使用SSL和代理设置的Rest Client获取连接timeOut
我使用Rest客户端忽略ssl它工作正常但它将来不会用于我尝试使用客户端证书的生产。 我有ca证书和客户证书我用它创建了一个客户端,但我收到了错误
Exception in thread "main" com.sun.jersey.api.client.ClientHandlerException: java.net.ConnectException: Connection timed out: connect at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:155) at com.sun.jersey.api.client.Client.handle(Client.java:652) at com.sun.jersey.api.client.WebResource.handle(WebResource.java:682) at com.sun.jersey.api.client.WebResource.access$200(WebResource.java:74) at com.sun.jersey.api.client.WebResource$Builder.post(WebResource.java:570) at org.app.last.JerseyClient.get_JSON(JerseyClient.java:67) at org.app.last.JerseyClient.main(JerseyClient.java:266) Caused by: java.net.ConnectException: Connection timed out: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:213) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:200) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:529) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:564) at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.connect(BaseSSLSocketImpl.java:141) at sun.net.NetworkClient.doConnect(NetworkClient.java:163) at sun.net.www.http.HttpClient.openServer(HttpClient.java:395) at sun.net.www.http.HttpClient.openServer(HttpClient.java:530) at sun.net.www.protocol.https.HttpsClient.(HttpsClient.java:272) at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:949) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler._invoke(URLConnectionClientHandler.java:253) at com.sun.jersey.client.urlconnection.URLConnectionClientHandler.handle(URLConnectionClientHandler.java:153) ... 6 more 这是代码
import com.sun.jersey.api.client.*; import javax.net.ssl.*; import java.io.*; import java.net.HttpURLConnection; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.ProxySelector; import java.net.Socket; import java.net.URISyntaxException; import java.net.URL; import java.security.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import javax.ws.rs.core.UriBuilder; import com.sun.jersey.client.urlconnection.HTTPSProperties; import com.sun.jersey.client.urlconnection.HttpURLConnectionFactory; import com.sun.jersey.client.urlconnection.URLConnectionClientHandler; public class JerseyClient { private WebResource webResource; private Client client; //private static final String BASE_URI = "https://localhost:9028/testsecurity2/resources"; private static final String truststore_path = //my truststore path private static final String truststore_password = //my truststore pwd private static final String keystore_path = //my truststore path private static final String keystore_password = //my truststore pwd private static final String url = //my host url public JerseyClient() { com.sun.jersey.api.client.config.ClientConfig config = new com.sun.jersey.api.client.config.DefaultClientConfig(); // SSL configuration config.getProperties().put(com.sun.jersey.client.urlconnection.HTTPSProperties.PROPERTY_HTTPS_PROPERTIES, new com.sun.jersey.client.urlconnection.HTTPSProperties(getHostnameVerifier(), getSSLContext())); //client = Client.create(config); Client client = new Client(new URLConnectionClientHandler( new HttpURLConnectionFactory() { Proxy p = null; @Override public HttpURLConnection getHttpURLConnection(URL url) throws IOException { if (p == null) { if (System.getProperties().containsKey("http.proxyHost")) { p = new Proxy(Proxy.Type.HTTP, new InetSocketAddress( System.getProperty("http.proxyHost"), Integer.getInteger("http.proxyPort", 8080))); } else { p = Proxy.NO_PROXY; } } return (HttpURLConnection) url.openConnection(p); } }), config); webResource = client.resource(url); } public T get_XML(Class responseType) throws UniformInterfaceException { return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_XML).get(responseType); } public T get_JSON(Class responseType,String input) throws UniformInterfaceException { return webResource.accept(javax.ws.rs.core.MediaType.APPLICATION_JSON).post(responseType,input); } public void close() { client.destroy(); } public void setUsernamePassword(String username, String password) { client.addFilter(new com.sun.jersey.api.client.filter.HTTPBasicAuthFilter(username, password)); } private HostnameVerifier getHostnameVerifier() { return new HostnameVerifier() { @Override public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { return true; } }; } private SSLContext getSSLContext() { TrustManager mytm[] = null; KeyManager mykm[] = null; try { mytm = new