HTTPClient-1.4.2:自定义SSL上下文示例所需的说明
这是来自HttpClient-4.x文档的自定义SSL上下文的示例: http : //hc.apache.org/httpcomponents-client-ga/examples.html
注意:为简洁起见,删除注释。
package org.apache.http.examples.client; import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.util.EntityUtils; /** * This example demonstrates how to create secure connections with a custom SSL * context. */ public class ClientCustomSSL { public final static void main(String[] args) throws Exception { DefaultHttpClient httpclient = new DefaultHttpClient(); try { KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream instream = new FileInputStream(new File("my.keystore")); try { trustStore.load(instream, "nopassword".toCharArray()); } finally { try { instream.close(); } catch (Exception ignore) {} } SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); Scheme sch = new Scheme("https", 443, socketFactory); httpclient.getConnectionManager().getSchemeRegistry().register(sch); HttpGet httpget = new HttpGet("https://localhost/"); System.out.println("executing request" + httpget.getRequestLine()); HttpResponse response = httpclient.execute(httpget); HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------"); System.out.println(response.getStatusLine()); if (entity != null) { System.out.println("Response content length: " + entity.getContentLength()); } EntityUtils.consume(entity); } finally { // When HttpClient instance is no longer needed, // shut down the connection manager to ensure // immediate deallocation of all system resources httpclient.getConnectionManager().shutdown(); } } } 我假设my.keystore是将CA根证书导入到的trustStore的位置:/ Library / Java / Home / lib / security / cacerts,此truststore的默认密码是“changeit”。
我的问题是:我应该在哪里放置我的客户端证书以便与服务器通信。 我有两种方式SSL设置。
上面的示例代码没有提供有关客户端证书的任何提示:pem / p12和密钥文件。
任何想法/想法将不胜感激!
-Bianca
SSLSocketFactory有几个构造函数。 该示例使用的构造函数仅使用自定义trustStore。 您需要使用一个带有自定义keyStore(包含您的客户端证书)的构造函数。
如果目标服务器使用自签名证书,则只需要自定义trustStore。
此示例使用自定义trustStore和keyStore初始化SSLContext:
public static void main(String[] args) throws Exception { DefaultHttpClient httpClient = new DefaultHttpClient(); try { SSLContext ctx = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = getTrustManagers("jks", new FileInputStream(new File("cacerts")), "changeit"); KeyManager[] keyManagers = getKeyManagers("pkcs12", new FileInputStream(new File("clientCert.pfx")), "password"); ctx.init(keyManagers, trustManagers, new SecureRandom()); SSLSocketFactory factory = new SSLSocketFactory(ctx, new StrictHostnameVerifier()); ClientConnectionManager manager = httpClient.getConnectionManager(); manager.getSchemeRegistry().register(new Scheme("https", 443, factory)); //as before } } protected static KeyManager[] getKeyManagers(String keyStoreType, InputStream keyStoreFile, String keyStorePassword) throws Exception { KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(keyStoreFile, keyStorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyStorePassword.toCharArray()); return kmf.getKeyManagers(); } protected static TrustManager[] getTrustManagers(String trustStoreType, InputStream trustStoreFile, String trustStorePassword) throws Exception { KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(trustStoreFile, trustStorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); return tmf.getTrustManagers(); }
- http获取身体请求
- 在JSP中添加Expires或Cache-Control标头
- 即使httpCon.setRequestMethod(“GET”),HttpURLConnection也会发送POST请求; 已设定
- Jersey SSE – eventOutput.write在发送第一条消息后抛出nullpointer
- GWT HTTP请求响应代码0,CORS正在工作
- Spring Integration – 如何使用http outbound-gateway发送POST参数
- Java – 通过POST方法轻松发送HTTP参数
- 如何从http或https请求获取带端口的主机名
- 如何在Java套接字中识别EOF?