堆栈内存溢出
  简体   繁体   English

Outboud连接上的客户端证书

[英]Client certificate on outboud connection

 原文  2018-04-05 13:20:12       java/ ssl/ jboss/ jax-rs/ wildfly

问题描述

On my application I need to access a bunch of REST webservices using Client Authentication. 在我的应用程序上,我需要使用客户端身份验证访问一堆REST Web服务。 I'm using RestEasy's implementation of JAX-RS Client (which is actually using Apache HttpComponents under the hood). 我正在使用RestEasy的JAX-RS Client实现(实际上是在后台使用Apache HttpComponents)。

First I try to load the KeyStore : 首先,我尝试加载KeyStore 

private static KeyStore keyStore;

static {
    try {
        String keyStoreProperty = System.getProperty("javax.net.ssl.keyStore");
        String keyStorePasswordProperty = System.getProperty("javax.net.ssl.keyStorePassword");

        if (keyStoreProperty != null && keyStorePasswordProperty != null) {
            keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            try (InputStream keyStoreData = new FileInputStream(keyStoreProperty)) {
                keyStore.load(keyStoreData, keyStorePasswordProperty.toCharArray());
            }
        }
    } catch (IOException | NoSuchAlgorithmException | CertificateException | KeyStoreException e) {
        //logging
    }
}

Next I use the previously loaded KeyStore to build the javax.ws.rs.client.Client : 接下来,我使用先前加载的KeyStore来构建javax.ws.rs.client.Client 

Client client;
if (keyStore != null) {
    client = ClientBuilder.newBuilder()
        .keyStore(keyStore, System.getProperty("javax.net.ssl.keyStorePassword")).build();
} else {
    //logging
}

However, this code doesn't seems to be the right way to do things. 但是,这段代码似乎并不是正确的处理方式。

I would like to know if it's possible to configure the keyStore on JBoss/WildFly and let it apply it on outbound connections, ideally based on URL patterns. 我想知道是否有可能在JBoss / WildFly上配置keyStore并将其应用于出站连接,最好基于URL模式。

1 个解决方案

解决方案1
 1  2018-04-19 14:17:09

WildFly does not have that. WildFly没有。

Regarding your code when configuring 2-way SSL you need also trustStore configured. 关于在配置2向SSL时的代码,还需要配置trustStore。 To make client trust to server you are connecting. 为了使客户端信任服务器,您正在连接。 Or alternatively use ssl context instead of keyStore trustStore pair [1]. 或者,也可以使用ssl上下文代替keyStore trustStore对[1]。

[1] https://docs.oracle.com/javaee/7/api/javax/ws/rs/client/ClientBuilder.html [1] https://docs.oracle.com/javaee/7/api/javax/ws/rs/client/ClientBuilder.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 与Android应用程序中的客户端证书的HTTPS连接 - HTTPS connection with client certificate in an android app SSL套接字连接即使客户端没有发送证书也能正常工作? - SSL Socket Connection working even though client is not sending certificate? 将客户端证书设置为Java HTTP连接中的请求属性? - Setting a client certificate as a request property in a Java HTTP connection? Java服务器自签名证书+客户端证书和SSL - 连接重置 - Java server self-signed certificate + client certificate and SSL - connection reset Java 11给出了不支持的握手消息:HTTPS与客户端证书的连接上的server_hello_done - Java 11 gives Unsupported handshake message: server_hello_done on HTTPS connection with client certificate 如何使用用户名/密码(无证书)通过https设置CXF / SOAP客户端连接 - How do I setup a CXF/SOAP client connection over https with username/password (no certificate) 具有自签名证书的Java SSL连接,无需将完整的密钥库复制到客户端 - Java SSL connection with self-signed certificate without copying complete keystore to client 有没有办法以 2 路 ssl 连接从 java 代码中恢复客户端证书的通用名称? - Is there a way to recover the common name of a client certificate from java code in a 2 way ssl connection? 带证书的SSL连接 - SSL connection with certificate Restlet发送客户端证书 - Restlet sending client certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM