Certificate 为服务器身份验证确认设置客户端后出现okhttp客户端错误
我们正在尝试使用miniojava客户端,它使用okhttp客户端将对象上传到bucket。目前,我们使用的服务器只支持服务器身份验证,不支持相互tls,这主要意味着我们必须验证服务器提供的具有给定CA证书的证书。 出于这个原因,我们创建了下面的方法来简单地在trustedstore中传递ca证书文件Certificate 为服务器身份验证确认设置客户端后出现okhttp客户端错误,certificate,okhttp,minio,http-1.1,tls1.3,Certificate,Okhttp,Minio,Http 1.1,Tls1.3,我们正在尝试使用miniojava客户端,它使用okhttp客户端将对象上传到bucket。目前,我们使用的服务器只支持服务器身份验证,不支持相互tls,这主要意味着我们必须验证服务器提供的具有给定CA证书的证书。 出于这个原因,我们创建了下面的方法来简单地在trustedstore中传递ca证书文件 private OkHttpClient addCertificates(OkHttpClient httpClient,
private OkHttpClient addCertificates(OkHttpClient httpClient,
Path certificatesDir) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException, UnrecoverableKeyException, KeyManagementException
{
// TODO: remove printing of certificates
String certContents = Files.readString(certificatesDir);
log.debug("certificate contents: {}", certContents);
Collection<? extends Certificate> certificates = null;
try (FileInputStream fis = new FileInputStream(certificatesDir.toFile().getAbsolutePath()))
{
certificates = CertificateFactory.getInstance("X.509").generateCertificates(fis);
}
if (certificates == null || certificates.isEmpty())
{
throw new IllegalArgumentException("expected non-empty set of trusted certificates");
}
char[] password = "password".toCharArray();
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, password);
int index = 0;
for (Certificate certificate : certificates)
{
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLSv1.3");
sslContext.init(null, trustManagers, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return httpClient.newBuilder().sslSocketFactory(sslSocketFactory, (X509TrustManager) trustManagers[0]).build();
}
专用OkHttpClient addCertificates(OkHttpClient-httpClient,
路径certificatesDir)抛出CertificateException、KeyStoreException、NoSuchAlgorithmException、IOException、UnrecoverableKeyException、KeyManagementException
{
//TODO:删除证书的打印
String certContents=Files.readString(certificatesDir);
调试(“证书内容:{}”,certContents);
CollectionI尝试在没有任何证书或凭据的情况下使用curl命令,但访问被拒绝。因此,我想我们可以一直到minio服务器!此外,使用testcontainers的单元测试工作正常…并且对象上载成功!您可以通过使用它加载证书来简化一些证书处理代码ider记录事件以确认connect出现了什么问题
private OkHttpClient enableExternalCertificates(OkHttpClient httpClient, String filename)
throws GeneralSecurityException, IOException {
Collection<? extends Certificate> certificates = null;
try (FileInputStream fis = new FileInputStream(filename)) {
certificates = CertificateFactory.getInstance("X.509").generateCertificates(fis);
}
if (certificates == null || certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted certificates");
}
char[] password = "password".toCharArray(); // Any password will work.
// Put the certificates a key store.
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// By convention, 'null' creates an empty key store.
keyStore.load(null, password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
// Use it to build an X509 trust manager.
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
final KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagers, trustManagers, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return httpClient
.newBuilder()
.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustManagers[0])
.build();
}