赞
踩
1.首先要确认是双向认证还是单向认证,如果是只需要对服务端的单向认证,则只需要用到根证书,应该就是这里的ca.crt。如果是双向认证,三个都需要用到。如果是java代码作为客户端连接
2.单向认证是客户端根据ca根证书验证服务端提供的服务端证书和私钥
- public static String httpGET(String url, String pemPath, String keypath) {
- // 加载证书
- try {
- SSLConnectionSocketFactory sslsf =getSocketFactoryPEM(pemPath, keypath);
- httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
- } catch (Exception e) {
- logger.error(e);
- }
- String result = null;
- HttpGet httpGet = new HttpGet(url);
- // 得指明使用UTF-8编码,否则到API服务器XML的中文不能被成功识别
- // httpGet.addHeader("Content-Type", "text/xml");
- // 根据默认超时限制初始化requestConfig
- requestConfig = RequestConfig.custom().setSocketTimeout(socketTimeout).setConnectTimeout(connectTimeout).build();
- // 设置请求器的配置
- httpGet.setConfig(requestConfig);
- try {
- HttpResponse response = null;
- try {
- response = httpClient.execute(httpGet);
- } catch (IOException e) {
- e.printStackTrace();
- }
- HttpEntity entity = response.getEntity();
- try {
- result = EntityUtils.toString(entity, "UTF-8");
- } catch (IOException e) {
- e.printStackTrace();
- logger.error(e);
- }
- } finally {
- httpGet.abort();
- }
- return result;
- }
- protected static SSLConnectionSocketFactory getSocketFactoryPEM(String pemPath,String keypath) throws Exception {
- byte[] pem = fileToBytes(pemPath);
- byte[] pemKey = fileToBytes(keypath);
-
- byte[] certBytes = parseDERFromPEM(pem, "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----");
- byte[] keyBytes = parseDERFromPEM(pemKey, "-----BEGIN PRIVATE KEY-----", "-----END PRIVATE KEY-----");
-
- X509Certificate cert = generateCertificateFromDER(certBytes);
- RSAPrivateKey key = generatePrivateKeyFromDER(keyBytes);
-
- KeyStore keystore = KeyStore.getInstance("JKS");
- keystore.load(null);
- keystore.setCertificateEntry("cert-alias", cert);
- keystore.setKeyEntry("key-alias", key, "123".toCharArray(), new Certificate[] {cert});
-
- KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
- kmf.init(keystore, "123".toCharArray());
-
- KeyManager[] km = kmf.getKeyManagers();
-
- SSLContext context = SSLContext.getInstance("TLS");
- context.init(km, null, null);
- SSLConnectionSocketFactory sslsf =
- new SSLConnectionSocketFactory(context,null, null,
- SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
- return sslsf;
- }
-
- public static byte[] parseDERFromPEM(byte[] pem, String beginDelimiter, String endDelimiter) {
- String data = new String(pem);
- String[] tokens = data.split(beginDelimiter);
- tokens = tokens[1].split(endDelimiter);
- return DatatypeConverter.parseBase64Binary(tokens[0]);
- }
-
- public static RSAPrivateKey generatePrivateKeyFromDER(byte[] keyBytes) throws InvalidKeySpecException, NoSuchAlgorithmException {
- PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
-
- KeyFactory factory = KeyFactory.getInstance("RSA");
-
- return (RSAPrivateKey)factory.generatePrivate(spec);
- }
-
- public static X509Certificate generateCertificateFromDER(byte[] certBytes) throws CertificateException {
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
-
- return (X509Certificate)factory.generateCertificate(new ByteArrayInputStream(certBytes));
- }
- public static byte[] fileToBytes(String filePath) {
- byte[] buffer = null;
- File file = new File(filePath);
-
- FileInputStream fis = null;
- ByteArrayOutputStream bos = null;
-
- try {
- fis = new FileInputStream(file);
- bos = new ByteArrayOutputStream();
-
- byte[] b = new byte[1024];
-
- int n;
-
- while ((n = fis.read(b)) != -1) {
- bos.write(b, 0, n);
- }
-
- buffer = bos.toByteArray();
- } catch (FileNotFoundException ex) {
- ex.printStackTrace();
- } catch (IOException ex) {
- ex.printStackTrace();
- } finally {
- try {
- if (null != bos) {
- bos.close();
- }
- } catch (IOException ex) {
- } finally{
- try {
- if(null!=fis){
- fis.close();
- }
- } catch (IOException ex) {
- ex.printStackTrace();
- }
- }
- }
-
- return buffer;
- }
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。