[英]Jersey Client with SSL Mutual Authentication
我有一個用java編寫的代碼和im使用jersey客戶端,我試圖做一個相互認證,所以我也有一個.jks包含我的CA簽名的證書,所以這是我的代碼
@SuppressWarnings("static-access")
@POST
@Path("PruebaPlumaCalva")
public Response testPlumaCalva(String jsonObject)
{
// ClientBuilder.newClient().
logger.debug("Test");
Map<String, Object> payload = new HashMap<String, Object>();
payload.put("documentType", x);
payload.put("documentNumber", xxxxxx);
payload.put("partner", "xxx");
payload.put("transactionId", "xxxxx");
logger.debug("Mis parametros son:" + payload);
String json = null;
try
{
json = (new ObjectMapper()).writeValueAsString(payload);
}
catch (JsonProcessingException e)
{
}
HttpAuthenticationFeature feature = HttpAuthenticationFeature.basic("xxxxx", "xxxx");
//SSLContext scl = SslConfigurator.newInstance().trustStoreFile("C:/Users/juan.rojas/Documents/Juan José/Proyectos/PagosMoviles/KeyStore.jks").trustStorePassword("123456").keyStoreFile("C:/Users/juan.rojas/Documents/Juan José/Proyectos/PagosMoviles/KeyStore.jks").keyPassword("123456").createSSLContext();
SSLContext scl = SslConfigurator.newInstance().trustStoreFile("/cdrive/f_drive/Pos.jks").trustStorePassword("123456").keyStoreFile("/cdrive/f_drive/Pos.jks").keyPassword("test").createSSLContext();
Client client = ClientBuilder.newBuilder()
.sslContext(scl)
.build();
client.register(feature);
WebTarget webTarget = client.target("xxxxxxxx");
Invocation.Builder invocationB = webTarget.request(MediaType.APPLICATION_JSON_TYPE);
Response response = invocationB.post(Entity.json(json));
JsonNode jsonNode = bonusUtilities.createJsonNode(response);
logger.debug("JsonNode Answer" + jsonNode);
int x = 0;
return response;
}
因此,當我只使用1個證書執行該代碼時,他工作得很好,但是當我有2個證書他不工作時,我認為問題是.jks不知道他必須使用哪個證書,但我不知道如何指定哪個他必須使用的一個,我已經看了很多論壇,但我不能看到有人為我解決我的問題
我有同樣的問題,可以通過這個答案來解決它。 基本上,沒有辦法“開箱即用”,你必須實現自己的KeyManager。
我將鏈接的答案簡化了一點,代碼看起來像這樣:
public class FilteredKeyManager implements X509KeyManager {
private final X509KeyManager originatingKeyManager;
public FilteredKeyManager(X509KeyManager originatingKeyManager) {
this.originatingKeyManager = originatingKeyManager;
}
@Override
public String chooseClientAlias(String[] arg0, Principal[] arg1, Socket arg2) {
return "yourAliasHere";
}
}
對於其余的overriden方法,只需調用originatingKeyManager即可。
要創建SSLContext,我沒有使用SSLConfigurator,但參數是相同的(路徑和密碼)。
// Init keystore
KeyStore ks = KeyStore.getInstance("JKS");
FileInputStream ksFile = new FileInputStream("yourKeystorePath");
ks.load(ksFile, "keystorePassword".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(ks, pass);
// Init truststore
KeyStore trustKeystore = KeyStore.getInstance("JKS"));
FileInputStream tsFile = new FileInputStream("yourTruststorePath"));
trustKeystore.load(tsFile, "truststorePassword".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustKeystore);
// Create instance of custom KeyManager
KeyManager[] km = new KeyManager[] { new FilteredKeyManager((X509KeyManager) kmf.getKeyManagers()[0]) };
// Create SSLContext using custom KeyManager
SSLContext context = SSLContext.getInstance("TLSv1");
context.init(km, ts, new SecureRandom());
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.