使用 Apache HttpClient 发送带有 SSL 身份验证的 HTTP 请求

Question

I am a newbie to the subject of SSL authontication and Httpclient requests in Java.我是 Java 中 SSL 身份验证和 Httpclient 请求主题的新手。 And I need to perform a secured connection to service provider to be able to fetch some data from service provider api.而且我需要执行到服务提供者的安全连接才能从服务提供者 api 获取一些数据。

Where I am now:我现在在哪里：

I have made a .jks keystore containing private key and csr request which I have sent to remote service provider.我制作了一个包含私钥和 csr 请求的 .jks 密钥库，我已将其发送给远程服务提供商。 I have got a signed .cer certificate.我有一个签名的 .cer 证书。 So far I have tested it in my Postman by exporting private key to a pem file and setting up a client certificate via CRT+KEY+Keypassword in Postman settings.到目前为止，我已经通过将私钥导出到 pem 文件并通过 Postman 设置中的 CRT+KEY+Keypassword 设置客户端证书在我的 Postman 中对其进行了测试。 The requests are running just fine.请求运行得很好。 Now, I have to implement this issue using Java and I have already used Apache fluent-hc to send unauthenticated POST requests before.现在，我必须使用 Java 来实现这个问题，而且我之前已经使用 Apache fluent-hc 发送未经身份验证的 POST 请求。 What actions should I take to implement a client certificate secured HTTP request?我应该采取什么措施来实现客户端证书保护的 HTTP 请求？

Upd.更新。 So far I have googled next steps:到目前为止，我已经用谷歌搜索了下一步：

I imported my .CER signed cert into existing jks keystore with PrivateKey:我使用 PrivateKey 将我的 .CER 签名证书导入到现有的 jks 密钥库中：

keytool -importcert -file ./signed.cer -keystore trusted.jks -alias mykey

When listing keystore, I get two entries: PrivateKeyEntry and trustedCertEntry列出密钥库时，我得到两个条目：PrivateKeyEntry 和trustedCertEntry

Then I load my keystore from resource:然后我从资源加载我的密钥库：

    public KeyStore loadKeyStore() throws Exception {
    KeyStore keystore = KeyStore.getInstance("JKS");
    try (InputStream is =  new ClassPathResource(authProperties.getKeyStore()
    + ".jks").getInputStream()) {
    keystore.load(is, authProperties.getKeyPass().toCharArray());
    }

    return keystore;
    }

Loading seems to be fine, I test it and get both private key and certificate.加载似乎没问题，我对其进行了测试并获得了私钥和证书。 But not the certificate chain, not sure if I need it here.但不是证书链，不确定我是否需要它。

Then I create a SSLContext and load both TrustMaterial and KeyMaterial from the same keystore:然后我创建一个 SSLContext 并从同一个密钥库加载 TrustMaterial 和 KeyMaterial：

    public SSLContext loadSSLContext() throws Exception {
    return new SSLContextBuilder()
    .loadTrustMaterial(loadKeyStore(), (x509Certificates, s) -> true)
    .loadKeyMaterial(loadKeyStore(), authProperties.getKeyPass().toCharArray())
    .build();
    }

Then, I create a SSLConnectionSocketFactory:然后，我创建一个 SSLConnectionSocketFactory：

    SSLContext context = loadSSLContext();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(context,
    new NoopHostnameVerifier());

I create a CloseableHttpClient using SSLConnectionSocketFactory:我使用 SSLConnectionSocketFactory 创建了一个 CloseableHttpClient：

    CloseableHttpClient httpclient = HttpClients.custom()
    .setSSLSocketFactory(sslsf)
    .build();

And perform a GET request:并执行 GET 请求：

    HttpGet request = new HttpGet("/private/openapi");
    HttpResponse httpresponse = httpclient.execute(request);

When running this, I got运行这个时，我得到了

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure javax.net.ssl.SSLHandshakeException：收到致命警报：handshake_failure

What could possibly be a cause?什么可能是原因？ I have googled this issue, but it seems that it is mainly corresponds to protocol and cipher suite mismatch.我在谷歌上搜索了这个问题，但似乎主要对应于协议和密码套件不匹配。 I am not sure, if it is my case or not.我不确定，如果这是我的情况。 Please help, any ideas or links would be highly appriciated!请帮忙，任何想法或链接都会非常受欢迎！ Here is the stacktrace and debug output(please, ignore strange ip adresses):这是堆栈跟踪和调试输出（请忽略奇怪的 IP 地址）：

