API SSL соединение от Maven - PullRequest
0 голосов
/ 17 октября 2018

Я пытаюсь подключиться к конечной точке API из проекта maven.

Со стороны сервера они поделились со мной файлами:

privatekey.key
certificate.crt
intermediate_rapidssl.crt
ca_geotrust_global.crt

Я использую следующие команды длясоздать файл .jks

openssl pkcs12 -export -out clave.P12 -name mycertificate -inkey privatekey.key -in certificate.crt -CAfile intermediate_rapidssl.crt -caname issuer -CAfile ca_geotrust_global.crt -caname root

keytool -importkeystore -srckeystore clave.p12 -srcstoretype pkcs12 -destkeystore clave.jks -deststoretype JKS

Затем в проекте maven я использовал следующий класс, отправляющий путь к файлу clave.jks:

public class SSLCliAuthExample3 {


private static final Logger LOG = Logger.getLogger(SSLCliAuthExample3.class.getName());

private static final String CA_KEYSTORE_TYPE = KeyStore.getDefaultType(); //"JKS";
private static final String CA_KEYSTORE_PATH = "/<path>/clave.jks";
private static final String CA_KEYSTORE_PASS = "111111";


public static void main(String[] args) throws Exception {
    requestTimestamp();
}

public final static void requestTimestamp() throws Exception {
    SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(
            createSslCustomContext(),
            new String[]{"TLSv1"}, // Allow TLSv1 protocol only
            null,
            SSLConnectionSocketFactory.getDefaultHostnameVerifier());

    try (CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(csf).build()) {


        HttpGet req = new HttpGet("https://<host>/getdata?startTimestamp=2018-08-01T14:32:46.805&endTimestamp=2018-08-01T14:50:04.380");
        req.setConfig(configureRequest());

        try {
            HttpResponse response = httpclient.execute(req);
            HttpEntity entity = response.getEntity();

        } catch (IOException e) {
            e.printStackTrace();
        }        


    }
}

public static RequestConfig configureRequest() {
    HttpHost proxy = new HttpHost("<host>", <port>, "https");
    RequestConfig config = RequestConfig.custom()
            .setProxy(proxy)
            .build();
    return config;
}

public static SSLContext createSslCustomContext() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException {
    // Trusted CA keystore
    KeyStore tks = KeyStore.getInstance(CA_KEYSTORE_TYPE);
    tks.load(new FileInputStream(CA_KEYSTORE_PATH), CA_KEYSTORE_PASS.toCharArray());


    SSLContext sslcontext = SSLContexts.custom()
            .loadTrustMaterial(tks, new TrustSelfSignedStrategy()) // use it to customize
            //.loadKeyMaterial(cks, CLIENT_KEYSTORE_PASS.toCharArray()) // load client certificate
            .build();
    return sslcontext;
}

}

, но при запуске я получаюследующий результат:

--- exec-maven-plugin:1.2.1:exec (default-cli) @ loaders_dna ---
oct 17, 2018 12:10:16 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: I/O exception (java.net.SocketException) caught when processing request to {tls}->https://<host>:<port>->https://<host>:<port>: Connection reset
oct 17, 2018 12:10:16 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: Retrying request to {tls}->https://<host>:<port>->https://<host>:<port>
oct 17, 2018 12:10:16 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: I/O exception (java.net.SocketException) caught when processing request to {tls}->https://<host>:<port>->https://<host>:<port>: Connection reset
oct 17, 2018 12:10:16 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: Retrying request to {tls}->https://<host>:<port>->https://<host>:<port>
oct 17, 2018 12:10:17 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: I/O exception (java.net.SocketException) caught when processing request to {tls}->https://<host>:<port>->https://<host>:<port>: Connection reset
oct 17, 2018 12:10:17 PM org.apache.http.impl.execchain.RetryExec execute
INFORMACIÓN: Retrying request to {tls}->https://<host>:<port>->https://<host>:<port>
java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:210)
    at java.net.SocketInputStream.read(SocketInputStream.java:141)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
    at sun.security.ssl.InputRecord.read(InputRecord.java:503)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:354)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:388)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
    at com.dna.app.etl.apitobigquery.SSLCliAuthExample3.requestTimestamp(SSLCliAuthExample3.java:69)
    at com.dna.app.etl.apitobigquery.SSLCliAuthExample3.main(SSLCliAuthExample3.java:52)

Знаете ли вы, что может произойти?

...