0
我面對有關使用阿帕奇httpcomponents證書的身份驗證問題。每次我開始請求時,我都會得到響應碼403.如果我打開ssl加密和身份驗證,則可以成功建立連接。客戶端證書認證與HttpComponents
我假設的證書都還好,因爲他們已經在不同的環境工作。
下面的代碼顯示瞭如何啓動該請求。
HttpClient httpClient = null;
try
{
HttpParams httpParameters = new BasicHttpParams();
KeyStore rootca = KeyStore.getInstance(KeyStore.getDefaultType());
rootca.load(new FileInputStream("server.jks"), "bara".toCharArray());
KeyStore mycert = KeyStore.getInstance("JKS");
mycert.load(new FileInputStream("client.jks"), "bara".toCharArray());
SSLSocketFactory sockfact = new SSLSocketFactory(mycert, "bara", rootca);
sockfact.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sockfact, 443));
httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParameters, registry), httpParameters);
HttpGet get = new HttpGet("https://mycomputer.mynetwork/test");
HttpResponse response = httpClient.execute(get);
System.out.println(response.getStatusLine());
}
有沒有例外或進一步的消息。我通過下載源代碼來調試代碼。即使那樣我也無法本地化錯誤。僅僅拋出以下異常,但我看不出原因。 「連接重置由對等:套接字寫錯誤」
我會很感謝每一個想法。
親切的問候。
更新:編輯記錄的喜好,我得到下面的異常後:
reset by peer: socket write error>javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1325)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1337)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:44)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:271)
at org.apache.http.impl.SocketHttpClientConnection.close(SocketHttpClientConnection.java:246)
at org.apache.http.impl.conn.DefaultClientConnection.close(DefaultClientConnection.java:164)
at org.apache.http.impl.conn.AbstractPooledConnAdapter.close(AbstractPooledConnAdapter.java:152)
at org.apache.http.protocol.HttpRequestExecutor.closeConnection(HttpRequestExecutor.java:142)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:129)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:647)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:464)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:732)
at Client.main(Client.java:54)
Caused by: javax.net.ssl.SSLException: java.net.SocketException: Connection reset by peer: socket write error
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1692)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1656)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1601)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:93)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:271)
at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:276)
at org.apache.http.impl.conn.AbstractClientConnAdapter.flush(AbstractClientConnAdapter.java:194)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:258)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
... 6 more
Caused by: java.net.SocketException: Connection reset by peer: socket write error
at java.net.SocketOutputStream.socketWrite0(Native Method)
at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(OutputRecord.java:297)
at com.sun.net.ssl.internal.ssl.OutputRecord.write(OutputRecord.java:286)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecordInternal(SSLSocketImpl.java:748)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:736)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:88)
... 14 more
感謝您的回覆。不幸的是,我對openssl很陌生。你能舉一個例子說明我如何驗證我的證書嗎? – user1168876 2012-03-12 10:12:11
OpenSSL無法使用JKS密鑰庫,因此您必須將服務器/根證書,客戶端證書和客戶端密鑰解壓縮到一個文件中。然後你可以執行'openssl s_client -connect mycomputer.mynetwork:443 -cert client.cer -certform DER -key client.key -CAfile root.cer' – Robert 2012-03-12 11:00:13
好吧,我試過了..它說的是返回代碼「0」所以證書應該沒問題 – user1168876 2012-03-12 11:11:03