0

use curl:

curl -v https://xxxxxx --cert ./dss.chain.pem --key ./privatekey.pem --pass admin

i can get 400 errors.This is the correct return.

now,I need to use the Java implementation.

I've tried doing this several different ways.

.pem--> .jks = fail httpclient = fail.

some code:

  private static KeyStore getKeyStore(String keyStorePath, String password, String type)
      throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
    // 获取证书
    FileInputStream inputStream = new FileInputStream(keyStorePath);
    // 秘钥仓库
    KeyStore keyStore = KeyStore.getInstance(type);
    keyStore.load(inputStream, password.toCharArray());
    inputStream.close();
    return keyStore;
  }

keyStore.load(inputStream, password.toCharArray()) throw exception

Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45
    at sun.security.util.DerValue.toDerInputStream(DerValue.java:847)
    at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1915)
    at java.security.KeyStore.load(KeyStore.java:1445)
Mr Li
  • 1
  • 3
  • 1
    What's the value you're using as the `type` parameter in `getKeyStore` method? – Vimukthi Aug 31 '22 at 07:25
  • .pem file path(String keyStorePath = "D:\\miyao\\privatekey.pem"),and password – Mr Li Aug 31 '22 at 07:33
  • @MrLi I suspect that you are not passing `JKS` as value to `type` parameter to `getKeyStore` function. Try passing `JKS`, as to load .pem file `KeyStore` needs JKS as type – Amogh Aug 31 '22 at 07:36
  • You can refer to this https://stackoverflow.com/questions/2138940/import-pem-into-java-key-store to get keystore object from .pem stream – Amogh Aug 31 '22 at 07:38
  • This path seems incorrect. You need to provide a path that is ending with `.jks` or `.p12` – Vimukthi Aug 31 '22 at 07:39
  • @Amogh @Vimukthi I generated a.jks file. `D:\miyao\appleAc.jks` , shell `openssl pkcs12 -export -in dss.chain.pem -inkey privatekey.pem -out appleAc.p12 keytool -importkeystore -deststorepass 'admin123' -destkeypass 'admin123' -destkeystore appleAc.jks -srckeystore appleAc.p12 -srcstoretype PKCS12 -srcstorepass 'admin123' keytool -importkeystore -srckeystore appleAc.jks -destkeystore appleAc.jks -deststoretype pkcs12` ,KeyStore success. but there are two values in the code,`KeyManagerFactory` and `TrustManagerFactory` ,need two keystores,i'm using the same one now. – Mr Li Aug 31 '22 at 08:15
  • @Amogh @Vimukthi ↑ result in `sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target` ,do I need two different.jks files. – Mr Li Aug 31 '22 at 08:18
  • @Vimukthi https://drive.google.com/file/d/1LyZqENaXfU5FuNbh1vkt3yfKp6Hth9Ou/view?usp=sharing – Mr Li Aug 31 '22 at 08:25

0 Answers0