使用Axis2 / Java创建SSL客户端
我正在尝试连接到使用SSL的WebService但没有成功。 我使用Axis2,我发现了一些有用的文章: http : //people.apache.org/~dumindu/docs/HowToConfigureSSL.html ,但它适用于C.在本文中,他们使用axis2设置了SERVER_CERT,KEY_FILE和SSL_PASSPHRASE。 xml或C编码。 我试图更改配置文件,但这对我不起作用。 如果有人知道如何从Java代码中设置这些参数,请告诉我。
我为不同的端点初始化了EasySSLProtocolSocketFactory和Protocol实例,并使用如下唯一键注册协议:
/** * This method does the following: * 1. Creates a new and unique protocol for each SSL URL that is secured by client certificate * 2. Bind keyStore related information to this protocol * 3. Registers it with HTTP Protocol object * 4. Stores the local reference for this custom protocol for use during furture collect calls * * @throws Exception */ public void registerProtocolCertificate() throws Exception { EasySSLProtocolSocketFactory easySSLPSFactory = new EasySSLProtocolSocketFactory(); easySSLPSFactory.setKeyMaterial(createKeyMaterial()); myProtocolPrefix = (HTTPS_PROTOCOL + uniqueCounter.incrementAndGet()); Protocol httpsProtocol = new Protocol(myProtocolPrefix,(ProtocolSocketFactory) easySSLPSFactory, port); Protocol.registerProtocol(myProtocolPrefix, httpsProtocol); log.trace("Protocol [ "+myProtocolPrefix+" ] registered for the first time"); } /** * Load keystore for CLIENT-CERT protected endpoints */ private KeyMaterial createKeyMaterial() throws GeneralSecurityException, Exception { KeyMaterial km = null; char[] password = keyStorePassphrase.toCharArray(); File f = new File(keyStoreLocation); if (f.exists()) { try { km = new KeyMaterial(keyStoreLocation, password); log.trace("Keystore location is: " + keyStoreLocation + ""); } catch (GeneralSecurityException gse) { if (logErrors){ log.error("Exception occured while loading keystore from the following location: "+keyStoreLocation, gse); throw gse; } } } else { log.error("Unable to load Keystore from the following location: " + keyStoreLocation ); throw new CollectorInitException("Unable to load Keystore from the following location: " + keyStoreLocation); } return km; } 当我必须调用Web服务时,我这样做(基本上用URL替换https1中的“https”,或https2或其他东西,具体取决于您为该特定端点初始化的协议):
httpClient.getHostConfiguration().setHost(host, port,Protocol.getProtocol(myProtocolPrefix)); initializeHttpMethod(this.url.toString().replace(HTTPS_PROTOCOL, myProtocolPrefix));
它就像一个魅力!
您可能对这个类似问题的答案感兴趣。 特别是,Axis 2似乎正在使用Apache HttpClient 3.x,根据这个文档 :
如果要执行SSL客户端身份validation(双向SSL),可以使用HttpClient的Protocol.registerProtocolfunction。 如果您不想使用常规https,则可以覆盖“https”协议,或使用不同的协议进行SSL客户端身份validation通信。 有关更多信息,请访问http://jakarta.apache.org/commons/httpclient/sslguide.html
(您可以从现有密钥库构建SSLContext,并使用此套接字工厂配置HttpClient 3.1。)