Cyberark 使用 JAVA 从保管库中检索密码
Cyberark retrieve password from vault using JAVA
我正在开发 Java 应用程序,尝试使用 Rest API 调用从 Cyberark Vault 检索密码。导入客户端证书后,我通过浏览器 (Edge/Chrome) 取回 API 调用的数据。我尝试将相同的证书添加到 java truststore "C:\jdk1.8.0_77\jre\lib\security\cacerts" 但是在拨打电话时,我收到以下错误
403 - Forbidden: Access is denied. You do not have permission to view
this directory or page using the credentials that you supplied.
我以前在浏览器中也遇到过这个错误,直到我导入了客户端证书。那我现在缺少什么?是否需要设置 attributes/variables 才能拨打电话?我正在使用 Apache HttpClient。我在 Eclipse 中将信任库、密码作为 VM 参数传递。
KeyStore keyStore = null;
String baseUrl = "https://cyberarkservices:23456/api/Accounts?AppID=myapp&Safe=Test&Object=testobject";
try {
keyStore = KeyStore.getInstance("JKS");
} catch (KeyStoreException e) {
System.out.println(e.getStackTrace());
}
FileInputStream instream = null;
try {
instream = new FileInputStream(new File(System.getProperty("javax.net.ssl.trustStore")));
keyStore.load(instream, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray());
} catch (Exception e) {
System.out.println("Exception occured loading cacerts: " + e);
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext = null;
try {
sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray())
.build();
} catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
System.out.println("Exception occured loading SSL key material: " + e);
}
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslcontext,
new String[] { "TLSv1.1", "TLSv1.2" }, null,
NoopHostnameVerifier.INSTANCE);
builder.setSSLSocketFactory(sslConnectionFactory);
builder.setSSLSocketFactory(sslConnectionFactory);
CloseableHttpClient httpclient = builder.build();
CloseableHttpResponse response = null;
try {
HttpGet httpget = new HttpGet(baseUrl);
// CALL API
String reply = "";
response = httpclient.execute(httpget);
String res_xml = EntityUtils.toString(response.getEntity());
if(res_xml!=null && !res_xml.isEmpty())
{
reply = res_xml;
System.out.println(reply);
}
我让它工作了。只需在进行 API 调用时直接从 java 读取 in/loaded 客户端证书 (.p12),而无需将其导入信任库或密钥库文件。将证书 location/password 作为 VM 参数传入,它工作得很好。
我正在开发 Java 应用程序,尝试使用 Rest API 调用从 Cyberark Vault 检索密码。导入客户端证书后,我通过浏览器 (Edge/Chrome) 取回 API 调用的数据。我尝试将相同的证书添加到 java truststore "C:\jdk1.8.0_77\jre\lib\security\cacerts" 但是在拨打电话时,我收到以下错误
403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.
我以前在浏览器中也遇到过这个错误,直到我导入了客户端证书。那我现在缺少什么?是否需要设置 attributes/variables 才能拨打电话?我正在使用 Apache HttpClient。我在 Eclipse 中将信任库、密码作为 VM 参数传递。
KeyStore keyStore = null;
String baseUrl = "https://cyberarkservices:23456/api/Accounts?AppID=myapp&Safe=Test&Object=testobject";
try {
keyStore = KeyStore.getInstance("JKS");
} catch (KeyStoreException e) {
System.out.println(e.getStackTrace());
}
FileInputStream instream = null;
try {
instream = new FileInputStream(new File(System.getProperty("javax.net.ssl.trustStore")));
keyStore.load(instream, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray());
} catch (Exception e) {
System.out.println("Exception occured loading cacerts: " + e);
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext = null;
try {
sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, System.getProperty("javax.net.ssl.trustStorePassword").toCharArray())
.build();
} catch (KeyManagementException | UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e) {
System.out.println("Exception occured loading SSL key material: " + e);
}
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslcontext,
new String[] { "TLSv1.1", "TLSv1.2" }, null,
NoopHostnameVerifier.INSTANCE);
builder.setSSLSocketFactory(sslConnectionFactory);
builder.setSSLSocketFactory(sslConnectionFactory);
CloseableHttpClient httpclient = builder.build();
CloseableHttpResponse response = null;
try {
HttpGet httpget = new HttpGet(baseUrl);
// CALL API
String reply = "";
response = httpclient.execute(httpget);
String res_xml = EntityUtils.toString(response.getEntity());
if(res_xml!=null && !res_xml.isEmpty())
{
reply = res_xml;
System.out.println(reply);
}
我让它工作了。只需在进行 API 调用时直接从 java 读取 in/loaded 客户端证书 (.p12),而无需将其导入信任库或密钥库文件。将证书 location/password 作为 VM 参数传入,它工作得很好。