ice world

There is nothing too difficult if you put your heart into it.
posts - 104, comments - 103, trackbacks - 0, articles - 0

Java Tomcat SSL 服务端/客户端双向认证のApache HttpClient(二)

Posted on 2012-06-05 09:32 IceWee 阅读(5211) 评论(1)  编辑  收藏 所属分类: JavaTomcat
本演示例程是继Java Tomcat SSL 服务端/客户端双向认证(一),密钥库可证书的生成脚本不再重复黏贴,仅仅是用程序来代替浏览器访问服务端。
例程中使用到了Apache HttpClient库,版本为4.1.3
全部依赖库:
commons-logging-1.1.1.jar
httpclient-4.1.3.jar
httpcore-4.1.4.jar
httpmime-4.1.3.jar(上传文件使用)

在(一)中的程序包中创建一个客户端类:HttpsClient
HttpsClient.java
package com.icesoft.client;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyStore;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;

public class HttpsClient {
   
    private static final String KEY_STORE_TYPE_JKS = "jks";
    private static final String KEY_STORE_TYPE_P12 = "PKCS12";
    private static final String SCHEME_HTTPS = "https";
    private static final int HTTPS_PORT = 8443;
    private static final String HTTPS_URL = "https://127.0.0.1:8443/HttpClientSSL/sslServlet";
    private static final String KEY_STORE_CLIENT_PATH = "E:/ssl/client.p12";
    private static final String KEY_STORE_TRUST_PATH = "E:/ssl/client.truststore";
    private static final String KEY_STORE_PASSWORD = "123456";
    private static final String KEY_STORE_TRUST_PASSWORD = "123456";

    public static void main(String[] args) throws Exception {
        ssl();
    }
   
    private static void ssl() throws Exception {
        HttpClient httpClient = new DefaultHttpClient();
        try {
            KeyStore keyStore  = KeyStore.getInstance(KEY_STORE_TYPE_P12);
            KeyStore trustStore  = KeyStore.getInstance(KEY_STORE_TYPE_JKS);
            InputStream ksIn = new FileInputStream(KEY_STORE_CLIENT_PATH);
            InputStream tsIn = new FileInputStream(new File(KEY_STORE_TRUST_PATH));
            try {
                keyStore.load(ksIn, KEY_STORE_PASSWORD.toCharArray());
                trustStore.load(tsIn, KEY_STORE_TRUST_PASSWORD.toCharArray());
            } finally {
                try { ksIn.close(); } catch (Exception ignore) {}
                try { tsIn.close(); } catch (Exception ignore) {}
            }
            SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);
            Scheme sch = new Scheme(SCHEME_HTTPS, HTTPS_PORT, socketFactory);
            httpClient.getConnectionManager().getSchemeRegistry().register(sch);
            HttpGet httpget = new HttpGet(HTTPS_URL);
            System.out.println("executing request" + httpget.getRequestLine());
            HttpResponse response = httpClient.execute(httpget);
            HttpEntity entity = response.getEntity();
            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            if (entity != null) {
                System.out.println("Response content length: " + entity.getContentLength());
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(entity.getContent()));
                String text;
                while ((text = bufferedReader.readLine()) != null) {
                    System.out.println(text);
                }
                bufferedReader.close();
            }
            EntityUtils.consume(entity);
        } finally {
            httpClient.getConnectionManager().shutdown();
        }
    }

}


启动Tomcat,运行HttpsClient,控制台返回:


OK,和使用浏览器访问得到的结果一模一样!

全文完!

Feedback

# re: Java Tomcat SSL 服务端/客户端双向认证のApache HttpClient(二)  回复  更多评论   

2013-05-14 10:01 by zhyg
为什么我的一直是“这是一个HTTPS请求,但是没有可用的客户端证书”?

只有注册用户登录后才能发表评论。
网站导航: