Apache HttpClient and PEM certificate files

前端未结

关注

 2  856

-上瘾入骨i 2021-02-06 08:30

I\'d like to programmatically access a site that requires Client certificates, which I have in PEM files. In this application I don\'t want to add them to my keystore, use keyt

2条回答

伪装坚强ぢ (楼主)

2021-02-06 09:24

Easiest may well be to use the .p12 format (though the others work fine too - just be careful with extra lines outside the base64 blocks) and add something like:

// systems I trust
System.setProperty("javax.net.ssl.trustStore", "foo");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

// my credentials
System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");
System.setProperty("javax.net.ssl.keyStore", "cert.p12");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");

Or alternatively - use things like

    KeyStore ks = KeyStore.getInstance( "pkcs12" );
    ks.load( new FileInputStream( ....), "mypassword".toCharArray() );

    KeyStore jks = KeyStore.getInstance( "JKS" );
    ks.load(...

to create above on the fly instead. And rather than rely on the system property - use somethng like:

    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
    kmf.init(aboveKeyStore, "changeme".toCharArray());
    sslContext = SSLContext.getInstance("SSLv3");
    sslContext.init(kmf.getKeyManagers(), null, null);

which keeps it separate from keystore.

DW.

0 讨论(0)

查看其它2个回答