关于code 上server的证书的问题
1.连接上一篇的第一种方法用httpClient:
CertificateOperations certOps = new CertificateOperations();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(certOps.getKeyManagerFactory().getKeyManagers(), certOps.getTrustAllCertsManagers(), new SecureRandom());
SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpClient = HttpClients.custom().setSSLSocketFactory(factory).build();
public class CertificateOperations {
private static final Logger logger = Logger.getLogger(CertificateOperations.class.getSimpleName());
private static String CLIENT_KEYSTORE_TYPE_JKS = "";//证书类型
private static String CLIENT_KEYSTORE_PATH_JKS = "";//证书路径
private static String CLIENT_KEYSTORE_PASS_JKS = "";//证书密码
private KeyStore cks = null;
private KeyManagerFactory kmf = null;
private TrustManagerFactory tmf = null;
private TrustManager[] trustManagers = null;
public CertificateOperations(String strKeyType) {
try {
String CLIENT_KEYSTORE_TYPE = CLIENT_KEYSTORE_TYPE_JKS;
String CLIENT_KEYSTORE_PATH = CLIENT_KEYSTORE_PATH_JKS;
String CLIENT_KEYSTORE_PASS = CLIENT_KEYSTORE_PASS_JKS;
if ("PKC".equalsIgnoreCase(strKeyType)) {
CLIENT_KEYSTORE_TYPE = CLIENT_KEYSTORE_TYPE_PKC;
CLIENT_KEYSTORE_PATH = CLIENT_KEYSTORE_PATH_PKC;
CLIENT_KEYSTORE_PASS = CLIENT_KEYSTORE_PASS_PKC;
}
cks = KeyStore.getInstance(CLIENT_KEYSTORE_TYPE);
//cks.load(null, null);
cks.load(new FileInputStream(CLIENT_KEYSTORE_PATH), CLIENT_KEYSTORE_PASS.toCharArray());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
// Use it to build an X509 trust manager.
kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(cks, CLIENT_KEYSTORE_PASS.toCharArray());
tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(cks);
trustManagers = tmf.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
for ( TrustManager tm : trustManagers) {
if (tm instanceof X509TrustManager) {
final X509TrustManager manager=(X509TrustManager)tm;
X509Certificate[] acceptedIssuers=manager.getAcceptedIssuers();
for (int i=0; i < acceptedIssuers.length; i++) {
X509Certificate issuer=acceptedIssuers[i];
logger.info(String.format("Issuer #%d, subject DN=<%s>, serial=<%s>", i,
issuer.getSubjectDN(), issuer.getSerialNumber()));
}
}
}
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
}
public TrustManager[] getTrustAllCertsManagers() {
final TrustManager[] trustAllCertsManagers = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0];
}
}
};
return trustAllCertsManagers;
}
public KeyManagerFactory getKeyManagerFactory() {
return kmf;
}
public TrustManagerFactory getTrustManagerFactory() {
return tmf;
}
public TrustManager[] getTrustManagers() {
return trustManagers;
}
}
2.连接上一篇的第二种方法用restAccessor:
try{
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(SSLContextHelper.getSSLContext("Path", "Password"));
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
HttpComponentsClientHttpRequestFactory requestFactory=new HttpComponentsClientHttpRequestFactory(httpClient);
RestTemplate restTemplate=new RestTemplate(requestFactory);
restAccessor.setRestTemplate(restTemplate);
}catch(Exception e)
{
e.printStackTrace();
}