将.pem文件添加到Apache HttpClient

huangapple go评论79阅读模式
英文:

Adding .pem files to Apache HttpClient

问题

我需要将这3个 pem 文件(ca.pemkey.pemcert.pem)添加到我的 HTTP 客户端,以便访问客户端的服务。

如何让它们与我的现有 httpclient 配合使用?
任何帮助将不胜感激。

谢谢。

File caFile = new File(getClass().getResource("/certs/ca.pem").getPath());
File keyFile = new File(getClass().getResource("/certs/key.pem").getPath());
File certFile = new File(getClass().getResource("/certs/cert.pem").getPath());

SSLContext sslContext = new SSLContextBuilder()
            .loadTrustMaterial(null, (certificate, authType) -> true).build();

CloseableHttpClient httpClient = HttpClients.custom()
            .setSSLContext(sslContext)
            .setSSLHostnameVerifier(new NoopHostnameVerifier())
            .addInterceptorFirst((HttpRequestInterceptor) (httpRequest, httpContext) -> {
                httpRequest.setHeader("Content-Type", "application/xml");
            })
            .build();

HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
英文:

I need to add these 3 pem files (ca.pem, key.pem, and cert.pem) to my http client in order to access a client's service.

How do I get these to work with my existing httpclient?
Any help will be appreciated.

Thank you.


File caFile = new File(getClass().getResource("/certs/ca.pem").getPath());
File keyFile = new File(getClass().getResource("/certs/key.pem").getPath());
File certFile = new File(getClass().getResource("/certs/cert.pem").getPath());


SSLContext sslContext = new SSLContextBuilder()
            .loadTrustMaterial(null, ( certificate, authType ) -> true).build();

CloseableHttpClient httpClient = HttpClients.custom()
            .setSSLContext(sslContext)
            .setSSLHostnameVerifier(new NoopHostnameVerifier())
            .addInterceptorFirst((HttpRequestInterceptor) ( httpRequest, httpContext ) -> {
                httpRequest.setHeader("Content-Type", "application/xml");
            })
            .build();

HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpClient);

答案1

得分: 1

我已经引导了OP并在他的问题评论部分提供了答案。这个解决方案确实有效,所以我在这里发布它。

Java在处理所有不同的pem文件时受到限制并且比较冗长。在过去,我也想要加载不同项目的pem文件,并使其可重用,所以我创建了一个库来实现这个目标。我为OP提供的解决方案适用于apache http客户端:

选项1

首先,您需要添加以下依赖项GitHub - SSLContext Kickstart

<dependency>
    <groupId>io.github.hakky54</groupId>
    <artifactId>sslcontext-kickstart-for-pem</artifactId>
    <version>8.0.0</version>
</dependency>

然后,您可以使用以下代码片段:

import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.pem.util.PemUtils;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;

import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;

public class App {

    public static void main(String[] args) {
        X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial("certs/cert.pem", "certs/key.pem");
        X509ExtendedTrustManager trustManager = PemUtils.loadTrustMaterial("certs/ca.pem");

        SSLFactory sslFactory = SSLFactory.builder()
                .withIdentityMaterial(keyManager)
                .withTrustMaterial(trustManager)
                .build();

        HttpClient httpclient = HttpClients.custom()
                .setSSLContext(sslFactory.getSslContext())
                .build();

        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpclient);
    }
    
}

选项2

如果您不想使用上述库,而且您没有加密的私钥,只有pem文件作为证书,那么您也可以尝试另一个答案中提供的示例:https://stackoverflow.com/a/42733858/6777695。这个示例提供了一个在纯Java中如何解析pem文件的示例。如果您有加密的私钥,解决方案会变得更冗长,可以在这里查看更多信息:https://stackoverflow.com/questions/63832456/parsing-encrypted-pkcs8-encoded-pem-file-programatically

英文:

I have guided the OP and provided the answer in the comment section of his question. The solution did work, so I am posting it here.

Java is limited and verbose of handling all of the different pem files. In the past I wanted also to load pem files for different projects and to make it reusable I created a library which does the trick. The solution which I provided to the OP for an apache http client is:

Option 1

You first need to add the following dependency GitHub - SSLContext Kickstart:

&lt;dependency&gt;
    &lt;groupId&gt;io.github.hakky54&lt;/groupId&gt;
    &lt;artifactId&gt;sslcontext-kickstart-for-pem&lt;/artifactId&gt;
    &lt;version&gt;8.0.0&lt;/version&gt;
&lt;/dependency&gt;

And then you can use the following code snippet:

import nl.altindag.ssl.SSLFactory;
import nl.altindag.ssl.pem.util.PemUtils;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClients;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;

import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509ExtendedTrustManager;

public class App {

    public static void main(String[] args) {
        X509ExtendedKeyManager keyManager = PemUtils.loadIdentityMaterial(&quot;certs/cert.pem&quot;, &quot;certs/key.pem&quot;);
        X509ExtendedTrustManager trustManager = PemUtils.loadTrustMaterial(&quot;certs/ca.pem&quot;);

        SSLFactory sslFactory = SSLFactory.builder()
                .withIdentityMaterial(keyManager)
                .withTrustMaterial(trustManager)
                .build();

        HttpClient httpclient = HttpClients.custom()
                .setSSLContext(sslFactory.getSslContext())
                .build();

        HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
        requestFactory.setHttpClient(httpclient);
    }
    
}

Option 2

If you don't want the above library and you don't have an encrypted private keys and just certificates as pem files, then you can also give the following example from another answer a try: https://stackoverflow.com/a/42733858/6777695 That one provides an example in just plain java how to parse a pem file. If you have an encrypted private key it will get a bit more verbose, see here for more: https://stackoverflow.com/questions/63832456/parsing-encrypted-pkcs8-encoded-pem-file-programatically

huangapple
  • 本文由 发表于 2023年5月6日 22:44:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/76189495.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定