curl,我无法通过(任何)Java HTTP客户端将其转换为有效的HTTPS请求。curl是:
curl -s --cert $CERTIFICATE --key $KEY https.url
其中,$CERTIFICATE是.crt
文件,包含:
----BEGIN CERTIFICATE----
....
----END CERTIFICATE-----
$KEY是一个.key
文件,包含:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
我想把这个curl转换成一个有效的JAVA请求。目前,我正在以这种方式配置Spring WebClient:
private WebClient getWebClient() throws SSLException {
SslContext sslContext = SslContextBuilder.forClient().keyManager(
Paths.get(properties.getCrtFile()).toFile(),
Paths.get(properties.getKeyFile()).toFile(),
properties.getCertKeyPassword()).build();
HttpClient httpClient = HttpClient.create().secure(t -> t.sslContext(sslContext));
return WebClient
.builder()
.clientConnector(new ReactorClientHttpConnector(httpClient)).build();
}
但是当我使用webclient发出请求时,它返回了一个错误:
exception: File does not contain valid private key:
知道哪里出错了吗?
2条答案
按热度按时间kmynzznz1#
我是这样解决问题的:
1.验证
.cert
和.key
文件是否有效:和
1.将我的
.cert
和.key
文件转换为Java可以理解的PCKS12
文件。(请记住,我的证书和密钥文件是PEM格式的,如问题中所解释的)。我使用了以下命令:此步骤将提示您输入密码。我们将在将证书读入密钥库时使用此密码。
1.通过阅读证书创建SSLContext:
1.使用此SSLContext构建Spring Web客户端:
现在,我们可以使用WebClient发出HTTP请求。
vjrehmav2#
From the details you provided, I understand that the
SslContextBuilder
can't understand your key type.Try to convert a non-encrypted key to PKCS8 using the following command.
Also, see the examples at https://netty.io/4.0/api/io/netty/handler/ssl/util/InsecureTrustManagerFactory.html that accepts without verification all X.509 certificates, including those that are self-signed.
Also discussed at https://groups.google.com/forum/#!topic/grpc-io/5uAK5c9rTHw