使用 jdk自带ssl包 进行 https通讯双向认证
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用 jdk自带ssl包 进行 https通讯双向认证相关的知识,希望对你有一定的参考价值。
package com.iraid.test; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.PrintWriter; import java.net.URL; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; /** * 使用 jdk自带ssl包 进行 https通讯双向认证。 * @author wangfeihu * */ public class HttpsTest { public static void main(String[] args) throws Exception { testHttpsWithCert(); } /** * post 请求,带双证书验证 */ public static void testHttpsWithCert() { // 授信证书库 String trustStore = "D:\\workspaces\\test\\https-native\\src\\cacerts.jks"; String trustStorePass = "changeit"; // 私钥证书 String keyStore = "D:\\workspaces\\test\\https-native\\src\\www.demo.com.p12"; String keyStorePass = "052537159932766"; PrintWriter out = null; BufferedReader in = null; String result = ""; try { TrustManager[] tms = getTrustManagers(trustStore, trustStorePass); KeyManager[] kms = getKeyManagers(keyStore, keyStorePass); SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(kms, tms, new java.security.SecureRandom()); SSLSocketFactory ssf = sslContext.getSocketFactory(); // 服务链接 URL url = new URL( "https://www.demo.com/rest/UidApiService/authCardWithoutOTP"); // 请求参数 String params = "{\"merchantCode\": \"www.demo.com\"," + "\"sessionId\": \"10000011\"," + "\"userName\": \"jack\"," + "\"idNumber\": \"432652515\"," + "\"cardNo\": \"561231321\"," + "\"phoneNo\": \"\"}"; HttpsURLConnection conn = (HttpsURLConnection) url.openConnection(); conn.setSSLSocketFactory(ssf); // 设置通用的请求属性 conn.setRequestProperty("accept", "*/*"); conn.setRequestProperty("connection", "Keep-Alive"); conn.setRequestProperty("user-agent", "Mozilla/4.0"); // content-type 按具体需要进行设置 conn.setRequestProperty("content-type", "application/json"); // 发送POST请求必须设置如下两行 conn.setDoOutput(true); conn.setDoInput(true); // 获取URLConnection对象对应的输出流 out = new PrintWriter(conn.getOutputStream()); // 发送请求参数 out.print(params); // flush输出流的缓冲 out.flush(); // 定义BufferedReader输入流来读取URL的响应 in = new BufferedReader( new InputStreamReader(conn.getInputStream())); String line; while ((line = in.readLine()) != null) { result += line; } System.out.println(result); } catch (Exception e) { e.printStackTrace(); } finally { try { in.close(); out.close(); } catch (IOException e) { e.printStackTrace(); } } } /** * 加载信任证书库 * * @param trustStore * @param trustStorePass * @return * @throws IOException */ private static TrustManager[] getTrustManagers(String trustStore, String trustStorePass) throws IOException { try { String alg = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory factory = TrustManagerFactory.getInstance(alg); InputStream fp = new FileInputStream(trustStore); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(fp, trustStorePass.toCharArray()); fp.close(); factory.init(ks); TrustManager[] tms = factory.getTrustManagers(); System.out.println(tms); return tms; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } return null; } /** * 加载私钥证书 * * @param keyStore * @param keyStorePass * @return * @throws IOException */ private static KeyManager[] getKeyManagers(String keyStore, String keyStorePass) throws IOException { try { String alg = KeyManagerFactory.getDefaultAlgorithm(); KeyManagerFactory factory = KeyManagerFactory.getInstance(alg); InputStream fp = new FileInputStream(keyStore); KeyStore ks = KeyStore.getInstance("PKCS12"); ks.load(fp, keyStorePass.toCharArray()); fp.close(); factory.init(ks, keyStorePass.toCharArray()); KeyManager[] keyms = factory.getKeyManagers(); System.out.println(keyms); return keyms; } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } return null; } }
本文出自 “流浪的脚步” 博客,请务必保留此出处http://now51jq.blog.51cto.com/3474143/1789539
以上是关于使用 jdk自带ssl包 进行 https通讯双向认证的主要内容,如果未能解决你的问题,请参考以下文章
JDK自带工具keytool生成ssl证书(web服务https配置)