Java HttpClient中的curl cacert等價物

Question

我能夠做出以下curl命令沒有問題：

curl -s --cacert cert_ca.pem -X POST --data-urlencode name=abcde https://abcd.com/resource

你能幫助我想出一些關於Java的東西嗎？ 我看過類似的帖子，但他們談論完整的SSL握手。 在這里，我只是呈現CA證書以使用指定的證書文件來驗證對等方。

另一個問題是，我的理解是正確的 - >在這里，我需要配置信任庫和CA證書來驗證對等方，而不一定是任何密鑰庫，因為我沒有代表我提交任何證書？

謝謝

我也有CA證書的jks文件

在使用以下代碼嘗試Robert的建議時：

    SSLContext sslContext = SSLContexts.custom()                          
         .loadTrustMaterial(new File("test_ca.jks")
         .build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
    httpClient = HttpClients.custom()
         .setSSLSocketFactory(sslsf)
         .build();
    String openEndpoint = "URL";
    HttpPost httpPost = new HttpPost(openEndpoint);
    httpPost.setEntity(new UrlEncodedFormEntity(reqBodyParams)); 
    CloseableHttpResponse httpResponse = ( CloseableHttpResponse ) httpClient.execute(httpPost);

我收到以下異常：

    javax.net.ssl.SSLException: Received fatal alert: unexpected_message
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
at sun.security.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1769)
at sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:124)
at sun.security.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java:1130)
at sun.security.ssl.ClientHandshaker.sendChangeCipherAndFinish(ClientHandshaker.java:1216)
at sun.security.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:1128)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:348)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

Answer 1

在構建Apache Commons Http SSLContext時，可以將Java密鑰庫文件指定為“信任材料”（信任存儲）：

    SSLContext sslContext = SSLContexts.custom()
            .loadTrustMaterial(new File("keystore.jks"), "trust-password".toCharArray()) // trust
            .build();
    SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();