[英]Java/REST-assured: how to use SSL certificate in code
我正在尝试使用 REST-assured 来执行一些需要 SSL 身份验证的 API 调用。 我收到了:
当我把所有这些都放在例如 Postman 中时,它就可以正常工作。 现在我想在我的 Java 代码中使用它……这就是我被卡住的地方。 我看到人们使用单独的工具来导入密钥等,但我想在代码中做所有事情:)
我发现人们使用这个:
RestAssured.config = RestAssured.config().sslConfig(SSLConfig.sslConfig()
.trustStore(TRUST_STORE_PATH, TRUST_STORE_PASS).trustStoreType("JKS")
.keyStore(KEY_STORE_PATH, KEY_STORE_PASS).keystoreType("PKCS12"));
其中 KEY_STORE_* 是 P12 文件 + 密码(?),而 TRUST_STORE_* 是证书 + 密钥(?)。 但是,这会导致错误“无效的密钥库格式”。 我已经将 .cert.pem 文件转换为带有 openssl 的(二进制/x509),但这并没有改变任何东西......我错过了什么? 我需要调用什么黑魔法才能让它在代码中运行?
评论给了我一个想法; 也许 .p12 文件不是“正确的”密钥库。 所以:我使用 keytool 将证书+密钥转换为 JKS 信任库,并使用 OpenSSL 将 .p12 + 密码转换为 a.pkcs12 密钥库。
现在的代码是:
RestAssured.config = RestAssured.config().sslConfig(SSLConfig.sslConfig()
.trustStore(JKS_PATH, JKS_PASS).trustStoreType("JKS")
.keyStore(PKCS12_PATH, PKCS12_PASS).keystoreType("PKCS12"));
RestAssured.useRelaxedHTTPSValidation();
我添加了useRelaxedHTTPSValiadion调用以确保我没有遇到奇怪的签名问题; 也许我可以没有它,但首先我想让它工作。 这编译并运行——进展,但是:现在我在 REST-assured 执行实际 POST 时遇到错误: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 。 如前所述,我在 Postman 中使用它,证书没问题; 但不知何故 REST-assured/Java 表现不佳。
根据其中一条评论的要求,一些 SSL 调试/日志记录:
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.103 CEST|ServerHello.java:891|Consuming ServerHello handshake message (
"ServerHello": {
"server version" : "TLSv1.2",
"random" : <snip>,
"session id" : "",
"cipher suite" : "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F)",
"compression methods" : "00",
"extensions" : [
"renegotiation_info (65,281)": {
"renegotiated connection": [<no renegotiated connection>]
},
"ec_point_formats (11)": {
"formats": [uncompressed]
},
"extended_master_secret (23)": {
<empty>
}
]
}
)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.103 CEST|SSLExtensions.java:173|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.103 CEST|ServerHello.java:987|Negotiated protocol version: TLSv1.2
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.103 CEST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:173|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:173|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:173|Ignore unavailable extension: status_request
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:192|Consumed extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:173|Ignore unavailable extension: status_request_v2
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:192|Consumed extension: extended_master_secret
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.104 CEST|SSLExtensions.java:173|Ignore unavailable extension: session_ticket
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:163|Ignore unsupported extension: supported_versions
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:163|Ignore unsupported extension: key_share
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:192|Consumed extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:163|Ignore unsupported extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|ServerHello.java:1131|Locally assigned Session Id: <snip>
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:207|Ignore unavailable extension: server_name
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:207|Ignore unavailable extension: max_fragment_length
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.105 CEST|SSLExtensions.java:207|Ignore unavailable extension: status_request
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: ec_point_formats
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: status_request_v2
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: session_ticket
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: supported_versions
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: key_share
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: renegotiation_info
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.106 CEST|SSLExtensions.java:207|Ignore unavailable extension: pre_shared_key
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.112 CEST|CertificateMessage.java:357|Consuming server Certificate handshake message (<snip>)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.177 CEST|CertificateRequest.java:670|Consuming CertificateRequest handshake message (
"CertificateRequest": {
"certificate types": [rsa_sign, dss_sign, ecdsa_sign]
"supported signature algorithms": [rsa_pkcs1_sha256, dsa_sha256, ecdsa_secp256r1_sha256, rsa_pkcs1_sha384, dsa_sha384, ecdsa_secp384r1_sha384, rsa_pkcs1_sha512, dsa_sha512, ecdsa_secp521r1_sha512, rsa_pkcs1_sha1, dsa_sha1, ecdsa_sha1]
"certificate authorities": [<snip>]
}
)
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.179 CEST|X509Authentication.java:246|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.179 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha256
