0
pem証明書に問題があります。私は証明書の承認を持つ他のサーバーからサービスを呼び出そうとしています。RestPemplateのCertificateParsingException - pem証明書
@Override
public void changeAnalitycsState(Device device) {
SSLContext context = null;
Security.addProvider(new BouncyCastleProvider());
context = SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy())
.useProtocol("TLS").build();
byte[] certificate = getCertificate();
byte[] certBytes = parseDERFromPEM(certificate,
"-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
X509Certificate cert = generateCertificateFromDER(certBytes);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(null);
keystore.setCertificateEntry("cert-alias", cert);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, "changeit".toCharArray());
KeyManager[] km = kmf.getKeyManagers();
context.init(km, null, null);
@SuppressWarnings("deprecation")
HttpClient httpClient = HttpClientBuilder.create().setSslcontext(context)
.setSSLSocketFactory(new SSLConnectionSocketFactory(context.getSocketFactory(), new AllowAllHostnameVerifier()))
.build();
ClientHttpRequestFactory httpClientRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
String plainCreds = "user:pass";
byte[] plainCredsBytes = plainCreds.getBytes();
byte[] base64CredsBytes = Base64.encodeBase64(plainCredsBytes);
String base64Creds = new String(base64CredsBytes);
RestTemplate restTemplate = new RestTemplate(httpClientRequestFactory);
HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.add(HttpHeaders.AUTHORIZATION, "Basic " + base64Creds);
httpHeaders.setContentType(MediaType.APPLICATION_JSON);
HttpEntity<Device> entity = new HttpEntity<Device>(
device, httpHeaders);
restTemplate
.exchange("https://xxx:8666/yyy/", HttpMethod.POST, entity, Void.class);
}
private byte[] parseDERFromPEM(byte[] pem, String beginDelimiter,
String endDelimiter) {
String data = new String(pem);
String[] tokens = data.split(beginDelimiter);
tokens = tokens[1].split(endDelimiter);
return DatatypeConverter.parseBase64Binary(tokens[0]);
}
private X509Certificate generateCertificateFromDER(byte[] certBytes) {
CertificateFactory factory;
X509Certificate cert = null;
factory = CertificateFactory.getInstance("X.509");
cert = (X509Certificate) factory
.generateCertificate(new ByteArrayInputStream(certBytes));
return cert;
}
し、エラーがある:RestTemplate with pem certificateが、それは私のために動作しませんでした:
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://xxx":no more data allowed for version 1 certificate; nested exception is javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate
Caused by: javax.net.ssl.SSLProtocolException: no more data allowed for version 1 certificate
10:35:08,479 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.HandshakeMessage$CertificateMsg.<init>(Unknown Source)
10:35:08,480 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
10:35:08,480 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.Handshaker.processLoop(Unknown Source)
10:35:08,481 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.Handshaker.process_record(Unknown Source)
10:35:08,481 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
10:35:08,482 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
Caused by: java.security.cert.CertificateParsingException: no more data allowed for version 1 certificate
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.x509.X509CertInfo.parse(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.x509.X509CertInfo.<init>(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.x509.X509CertImpl.parse(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.x509.X509CertImpl.<init>(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at sun.security.provider.X509Factory.engineGenerateCertificate(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1) at java.security.cert.CertificateFactory.generateCertificate(Unknown Source)
10:35:08,489 INFO [stdout] (http-0.0.0.0-0.0.0.0-8443-1)
私は、このソリューションを試してみました。メソッドgetCertificate()はbyte []で証明書を返します(私は証明書を返すサービスを持っていますが、それは悪い考えですが、これはどのように動作するのですか)。
これは私の証明書との最初の連絡です。 どうすれば修正できますか?
あなたは 'parseDERfromPEM'を必要としないので、' CertificateFactory'は、PEMフォーマットを扱う - とCERT(というよりもキーPLUS証明書)を入れて中とにかくkeymanagerの店は役に立たない。しかし、あなたのエラーは、クライアント認証を行うために_attempting_する前に起こった_サーバーから受信した証明書で発生しています。サーバに保存されているか、または 'keytool -printcert -sslserver host [:port] -rfc'または' openssl s_client -connect host:port -servername host'で受信した証明書を取得して(追加して) --- BEGIN CERTIFICATE -----〜----- END CERTIFICATE ------)。 –