TrustManager[]{new MyX509TrustManager(truststore_path, truststore_password.toCharArray())}; mykm = new KeyManager[]{new MyX509KeyManager(keystore_path, keystore_password.toCharArray())}; } catch (Exception ex) { ex.printStackTrace(); } SSLContext ctx = null; try { ctx = SSLContext.getInstance("TLS"); ctx.init(mykm, mytm, null); } catch (java.security.GeneralSecurityException ex) { } return ctx; } /** * Taken from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html * */ static class MyX509TrustManager implements X509TrustManager { /* * The default PKIX X509TrustManager9. We'll delegate * decisions to it, and fall back to the logic in this class if the * default X509TrustManager doesn't trust it. */ X509TrustManager pkixTrustManager; MyX509TrustManager(String trustStore, char[] password) throws Exception { this(new File(trustStore), password); } MyX509TrustManager(File trustStore, char[] password) throws Exception { // create a "default" JSSE X509TrustManager. KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(trustStore), password); TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX"); tmf.init(ks); TrustManager tms[] = tmf.getTrustManagers(); /* * Iterate over the returned trustmanagers, look * for an instance of X509TrustManager. If found, * use that as our "default" trust manager. */ for (int i = 0; i < tms.length; i++) { if (tms[i] instanceof X509TrustManager) { pkixTrustManager = (X509TrustManager) tms[i]; return; } } /* * Find some other way to initialize, or else we have to fail the * constructor. */ throw new Exception("Couldn't initialize"); } /* * Delegate to the default trust manager. */ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { pkixTrustManager.checkClientTrusted(chain, authType); } catch (CertificateException excep) { // do any special handling here, or rethrow exception. } } /* * Delegate to the default trust manager. */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { try { pkixTrustManager.checkServerTrusted(chain, authType); } catch (CertificateException excep) { /* * Possibly pop up a dialog box asking whether to trust the * cert chain. */ } } /* * Merely pass this through. */ public X509Certificate[] getAcceptedIssuers() { return pkixTrustManager.getAcceptedIssuers(); } } /** * Inspired from http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html * */ static class MyX509KeyManager implements X509KeyManager { /* * The default PKIX X509KeyManager. We'll delegate * decisions to it, and fall back to the logic in this class if the * default X509KeyManager doesn't trust it. */ X509KeyManager pkixKeyManager; MyX509KeyManager(String keyStore, char[] password) throws Exception { this(new File(keyStore), password); } MyX509KeyManager(File keyStore, char[] password) throws Exception { // create a "default" JSSE X509KeyManager. KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keyStore), password); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509", "SunJSSE"); kmf.init(ks, password); KeyManager kms[] = kmf.getKeyManagers(); /* * Iterate over the returned keymanagers, look * for an instance of X509KeyManager. If found, * use that as our "default" key manager. */ for (int i = 0; i < kms.length; i++) { if (kms[i] instanceof X509KeyManager) { pkixKeyManager = (X509KeyManager) kms[i]; return; } } /* * Find some other way to initialize, or else we have to fail the * constructor. */ throw new Exception("Couldn't initialize"); } public PrivateKey getPrivateKey(String arg0) { return pkixKeyManager.getPrivateKey(arg0); } public X509Certificate[] getCertificateChain(String arg0) { return pkixKeyManager.getCertificateChain(arg0); } public String[] getClientAliases(String arg0, Principal[] arg1) { return pkixKeyManager.getClientAliases(arg0, arg1); } public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) { return pkixKeyManager.chooseClientAlias(arg0, arg1, arg2); } public String[] getServerAliases(String arg0, Principal[] arg1) { return pkixKeyManager.getServerAliases(arg0, arg1); } public String chooseServerAlias(String arg0, Principal[] arg1, Socket arg2) { return pkixKeyManager.chooseServerAlias(arg0, arg1, arg2); } } public static void main(String[] args) { JerseyClient client = new JerseyClient(); Object response = client.get_JSON(String.class,""); System.out.println(response); // do whatever with response client.close(); } }
检查下面的URL,它可能对您有用http://snippet-pocket.blogspot.in/2010/07/ssl-authentication-with-apache.html ,它解释了客户端身份validation。