堆栈内存溢出
  简体   繁体   English

如何将带有密钥和证书的 curl 命令转换为 java spring 引导代码

[英]How to convert curl command with key and cert to java spring boot code

 原文  2022-09-14 12:57:50       java/ spring/ spring-boot/ curl

问题描述

I am executing this curl command and it works well.我正在执行这个 curl 命令,它运行良好。

 curl --tlsv1.2 -k -iv -X POST -H "Content-Type:text/xml" --key node-key.key --cert node.crt  --data-raw 'PAYLOAD' https://IP_ADDRESS:PORT/uri -u "test:test"

I made a p12 file from the key and cert:我从密钥和证书制作了一个 p12 文件:

openssl pkcs12 -export -in node.crt -inkey node-key.key -out node-store.p12

and fetch the self sign cert from the server by this command (then save output in node-self-sign.pem):并通过此命令从服务器获取自签名证书(然后将 output 保存在 node-self-sign.pem 中):

 openssl s_client -connect IP_ADDRESS:PORT 2>/dev/null </dev/null |  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

and generate jks for the node-self-sign.pem using this command:并使用以下命令为 node-self-sign.pem 生成 jks:

keytool -keystore node-KeyStore.jks -alias selfsigncert -import -file node-self-sign.pem

and use jks file and p12 file in the following spring boot code:并在以下 spring 引导代码中使用 jks 文件和 p12 文件:

 @PostConstruct
public void initEcwConnection() {
    try {
        File cert = new File(ecwCertPath);
        SSLContext sslContext = SSLContextBuilder.create()
                .loadTrustMaterial(jks,pass.toCharArray())
                .loadKeyMaterial(p12, pass.toCharArray(),pass.toCharArray())
                .build();
        CloseableHttpClient client = HttpClients.custom().setSSLContext(sslContext).build();
        requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(client);
    } catch (Exception exp) {
        LOGGER.error(exp.getMessage(), exp);
    }
}

and use restTemplate as following并使用 restTemplate 如下

  HttpHeaders headers = new HttpHeaders();
    File file = new File("paybundle.xml");
    FileInputStream fis = new FileInputStream(file);
    String payload = new String(fis.readAllBytes());
    HttpEntity<String> entity = new HttpEntity<String>(payload, headers);
    ResponseEntity<String> response = ecwTemplate.exchange("https://IP_ADDRESS:8010/vsl/preapproval",HttpMethod.POST, entity,String.class);
    System.out.println(response.getBody());

OUTPUT: OUTPUT:

Caused by: javax.net.ssl.SSLPeerUnverifiedException: Certificate for <IP_ADDRESS> doesn't match any of the subject alternative names: []
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:507) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:376) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.13.jar:4.5.13]
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56) ~[httpclient-4.5.13.jar:4.5.13]
    at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:87) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:66) ~[spring-web-5.3.19.jar:5.3.19]
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:776) ~[spring-web-5.3.19.jar:5.3.19]
enter code here

1 个解决方案

解决方案1
 1 已采纳  2022-09-14 13:25:11

your almost done just check the CN in your certificate file using您几乎完成了,只需使用检查证书文件中的 CN

openssl x509 -noout -subject -in node-self-sign.pem

and use the CN to connect to the server并使用 CN 连接到服务器

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 curl 命令用于启动 Java Spring 引导项目 - curl command for starting a Java Spring Boot project 如何将curl代码转换为Java - How to convert curl code into java Spring-Boot:在Java代码配置(不是XML)中指定REALM(安全性约束和角色)和CLIENT-CERT身份验证? - Spring-Boot: Specify REALMs (security constraints and roles) and CLIENT-CERT authentication in Java code configuration (not XML)? 如何将 Curl SSL 请求转换为 Java 代码 - How to convert Curl SSL requests into Java code 将curl命令转换为Java HTTP客户端代码以获取数据 - Convert a curl command to java http client code to get data 将带有密钥动态的 json 转换为 POJO .. java spring 引导 - Convert json with key dynamic to POJO.. java spring boot Curl 命令不起作用(Spring Boot 项目) - Curl command not working (Spring Boot project) 将Curl命令转换为Java / Android - Convert Curl command into Java/Android 将cURL命令转换为纯Java - Convert cURL command into pure Java 如何将JKS转换为Docker Registry cert / key? - How to convert JKS into Docker Registry cert/key?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM