tomcat配置客户端ssl证书 10C

我这里远程调用https接口,通过mian方法直接调用可以调通;通过调用webservice接口再调用远程https接口,返回

400 No required SSL certificate was sent

400 Bad Request


No required SSL certificate was sent

WEBSERVER


客户端证书一般不都是java代码加载吗?代码如下:
public static HttpClient getInstance() throws Exception {
HttpClient client = new DefaultHttpClient();
String path = Thread.currentThread().getContextClassLoader().getResource(".").getPath();
System.out.println(path);
SSLContext ctx = SSLContext.getInstance("TLS");
KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(path+Dom4J.getDocumentValue("keyStore")), Dom4J.getDocumentValue("keyPassword").toCharArray());
System.out.println(path+Dom4J.getDocumentValue("keyStore"));
KeyManagerFactory kmf = KeyManagerFactory.getInstance("sunx509");
kmf.init(ks, Dom4J.getDocumentValue("keyPassword").toCharArray());
KeyStore ts = KeyStore.getInstance("jks");
ts.load(new FileInputStream(path+Dom4J.getDocumentValue("trustStore")), Dom4J.getDocumentValue("trustPassword").toCharArray());
System.out.println(path+Dom4J.getDocumentValue("trustStore"));
TrustManagerFactory tmf = TrustManagerFactory.getInstance("sunx509");
tmf.init(ts);
ctx.init(kmf.getKeyManagers(), new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", ssf, 8443));
client = new DefaultHttpClient(ccm, client.getParams());
return client;
}

3个回答

qq_32697113
qq_32697113 不好用呀
接近 2 年之前 回复
qq_32697113
qq_32697113 这个还是tomcat作为服务端的配置呀,我这里其实是作为了客户端,调用远程https接口的
接近 2 年之前 回复
 import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ssl.SSLSocketFactory;

public class SSLSocketFactoryEx extends SSLSocketFactory {

    SSLContext sslContext = SSLContext.getInstance("TLS");

    public SSLSocketFactoryEx(KeyStore truststore)

    throws NoSuchAlgorithmException, KeyManagementException,

    KeyStoreException, UnrecoverableKeyException {

        super(truststore);

        TrustManager tm = new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {

                return null;

            }

            @Override
            public void checkClientTrusted(

            java.security.cert.X509Certificate[] chain, String authType)

            throws java.security.cert.CertificateException {

            }

            @Override
            public void checkServerTrusted(

            java.security.cert.X509Certificate[] chain, String authType)

            throws java.security.cert.CertificateException {

            }

        };

        sslContext.init(null, new TrustManager[] { tm }, null);

    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,

    boolean autoClose) throws IOException, UnknownHostException {

        return sslContext.getSocketFactory().createSocket(socket, host, port,

        autoClose);

    }

    @Override
    public Socket createSocket() throws IOException {

        return sslContext.getSocketFactory().createSocket();

    }
}

import java.security.KeyStore;

import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnManagerParams;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;

public class HttpClientHelper {
    private static HttpClient httpClient;

    private HttpClientHelper() {

    }

    public static synchronized HttpClient getHttpClient() {

        if (null == httpClient) {

            // 初始化工作

            try {

                KeyStore trustStore = KeyStore.getInstance(KeyStore

                .getDefaultType());

                trustStore.load(null, null);

                SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);

                sf
                        .setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); //允许所有主机的验证

                HttpParams params = new BasicHttpParams();

                HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

                HttpProtocolParams.setContentCharset(params,

                HTTP.DEFAULT_CONTENT_CHARSET);

                HttpProtocolParams.setUseExpectContinue(params, true);

                // 设置连接管理器的超时

                ConnManagerParams.setTimeout(params, 10000);

                // 设置连接超时

                HttpConnectionParams.setConnectionTimeout(params, 10000);

                // 设置socket超时

                HttpConnectionParams.setSoTimeout(params, 10000);

                // 设置http https支持

                SchemeRegistry schReg = new SchemeRegistry();

                schReg.register(new Scheme("http", PlainSocketFactory

                .getSocketFactory(), 80));

                schReg.register(new Scheme("https", sf, 443));

                ClientConnectionManager conManager = new ThreadSafeClientConnManager(

                params, schReg);

                httpClient = new DefaultHttpClient(conManager, params);

            } catch (Exception e) {

                e.printStackTrace();

                return new DefaultHttpClient();

            }

        }

        return httpClient;

    }
}

试试

qq_32697113
qq_32697113 webservice接口是个普通的http接口,接口里面又调用远程https服务,就调不通了。
接近 2 年之前 回复
xcgh
xcgh https可以调用,但是从http跳转https是不行的,所以你的webservice需要证书
接近 2 年之前 回复
qq_32697113
qq_32697113 感谢下,我已经实现直接调用https接口了。只是我把调用方法封装成webservice接口,放入tomcat后;再通过调用webservice接口,就调不通了
接近 2 年之前 回复
Csdn user default icon
上传中...
上传图片
插入图片
抄袭、复制答案,以达到刷声望分或其他目的的行为,在CSDN问答是严格禁止的,一经发现立刻封号。是时候展现真正的技术了!
立即提问