[英]Creating SSL client with Axis2/Java
我正在嘗試連接到使用 SSL 但沒有成功的 WebService。 I use Axis2, I found some usefull article: http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html , but it is for C. 在本文中,他們使用 axis2.xml 或 C 編碼設置了 SERVER_CERT、KEY_FILE 和 SSL_PASSPHRASE 的路徑。 我試圖更改配置文件,但這對我不起作用。 如果有人知道如何從 Java 代碼中設置此參數,請告訴我。
您可能對類似問題的答案感興趣。 特別是,Axis 2 似乎正在使用 Apache HttpClient 3.x,根據此文檔:
如果要進行 SSL 客戶端認證(2-way SSL),可以使用 HttpClient 的 Protocol.registerProtocol 特性。 如果您不想弄亂常規的 https,您可以覆蓋“https”協議,或者為您的 SSL 客戶端身份驗證通信使用不同的協議。 更多信息請訪問http://jakarta.apache.org/commons/httpclient/sslguide.html
(您可以從現有的密鑰庫構建 SSLContext,並使用 此套接字工廠配置 HttpClient 3.1。)
我為不同的端點初始化了 EasySSLProtocolSocketFactory和 Protocol 實例,並使用這樣的唯一鍵注冊協議:
/**
* This method does the following:
* 1. Creates a new and unique protocol for each SSL URL that is secured by client certificate
* 2. Bind keyStore related information to this protocol
* 3. Registers it with HTTP Protocol object
* 4. Stores the local reference for this custom protocol for use during furture collect calls
*
* @throws Exception
*/
public void registerProtocolCertificate() throws Exception {
EasySSLProtocolSocketFactory easySSLPSFactory = new EasySSLProtocolSocketFactory();
easySSLPSFactory.setKeyMaterial(createKeyMaterial());
myProtocolPrefix = (HTTPS_PROTOCOL + uniqueCounter.incrementAndGet());
Protocol httpsProtocol = new Protocol(myProtocolPrefix,(ProtocolSocketFactory) easySSLPSFactory, port);
Protocol.registerProtocol(myProtocolPrefix, httpsProtocol);
log.trace("Protocol [ "+myProtocolPrefix+" ] registered for the first time");
}
/**
* Load keystore for CLIENT-CERT protected endpoints
*/
private KeyMaterial createKeyMaterial() throws GeneralSecurityException, Exception {
KeyMaterial km = null;
char[] password = keyStorePassphrase.toCharArray();
File f = new File(keyStoreLocation);
if (f.exists()) {
try {
km = new KeyMaterial(keyStoreLocation, password);
log.trace("Keystore location is: " + keyStoreLocation + "");
} catch (GeneralSecurityException gse) {
if (logErrors){
log.error("Exception occured while loading keystore from the following location: "+keyStoreLocation, gse);
throw gse;
}
}
} else {
log.error("Unable to load Keystore from the following location: " + keyStoreLocation );
throw new CollectorInitException("Unable to load Keystore from the following location: " + keyStoreLocation);
}
return km;
}
當我必須調用 web 服務時,我會這樣做(基本上將 URL 中的“https”替換為 https1、https2 或其他內容,具體取決於您為該特定端點初始化的協議):
httpClient.getHostConfiguration().setHost(host, port,Protocol.getProtocol(myProtocolPrefix));
initializeHttpMethod(this.url.toString().replace(HTTPS_PROTOCOL, myProtocolPrefix));
它就像一個魅力!
好的,這是> 10年后,但無論如何。 這本可以為我節省一些今天的時間:)
使用 SSLContext 創建自定義 HttpClient:
public static HttpClient sslEnabledHttpClient(final URL ks, final char[] storePass,
final URL ts, final char[] tsPass) {
try {
//Minimalistic SSLContext.
final SSLContextBuilder builder = SSLContexts.custom()
.loadKeyMaterial(ks, storePass, storePass);
if (ts != null) {
builder.loadTrustMaterial(ts, tsPass);
}
final SSLContext sslContext = builder.build();
return HttpClientBuilder.create().setSSLContext(sslContext).build();
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
並使用它:
// Out of the box Axis2 does not support SSL with client authentication.
// So we need a custom HttpClient.
final HttpClient client = Util.sslEnabledHttpClient(
this.keyStoreURL, this.keyStorePassword.toCharArray(),
this.trustStoreURL, this.trustStorePassword.toCharArray());
myStub._getServiceClient().getOptions().setProperty(HTTPConstants.CACHED_HTTP_CLIENT, client);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.