12
A
回答
21
下面是一些代碼,讓你去。 KeyStore是包含客戶端證書的對象。如果服務器正在使用自簽名證書或由JVM在附帶的cacerts文件中識別的未由CA簽名的證書,那麼您將需要使用TrustStore。否則使用默認cacerts文件,在傳遞到null爲SSLSockeFactory信任存儲參數..
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;
...
final HttpParams httpParams = new BasicHttpParams();
// load the keystore containing the client certificate - keystore type is probably jks or pkcs12
final KeyStore keystore = KeyStore.getInstance("pkcs12");
InputStream keystoreInput = null;
// TODO get the keystore as an InputStream from somewhere
keystore.load(keystoreInput, "keystorepassword".toCharArray());
// load the trustore, leave it null to rely on cacerts distributed with the JVM - truststore type is probably jks or pkcs12
KeyStore truststore = KeyStore.getInstance("pkcs12");
InputStream truststoreInput = null;
// TODO get the trustore as an InputStream from somewhere
truststore.load(truststoreInput, "truststorepassword".toCharArray());
final SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", new SSLSocketFactory(keystore, keystorePassword, truststore), 443));
final DefaultHttpClient httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, schemeRegistry), httpParams);
2
另一種解決方案(從另一示例複製)。我使用了'trusting'(trustStore)和用於驗證自己(keyStore)的相同密鑰庫。
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("miller.keystore"));
try {
trustStore.load(instream, "pw".toCharArray());
} finally {
instream.close();
}
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(trustStore) /* this key store must contain the certs needed & trusted to verify the servers cert */
.loadKeyMaterial(trustStore, "pw".toCharArray()) /* this keystore must contain the key/cert of the client */
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
try {
HttpGet httpget = new HttpGet("https://localhost");
System.out.println("executing request" + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
}
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
0
我從HttpClient網站上的示例代碼(如果我沒有記錯的話,自定義SSL上下文)使用以下代碼。
{
KeyStore keyStore = KeyStore.getInstance("PKCS12"); //client certificate holder
FileInputStream instream = new FileInputStream(new File(
"client-p12-keystore.p12"));
try {
trustStore.load(instream, "password".toCharArray());
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext = SSLContexts.custom()
.loadKeyMaterial(keyStore, "password".toCharArray())
// .loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()) //if you have a trust store
.build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients
.custom()
.setHostnameVerifier(
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER) //todo
.setSSLSocketFactory(sslsf).build();
try {
HttpGet httpget = new HttpGet("https://localhost:8443/secure/index");
System.out.println("executing request" + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: "
+ entity.getContentLength());
}
EntityUtils.consume(entity);
} finally {
response.close();
}
} finally {
httpclient.close();
}
}
+0
鏈接到源將是有益的... – 2015-01-08 01:07:47
+1
@EvilRaat http://hc.apache.org/httpcomponents-client-4.3.x/httpclient/examples/org/apache/http/examples/client/ClientCustomSSL.java從http:// HC .apache.org/httpcomponents-客戶版本4.3.x/examples.html – EpicPandaForce 2015-01-08 09:04:04
相關問題
- 1. 使用Java API驗證X509證書
- 2. 使用X509證書驗證SOAP請求
- 3. x509證書驗證C
- 4. 驗證X509證書時驗證簽名
- 5. Apache HttpClient 4.3和x509客戶端證書進行身份驗證
- 6. JSCEP與x509證書和屬性證書
- 7. 如何驗證C中的X509證書
- 8. Android手冊X509證書鏈驗證
- 9. Java X509證書解析和驗證
- 10. WCF身份驗證-X509證書
- 11. 驗證x509客戶端證書
- 12. rsacryptoserviceprovider使用x509證書c#
- 13. 爲X509證書
- 14. X509證書與主題UID
- 15. dotnetcore相互證書認證?
- 16. Apache HTTPClient在相互身份驗證期間不發送客戶端證書
- 17. 龍捲風與自我簽名證書相互驗證
- 18. 驗證遠程服務器x509證書使用CA證書文件
- 19. 如何在Python中驗證/驗證X509證書信任鏈?
- 20. X509使用SerialNumber或公鑰進行證書驗證
- 21. 使用x509證書進行S/MIME驗證
- 22. HttpClient的與客戶端證書認證
- 23. xades4j驗證問題與嵌入x509證書
- 24. 與驗證證書
- 25. 請求X509證書
- 26. 解析X509證書
- 27. 解析X509證書
- 28. x509證書信息
- 29. X509證書格式
- 30. 打開X509證書
謝謝。我會很快檢查出來的。 – hooknc 2010-07-30 22:10:41
此解決方案完美工作。謝謝您的幫助。 僅供參考,由於SSL握手重新談判的問題,我不得不設置以下虛擬機屬性: -Dsun.security.ssl.allowUnsafeRenegotiation =真 我/是與Java 1.6.0_20和Tomcat 6.0.29工作。 – hooknc 2010-08-18 16:52:01
使用jdk 1.6.0_24或更高版本時,不再需要上述註釋。 – hooknc 2011-04-05 15:43:49