一、生成秘钥库
1、生成jks格式服务器端的keystore文件,keypass与storepass需一致,因tomcat server.xml中仅一处keystorePass
keytool -genkeypair -alias keystore_server -keyalg RSA -keypass server654321 -keystore keystore_server.jks -storepass server654321 -validity 1095 -dname "CN=127.0.0.1,OU=KM,O=KM,L=SHENZHEN,S=GUANGDONG,C=CHINA"
执行结果:
2、从keystore中导出别名为server的服务端证书
keytool -exportcert -alias keystore_server -keystore keystore_server.jks -storepass server654321 -file server.cer
执行结果:
3、将server.cer导入客户端的信任证书库truststore.jks
keytool -importcert -alias truststore_client -file server.cer -keystore truststore_client.jks -storepass client654321
执行结果:
4、查看秘钥库
keytool -list -v -keystore keystore_server.jks
5、查看证书
keytool -printcert -file server.cer
二、配置服务端(springboot项目)
1、将keystore_server.jks文件放入resources目录下
2、在application.properties中配置ssl
3、controller
三、客户端配置(普通Maven项目)
1、将truststore_client.jks文件放入resources目录下
2、请求工具类
Controller:
private static final Logger logger = Logger.getLogger(WechatScanPayController.class.getName());
private static String trustFile = "truststore_client.jks";
private static String storeTrustpass = PropertiesUtils.getProperty("store_trustpass");
private static String hisInterfaceUrl = PropertiesUtils.getProperty("his_interface_url");
/**
* http://localhost:8080/qr/index.do?prescriId=123456
* @param prescriId
* @return
* @throws Exception
*/
@RequestMapping("/index")
@ResponseBody
public String index(String prescriId) throws Exception{
logger.info("请求入参:"+ trustFile + "~~~~~" + storeTrustpass + "~~~~~~~" + hisInterfaceUrl + "~~~~~~~~~~~" + prescriId);
String jsonStr = HisUtils.requestHis(trustFile, storeTrustpass, hisInterfaceUrl, prescriId);
logger.info("响应结果:" + jsonStr);
return jsonStr;
}
HisUtils:
package com.km.util;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import javax.net.ssl.SSLContext;
import java.io.InputStream;
import java.security.KeyStore;
/**
* His工具类
*/
public class HisUtils {
/**
* 请求接口
*
* @param trustFile trustStore密钥库路径
* @param storeTrustpass trustStore密钥库密码
* @param hisInterfaceUrl 接口地址
* @param prescriId
* @return
* @throws Exception
*/
public static String requestHis(String trustFile, String storeTrustpass, String hisInterfaceUrl, String prescriId) throws Exception {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream trustStoreIn = (HisUtils.class).getResourceAsStream("/" + trustFile);
try {
trustStore.load(trustStoreIn, storeTrustpass.toCharArray());
} finally {
if (null != trustStoreIn) {
trustStoreIn.close();
}
}
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore).build();
SSLConnectionSocketFactory sslConnectionSocketFactory =
new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
return HttpClient4Tookit.requestPost(hisInterfaceUrl, prescriId, "text/xml; charset=utf-8", sslConnectionSocketFactory);
}
}
HttpClient4Tookit:
package com.km.util;
import org.apache.http.HttpEntity;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
/**
* HTTP工具箱
*
*/
public final class HttpClient4Tookit {
static RequestConfig defaultRequestConfig;
static{
defaultRequestConfig = RequestConfig.custom()
.setSocketTimeout(30000)
.setConnectTimeout(30000)
.setConnectionRequestTimeout(30000)
.setStaleConnectionCheckEnabled(true)
.build();
}
public static String requestPost(String url, String content, String type, SSLConnectionSocketFactory sslConnectionSocketFactory) throws Exception {
CloseableHttpClient httpclient = HttpClientBuilder.create().
setDefaultRequestConfig(defaultRequestConfig).setSSLSocketFactory(sslConnectionSocketFactory).build();
HttpPost httppost = new HttpPost(url);
httppost.addHeader("Content-Type", type);
StringEntity se = new StringEntity(content,"utf-8");
httppost.setEntity(se);
CloseableHttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
String jsonStr = EntityUtils.toString(entity, "utf-8");
httppost.releaseConnection();
return jsonStr;
}
}