16:46:08.727 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> CONNECT api.serviceprovider.com:443 HTTP/1.1 16:46:08.727 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: api.serviceprovider.com:443 16:46:08.727 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232) 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "CONNECT api.serviceprovider.com:443 HTTP/1.1[\\r][\\n]" 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.serviceprovider.com:443[\\r][\\n]" 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232)[\\r][\\n]" 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\\r][\\n]" 16:46:08.878 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 Connection established[\\r][\\n]" 16:46:08.879 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\\r][\\n]" 16:46:08.880 [mai 16:46:08.727 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> CONNECT api.serviceprovider.com:443 HTTP/1.1 16:46:08.727 [main] DEBUG org.apache.http。标头 - http-outgoing-0 >> 主机：api.serviceprovider.com:443 16:46:08.727 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 用户代理：Apache-HttpClient/ 4.5.3 (Java/1.8.0_232) 16:46:08.727 [main] 调试 org.apache.http.wire - http-outgoing-0 >> "CONNECT api.serviceprovider.com:443 HTTP/1.1[\\r] [\\n]" 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.serviceprovider.com:443[\\r][\\n]" 16: 46:08.727 [main] 调试 org.apache.http.wire - http-outgoing-0 >>“用户代理：Apache-HttpClient/4.5.3 (Java/1.8.0_232)[\\r][\\n]” 16:46:08.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\\r][\\n]" 16:46:08.878 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 连接建立[\\r][\\n]" 16:46:08.879 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[ \\r][\\n]" 16:46:08.880 [麦n] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 Connection established 16:46:08.881 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Tunnel to target created. n] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 建立连接 16:46:08.881 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - 目标隧道已创建。 16:46:08.906 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2] 16:46:08.906 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 16:46:08.906 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 启用协议：[TLSv1, TLSv1.1, TLSv1.2] 16:46:08.906 [main] DEBUG org.apache.http。 conn.ssl.SSLConnectionSocketFactory - 启用的密码套件：[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384，TLS_RSA_WITH_AES_256_CBC_SHA256，TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384，TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384，TLS_DHE_RSA_WITH_AES_256_CBC_SHA256，TLS_DHE_DSS_WITH_AES_256_CBC_SHA256，TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA，TLS_RSA_WITH_AES_256_CBC_SHA，TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA，TLS_ECDH_RSA_WITH_AES_256_CBC_SHA，TLS_DHE_RSA_WITH_AES_256_CBC_SHA，TLS_DHE_DSS_WITH_AES_256_CBC_SHA，TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256，TLS_RSA_WITH_AES_128_CBC_SHA256，TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256，TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256，TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 , TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 , TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 16:46:08.906 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure ses ，TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA，TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA，TLS_RSA_WITH_AES_128_CBC_SHA，TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA，TLS_ECDH_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_RSA_WITH_AES_128_CBC_SHA，TLS_DHE_DSS_WITH_AES_128_CBC_SHA，TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384，TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256，TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384，TLS_RSA_WITH_AES_256_GCM_SHA384，TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384，TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384，TLS_DHE_RSA_WITH_AES_256_GCM_SHA384，TLS_DHE_DSS_WITH_AES_256_GCM_SHA384，TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256，TLS_RSA_WITH_AES_128_GCM_SHA256，TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256，TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256，TLS_DHE_RSA_WITH_AES_128_GCM_SHA256，TLS_DHE_DSS_WITH_AES_128_GCM_SHA256，TLS_EMPTY_RENEGOTIATION_INFO_SCSV] 16：46：08.906 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 开始握手 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure ses sion established 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - negotiated protocol: TLSv1.2 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 16:46:08.998 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - peer principal: CN=api.serviceprovider.com, OU=IT Department, O=ServiceProv, L=Moscow, C=RU 16:46:08.998 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - peer alternative names: [api.serviceprovider.com, developer.serviceprovider.com] 16:46:08.999 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - issuer principal: CN=Thawte TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US 16:46:08.999 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request GET /private/openapi HTTP/1.1 16:46:08.999 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED 16:46 sion 建立 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 协商协议：TLSv1.2 16:46:08.997 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -协商密码套件：TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 16:46:08.998 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - peer principal: CN=api.serviceprovider.com, OU=IT Department, O=ServiceProv, L=Moscow C=RU 16:46:08.998 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 对等替代名称：[api.serviceprovider.com, developer.serviceprovider.com] 16:46:08.999 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - 发行方主体：CN=Thawte TLS RSA CA G1，OU=www.digicert.com，O=DigiCert Inc，C=US 16:46:08.999 [main] DEBUG org. apache.http.impl.execchain.MainClientExec - 执行请求 GET /private/openapi HTTP/1.1 16:46:08.999 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - 目标身份验证状态：UNCHALLENGED 16:46 :08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> GET /private/openapi HTTP/1.1 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: api.serviceprovider.com:443 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232) 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "GET /private/openapi HTTP/1.1[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.serviceprovider.com:443[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232)[\\r][\\n]" 16:46:08.999 [main] DEBUG or :08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> GET /private/openapi HTTP/1.1 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing- 0 >> 主机：api.serviceprovider.com:443 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> 连接：Keep-Alive 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232) 16:46:08.999 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "GET /private/openapi HTTP/1.1[\\r ][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: api.serviceprovider.com:443[\\r][\\n]" 16 :46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache .http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.3 (Java/1.8.0_232)[\\r][\\n]" 16:46:08.999 [main] DEBUG 或g.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\\r][\\n]" 16:46:09.037 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[read] I/O error: Received fatal alert: handshake_failure" 16:46:09.037 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection 16:46:09.037 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Shutdown connection 16:46:09.037 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection discarded 16:46:09.038 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {tls}-> http://xxx120:8080- > https://api.serviceprovider.com:443][total kept alive: 0; g.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\\r][\\n]" 16:46:08.999 [main] DEBUG org.apache.http.wire - http -outgoing-0 >> "[\\r][\\n]" 16:46:09.037 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[read] I/O error: Received致命警报：handshake_failure” 16:46:09.037 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0：关闭连接 16:46:09.037 [main] DEBUG org.apache.http.impl .conn.DefaultManagedHttpClientConnection - http-outgoing-0：关闭连接 16:46:09.037 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - 连接被丢弃 16:46:09.038 [main] DEBUG org.apache.http .impl.conn.PoolingHttpClientConnectionManager - 连接已发布：[id: 0][route: {tls}-> http://xxx120:8080- > https://api.serviceprovider.com:443 ][总保持活跃：0 ; route allocated: 0 of 2;分配的路由：0 of 2； total allocated: 0 of 20] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:933) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at org.apache.http.impl.conn.LoggingInputStream.read(LoggingInputStream.java:84) at org.apache.http.impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) at org.apache.http.impl.io.SessionInputBufferImpl.readLine(SessionInputBufferImpl.java:282) at org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) at org.apache.http.impl.conn.DefaultHt总分配：0 of 20] javax.net.ssl.SSLHandshakeException：收到致命警报：sun.security.ssl.Alerts.getSSLException（Alerts.ssl.Alerts.getSSLException（Alerts.getSSLException（Alerts. java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127) at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl) .java:933) at sun.security.ssl.AppInputStream.read(AppInputStream.java:105) at org.apache.http.impl.conn.LoggingInputStream.read(LoggingInputStream.java:84) at org.apache.http。 impl.io.SessionInputBufferImpl.streamRead(SessionInputBufferImpl.java:137) at org.apache.http.impl.io.SessionInputBufferImpl.fillBuffer(SessionInputBufferImpl.java:153) at org.apache.http.impl.io.SessionInputBufferImpl.readLine( SessionInputBufferImpl.java:282) 在 org.apache.http.impl.conn.DefaultHttpResponseParser.parseHead(DefaultHttpResponseParser.java:138) 在 org.apache.http.impl.conn.DefaultHt tpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163) at org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:165) at org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl tpResponseParser.parseHead(DefaultHttpResponseParser.java:56) at org.apache.http.impl.io.AbstractMessageParser.parse(AbstractMessageParser.java:259) at org.apache.http.impl.DefaultBHttpClientConnection.receiveResponseHeader(DefaultBHttpClientConnection.java:163)在 org.apache.http.impl.conn.CPoolProxy.receiveResponseHeader(CPoolProxy.java:165) 在 org.apache.http.protocol.HttpRequestExecutor.doReceiveResponse(HttpRequestExecutor.java:273) 在 org.apache.http.protocol.HttpRequestExecutor .execute(HttpRequestExecutor.java:125) 在 org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) 在 org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ) 在 org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) 在 org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) 在 org.apache.http。 impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) 在 org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpCl ient.java:118) at ru.bcs.creditmarkt.delivery.adapter.ServProvAuthTest.testConn(ServProvAuthTest.java:99) ient.java:118) 在 ru.bcs.creditmarkt.delivery.adapter.ServProvAuthTest.testConn(ServProvAuthTest.java:99)

Answer 1

Problem solved.问题解决了。 The issue was in jks keystore, not in code.问题出在 jks 密钥库中，而不是代码中。 I have imported client cert, but it required a cert chain with root cert too.我已经导入了客户端证书，但它也需要一个带有根证书的证书链。 Once imported the whole chain with client cert it worked.一旦使用客户端证书导入整个链，它就可以工作。

使用 Apache HttpClient 发送带有 SSL 身份验证的 HTTP 请求

问题描述

Where I am now:我现在在哪里：

Upd.更新。 So far I have googled next steps:到目前为止，我已经用谷歌搜索了下一步：

1 个解决方案

解决方案1
0 已采纳 2020-01-17 12:49:08

使用 Apache HttpClient 发送带有 SSL 身份验证的 HTTP 请求

问题描述

Where I am now:我现在在哪里：

Upd.更新。 So far I have googled next steps:到目前为止，我已经用谷歌搜索了下一步：

1 个解决方案

解决方案1 0 已采纳 2020-01-17 12:49:08

解决方案1
0 已采纳 2020-01-17 12:49:08