qq_32697113
qq_32697113
采纳率0%
2018-07-19 02:08 阅读 967

tomcat配置客户端ssl证书

10

我这里远程调用https接口,通过mian方法直接调用可以调通;通过调用webservice接口再调用远程https接口,返回

400 No required SSL certificate was sent

400 Bad Request


No required SSL certificate was sent

WEBSERVER


客户端证书一般不都是java代码加载吗?代码如下:
public static HttpClient getInstance() throws Exception {
HttpClient client = new DefaultHttpClient();
String path = Thread.currentThread().getContextClassLoader().getResource(".").getPath();
System.out.println(path);
SSLContext ctx = SSLContext.getInstance("TLS");
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(path+Dom4J.getDocumentValue("keyStore")), Dom4J.getDocumentValue("keyPassword").toCharArray());
System.out.println(path+Dom4J.getDocumentValue("keyStore"));
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
kmf.init(ks, Dom4J.getDocumentValue("keyPassword").toCharArray());
KeyStore ts = KeyStore.getInstance("jks");
ts.load(new FileInputStream(path+Dom4J.getDocumentValue("trustStore")), Dom4J.getDocumentValue("trustPassword").toCharArray());
System.out.println(path+Dom4J.getDocumentValue("trustStore"));
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
tmf.init(ts);
ctx.init(kmf.getKeyManagers(), new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 8443));
client = new DefaultHttpClient(ccm, client.getParams());
return client;
}
  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享

3条回答 默认 最新

  • xcgh xcgh 2018-07-19 07:12
     import java.io.IOException;
    import java.net.Socket;
    import java.net.UnknownHostException;
    import java.security.KeyManagementException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.UnrecoverableKeyException;
    
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    
    import org.apache.http.conn.ssl.SSLSocketFactory;
    
    public class SSLSocketFactoryEx extends SSLSocketFactory {
    
        SSLContext sslContext = SSLContext.getInstance("TLS");
    
        public SSLSocketFactoryEx(KeyStore truststore)
    
        throws NoSuchAlgorithmException, KeyManagementException,
    
        KeyStoreException, UnrecoverableKeyException {
    
            super(truststore);
    
            TrustManager tm = new X509TrustManager() {
    
                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
    
                    return null;
    
                }
    
                @Override
                public void checkClientTrusted(
    
                java.security.cert.X509Certificate[] chain, String authType)
    
                throws java.security.cert.CertificateException {
    
                }
    
                @Override
                public void checkServerTrusted(
    
                java.security.cert.X509Certificate[] chain, String authType)
    
                throws java.security.cert.CertificateException {
    
                }
    
            };
    
            sslContext.init(null, new TrustManager[] { tm }, null);
    
        }
    
        @Override
        public Socket createSocket(Socket socket, String host, int port,
    
        boolean autoClose) throws IOException, UnknownHostException {
    
            return sslContext.getSocketFactory().createSocket(socket, host, port,
    
            autoClose);
    
        }
    
        @Override
        public Socket createSocket() throws IOException {
    
            return sslContext.getSocketFactory().createSocket();
    
        }
    }
    
    import java.security.KeyStore;
    
    import org.apache.http.HttpVersion;
    import org.apache.http.client.HttpClient;
    import org.apache.http.conn.ClientConnectionManager;
    import org.apache.http.conn.params.ConnManagerParams;
    import org.apache.http.conn.scheme.PlainSocketFactory;
    import org.apache.http.conn.scheme.Scheme;
    import org.apache.http.conn.scheme.SchemeRegistry;
    import org.apache.http.conn.ssl.SSLSocketFactory;
    import org.apache.http.impl.client.DefaultHttpClient;
    import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
    import org.apache.http.params.BasicHttpParams;
    import org.apache.http.params.HttpConnectionParams;
    import org.apache.http.params.HttpParams;
    import org.apache.http.params.HttpProtocolParams;
    import org.apache.http.protocol.HTTP;
    
    public class HttpClientHelper {
        private static HttpClient httpClient;
    
        private HttpClientHelper() {
    
        }
    
        public static synchronized HttpClient getHttpClient() {
    
            if (null == httpClient) {
    
                // 初始化工作
    
                try {
    
                    KeyStore trustStore = KeyStore.getInstance(KeyStore
    
                    .getDefaultType());
    
                    trustStore.load(null, null);
    
                    SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
    
                    sf
                            .setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); //允许所有主机的验证
    
                    HttpParams params = new BasicHttpParams();
    
                    HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
    
                    HttpProtocolParams.setContentCharset(params,
    
                    HTTP.DEFAULT_CONTENT_CHARSET);
    
                    HttpProtocolParams.setUseExpectContinue(params, true);
    
                    // 设置连接管理器的超时
    
                    ConnManagerParams.setTimeout(params, 10000);
    
                    // 设置连接超时
    
                    HttpConnectionParams.setConnectionTimeout(params, 10000);
    
                    // 设置socket超时
    
                    HttpConnectionParams.setSoTimeout(params, 10000);
    
                    // 设置http https支持
    
                    SchemeRegistry schReg = new SchemeRegistry();
    
                    schReg.register(new Scheme("http", PlainSocketFactory
    
                    .getSocketFactory(), 80));
    
                    schReg.register(new Scheme("https", sf, 443));
    
                    ClientConnectionManager conManager = new ThreadSafeClientConnManager(
    
                    params, schReg);
    
                    httpClient = new DefaultHttpClient(conManager, params);
    
                } catch (Exception e) {
    
                    e.printStackTrace();
    
                    return new DefaultHttpClient();
    
                }
    
            }
    
            return httpClient;
    
        }
    }
    

    试试

    点赞 1 评论 复制链接分享
  • xcgh xcgh 2018-07-19 02:51
  • zminjiao111 zminjiao111 2018-07-19 05:33
    点赞 评论 复制链接分享

相关推荐