[英]TaxCore - request token using a smart card certificate
我正在嘗試制作的應用程序需要通過向 TaxCore 服務器提供從智能卡獲取的個人證書來請求令牌。 我已經從智能卡中導出了證書,並將其命名為 buisness.cer。 我還需要另外 2 個證書來建立 https 連接( Sandbox SUF Issuing CA 1.cer
和Sandbox SUF RCA.cer
)。
官方文檔說明了以下步驟:
我已經浪費了好幾天的時間來嘗試完成這項工作,並測試了我在互聯網上可以找到的所有示例,但盡管我付出了努力,我最終還是得到了 401 響應。 {"Message":"Authorization has been denied for this request."}
目前我有這個(非工作):
private static X509Certificate getCert(String f) {
InputStream is0;
try {
CertificateFactory cf0 = CertificateFactory.getInstance("X.509");
is0 = new FileInputStream(f);
var cer = (X509Certificate) cf0.generateCertificate(is0);
is0.close();
return cer;
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return null;
}
public final static void main(String[] args) throws Exception {
var buisnessCert = getCert("someplace/buisness.cer");
var issuingCaCert = getCert("someplace/issuingCa.cer");
var rcaCert = getCert("someplace/rca.cer");
var tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(null);
ks.setCertificateEntry("issuingCaCert", issuingCaCert);
ks.setCertificateEntry("rcaCert", rcaCert);
ks.setCertificateEntry("buisnessCert", buisnessCert);
tmf.init(ks);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, null, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://taxcoreservergoeshere/api/v3/sdc/token");
httpget.setHeader("Accept", "application/json");
httpget.setHeader("Content-Type", "application/json");
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println(EntityUtils.toString(entity));
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
非常感謝任何幫助。
證書不應該離開智能卡。 您需要使用 PKCS#11 提供程序來實例化您的密鑰庫。 這個答案可能是一個很好的起點: Java Access Token PKCS11 Not found Provider
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.