[英]Signing messages using Apache CXF's JAX-RS implementation
我有一个 .jks 文件,我需要使用 JAX-RS 对消息进行签名。 我正在使用 apache-cxf 的其余实现。 我已经浏览了apache cxf站点以使用jax-rs对消息进行签名,但是我对此没有明确的想法。
编码:
String keystr = "src/main/resources/keystore.jks";
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream fis = new FileInputStream(keystr );
keyStore.load(fis, KEYSTORE_PWD.toCharArray());
PrivateKey key = (PrivateKey) keyStore.getKey("", KEYSTORE_PWD.toCharArray());
SSLContext sslCtxt= SSLContexts.custom().loadTrustMaterial(keyStore).build();
SSLConnectionSocketFactory sslConn = new SSLConnectionSocketFactory(sslCtxt, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslConn ).build();
HttpGet getReq = new HttpGet("http://localhost:8080/xyz?sss=abc");
CloseableHttpResponse response = httpclient.execute(getReq );
HttpEntity entity = response.getEntity();
if (entity != null) {
BufferedReader br = new BufferedReader(new InputStreamReader(entity.getContent()));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = br.readLine()) != null) {
result.append(line);
}
}
使用命名空间xmlns:http="http://cxf.apache.org/transports/http/configuration"
将 http 管道添加到您的 cxf 配置文件并加载 jks 文件的最简单和最简单的方法。 注意name="*.http-conduit"
这适用于所有传出 cxf 请求。 您可以根据需要调整到您的特定网址。 有关详细信息,请参阅此处
<http:conduit name="*.http-conduit">
<http:tlsClientParameters>
<sec:keyManagers keyPassword="${'ssl.keystorepassword'}">
<sec:keyStore type="JKS" password="${'ssl.keystorepassword'}"
file="${'ssl.keystorefile')}" />
</sec:keyManagers>
<sec:trustManagers>
<sec:keyStore type="JKS" password="${'ssl.truststorepassword'}"
file="${'ssl.truststorefile'}" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*_EXPORT_.*</sec:include>
<sec:include>.*_EXPORT1024_.*</sec:include>
<sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
<sec:include>.*_WITH_NULL_.*</sec:include>
<sec:exclude>.*_DH_anon_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
</http:authorization>
<http:client AutoRedirect="true" Connection="Keep-Alive" />
</http:conduit>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.