curl 如何为Http请求配置Web客户端

crcmnpdw  于 2022-11-13  发布在  其他
关注(0)|答案(2)|浏览(185)

我正在尝试了解如何配置Web客户端。我所拥有的是一个工作的curl,我无法通过(任何)Java HTTP客户端将其转换为有效的HTTPS请求。curl是:

curl -s --cert $CERTIFICATE --key $KEY https.url

其中,$CERTIFICATE是.crt文件,包含:

----BEGIN CERTIFICATE----
....
----END CERTIFICATE-----

$KEY是一个.key文件,包含:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

我想把这个curl转换成一个有效的JAVA请求。目前,我正在以这种方式配置Spring WebClient:

private WebClient getWebClient() throws SSLException {
  SslContext sslContext = SslContextBuilder.forClient().keyManager(
                Paths.get(properties.getCrtFile()).toFile(),
                Paths.get(properties.getKeyFile()).toFile(),
                properties.getCertKeyPassword()).build();

  HttpClient httpClient = HttpClient.create().secure(t -> t.sslContext(sslContext));

  return WebClient
                .builder()
                .clientConnector(new ReactorClientHttpConnector(httpClient)).build();

}

但是当我使用webclient发出请求时,它返回了一个错误:

exception: File does not contain valid private key:

知道哪里出错了吗?

kmynzznz

kmynzznz1#

我是这样解决问题的:
1.验证.cert.key文件是否有效:

openssl x509 -noout -modulus -in certFile.crt | openssl md5
#> (stdin)= 7f1a9c4d13aead7fd4a0f241a6ce8

openssl rsa -noout -modulus -in certKey.key | openssl md5
#> (stdin)= 7f1a9c4d13aead7fd4a0f241a6ce8

1.将我的.cert.key文件转换为Java可以理解的PCKS12文件。(请记住,我的证书和密钥文件是PEM格式的,如问题中所解释的)。我使用了以下命令:

openssl pkcs12 -export -in certFile.crt -inkey keyFile.key -out cert.p12

此步骤将提示您输入密码。我们将在将证书读入密钥库时使用此密码。
1.通过阅读证书创建SSLContext:

private SslContext getSSLContext() {
  try (FileInputStream keyStoreFileInputStream = new 
    FileInputStream("pathTop12CertificateFile")) {
      KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
      keyStore.load(keyStoreFileInputStream,"password".toCharArray());
      KeyManagerFactory keyManagerFactory = 
              KeyManagerFactory.getInstance("SunX509");
      keyManagerFactory.init(keyStore, "password".toCharArray());

      return SslContextBuilder.forClient()
              .keyManager(keyManagerFactory)
              .build();

  } catch (Exception e) {
      log.error("An error has occurred: ", e);
  }
  return null;
}

1.使用此SSLContext构建Spring Web客户端:

private WebClient getWebClient() {
    HttpClient httpClient = HttpClient.create().secure(sslSpec -> sslSpec.sslContext(getSSLContext()));
    ClientHttpConnector clientHttpConnector = new ReactorClientHttpConnector(httpClient);
    return WebClient
            .builder()
            .clientConnector(clientHttpConnector)
            .build();

}

现在,我们可以使用WebClient发出HTTP请求。

vjrehmav

vjrehmav2#

From the details you provided, I understand that the SslContextBuilder can't understand your key type.
Try to convert a non-encrypted key to PKCS8 using the following command.

openssl pkcs8 -topk8 -nocrypt -in pkcs1_key_file -out pkcs8_key.pem

Also, see the examples at https://netty.io/4.0/api/io/netty/handler/ssl/util/InsecureTrustManagerFactory.html that accepts without verification all X.509 certificates, including those that are self-signed.
Also discussed at https://groups.google.com/forum/#!topic/grpc-io/5uAK5c9rTHw

相关问题