我正致力于 SSL two way authentication using self signed certificates . 我为 client(client-keystore.jks) 和 server(server-keystore.jks) 创建了两个密钥库,将证书从密钥库导出并导入客户端证书到服务器密钥库和服务器证书到客户端密钥库 . 并在 server.xml 中更新了所需的连接器条目,并将这两个证书添加到java信任库 cacerts .
Java客户端代码:
KeyStore trustStore = KeyStore.getInstance("JKS", "SUN");
trustStore.load(SSLImplemetation.class.getResourceAsStream("C:/Program Files/Java/jdk1.7.0_79/jre/lib/security/cacerts"), "changeit".toCharArray());
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
KeyStore keystore = KeyStore.getInstance("JKS", "SUN");
keystore.load(SSLImplemetation.class.getResourceAsStream("<dir path>/client-keystore.jks"), "test".toCharArra());
String keyAlg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyFac = KeyManagerFactory.getInstance(keyAlg);
keyFac.init(keystore, "test".toCharArray());
SSLContext ctx = SSLContext.getInstance("TLS", "SunJSSE");
ctx.init(keyFac.getKeyManagers(),fac.getTrustManagers(), new SecureRandom());
SslContextedSecureProtocolSocketFactory secureProtocolSocketFactory = new SslContextedSecureProtocolSocketFactory(ctx);
Protocol.registerProtocol("https", new Protocol("https", (ProtocolSocketFactory) secureProtocolSocketFactory, 8443));
CloseableHttpClient httpClient = HttpClientBuilder.create().build();
HttpPost request = new HttpPost("<rest service url>");
JSONObject obj = new JSONObject();
StringEntity params =new StringEntity(obj.toString());
request.addHeader("content-type", "application/json");
request.setEntity(params);
HttpResponse response = httpClient.execute(request);
System.out.println(response.getStatusLine());
server.xml中:
<Connector
protocol="org.apache.coyote.http11.Http11Protocol"
port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="<dir path>/server-keystore.jks" keystorePass="test"
truststoreFile="C:/Program Files/Java/jdk1.7.0_79/jre/lib/security/cacerts"
truststorePass="changeit" />
我是SSl的新手,所以有点困惑 . 任何帮助,将不胜感激 .
1 回答
下面的代码对我来说很好,在创建了两个客户端和服务器密钥库并将证书放入java信任库之后,我使用了以下代码进行SSL相互认证 .
conn.setHostnameVerifier(new HostnameVerifier(){
在server.xml
NOTE: Set HostnameVerifier in HttpsURLConnection object and CN of client and server keystore should be host name.
如果有更好的解决方案,请建议 .