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.180 CEST|X509Authentication.java:246|No X.509 cert selected for DSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.180 CEST|CertificateRequest.java:764|Unavailable authentication scheme: dsa_sha256
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.181 CEST|X509Authentication.java:246|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.181 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp256r1_sha256
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.181 CEST|X509Authentication.java:246|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.181 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha384
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.182 CEST|X509Authentication.java:246|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.182 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp384r1_sha384
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.182 CEST|X509Authentication.java:246|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.182 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha512
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.182 CEST|X509Authentication.java:246|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.182 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_secp521r1_sha512
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.183 CEST|X509Authentication.java:246|No X.509 cert selected for RSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.183 CEST|CertificateRequest.java:764|Unavailable authentication scheme: rsa_pkcs1_sha1
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.183 CEST|X509Authentication.java:246|No X.509 cert selected for DSA
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.183 CEST|CertificateRequest.java:764|Unavailable authentication scheme: dsa_sha1
javax.net.ssl|ALL|01|main|2020-09-24 09:27:51.184 CEST|X509Authentication.java:246|No X.509 cert selected for EC
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.184 CEST|CertificateRequest.java:764|Unavailable authentication scheme: ecdsa_sha1
javax.net.ssl|WARNING|01|main|2020-09-24 09:27:51.184 CEST|CertificateRequest.java:774|No available authentication scheme
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.184 CEST|ServerHelloDone.java:151|Consuming ServerHelloDone handshake message (
<empty>
)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.184 CEST|CertificateMessage.java:290|No X.509 certificate for client authentication, use empty Certificate message instead
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.185 CEST|CertificateMessage.java:321|Produced client Certificate handshake message (
"Certificates": <empty list>
)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.189 CEST|ECDHClientKeyExchange.java:400|Produced ECDHE ClientKeyExchange handshake message (
"ECDH ClientKeyExchange": {
"ecdh public": {
<snip>
},
}
)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.196 CEST|ChangeCipherSpec.java:115|Produced ChangeCipherSpec message
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.197 CEST|Finished.java:398|Produced client Finished handshake message (
"Finished": {
"verify data": {
<snip>
}'}
)
javax.net.ssl|DEBUG|01|main|2020-09-24 09:27:51.248 CEST|Alert.java:238|Received alert message (
"Alert": {
"level" : "fatal",
"description": "handshake_failure"
}
)
javax.net.ssl|ERROR|01|main|2020-09-24 09:27:51.251 CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): Received fatal alert: handshake_failure
我认为这是罪魁祸首, No X.509 certificate for client authentication, use empty Certificate message instead ......这看起来很奇怪。
您对 postman 所做的操作也可以在 java 中实现。RestAssured 已经支持密钥库文件,并且还支持不同的格式,例如 jks 和 pcsk12。 在您的情况下,当将 p12 文件加载为密钥库 object 时,可以使用 pcsk12 类型。但是对于其他文件,它不支持开箱即用的 pem 文件。 您可以将这些文件合并到密钥库中,就像 Kevin Boone 建议的那样,请在此处查看用于转换文件的所有选项: Openssl 备忘单您还可以使用其他库 - SSLContext Kickstart来加载和创建 ssl 配置和将其提供给 RestAssured,请参见下面的示例。
X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial("cert.pem", "key.pem", "password".toCharArray());
SSLFactory sslFactory = SSLFactory.builder()
.withIdentityMaterial(keyManager)
.withTrustMaterial("truststore.p12", "password".toCharArray(), "PKCS12")
.build();
RestAssured.config().sslConfig(SSLConfig.sslConfig().sslSocketFactory(new SSLSocketFactory(sslFactory.getSslContext())));
我将 p12 作为示例信任材料,将 pem 文件作为身份材料。
如何在 Rest-Assured java 中使用证书进行 HTTPS GET 调用
[英]How to make HTTPS GET call with certificate in Rest-Assured java
如何在Java中使用Rest-assured使用多部分文件附件?
[英]how to use multi part file attachment using Rest-assured in Java?
如何通过另一个属性REST-ASSURED JAVA提取body属性
[英]How to extract body attribute by another attribute REST-ASSURED JAVA
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.