场景:对方提供ca证书和client证书以及service证书;我们去请求对方的https地址。
步骤一: 先制作证书
echo "1、创建 自己的JKS 文件.."
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passout 123456
keytool -importkeystore -srckeystore server.p12 -srcstoretype PKCS12 -destkeystore server.jks -deststoretype JKS
echo "2、导入对方信任.."
keytool -keystore server.jks -keypass 123456 -storepass 123456 -alias ca -import -trustcacerts -file ca.crt
keytool -keystore server.jks -keypass 123456 -storepass 123456 -alias server -import -trustcacerts -file server.crt
keytool -keystore server.jks -keypass 123456 -storepass 123456 -alias client -import -trustcacerts -file client.crt
生成的时候可能会需要
SUbjectAlternativeName,根据需要填写。
证书制作好了,只用server.jks就可以搞定
步骤二:配置springboot项目
2.1首先将生成的server.jsk导入resources目录
2.2修改application.yml
server:
port: 20312
ssl:
enabled: true
key-store-type: JKS
key-store: classpath:server.jks
key-store-password: 123456
key-alias: 1
trust-store: classpath:server.jks
trust-store-password: 123456
trust-store-provider: SUN
trust-store-type: JKS
client-auth: need
2.3将对方证书导入jdk,具体操作可以百度,pem格式的。
2.4代码里面具体使用,替换成自己的环境即可
String loginPassword = config.getCmUsername() + ":" + config.getCmPassword();
String encoded = new sun.misc.BASE64Encoder().encode (loginPassword.getBytes());
logger.info("username:{}, pwd:{}", config.getCmUsername(), config.getCmPassword() );
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
KeyStore clientStore = KeyStore.getInstance("JKS");
clientStore.load(new FileInputStream("/u01/server.jks"), "123456".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientStore, "123456".toCharArray());
KeyManager[] kms = kmf.getKeyManagers();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("/u01/jdk1.8.0_171/jre/lib/security/cacerts"), "changeit".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
TrustManager[] tms = tmf.getTrustManagers();
SSLContext sslContext = null;
sslContext = SSLContext.getInstance("TLS");
sslContext.init(kms, tms, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
URL u = new URL(urlPath);
HttpsURLConnection httpUrlConn = (HttpsURLConnection) u.openConnection();
try{
httpUrlConn.setDoOutput(true);
httpUrlConn.setDoInput(true);
httpUrlConn.setRequestMethod("GET");
httpUrlConn.setUseCaches(false);
httpUrlConn.setInstanceFollowRedirects(true);
httpUrlConn.setRequestProperty ("Authorization", "Basic " + encoded);
httpUrlConn.setRequestProperty("Content-Type", "application/json");
httpUrlConn.setRequestProperty("Accept", "application/json");
httpUrlConn.setConnectTimeout(2000);
httpUrlConn.setReadTimeout(3000);
httpUrlConn.connect();
// 将返回的输入流转换成字符串
InputStream inputStream = httpUrlConn.getInputStream();
InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "utf-8");
BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
String str = null;
while ((str = bufferedReader.readLine()) != null) {
buffer.append(str);
}
bufferedReader.close();
inputStreamReader.close();
// 释放资源
inputStream.close();
inputStream = null;
logger.error("result {}", buffer.toString());
}catch(Exception e){
logger.error("http request error:{}", e);
}finally{
if(httpUrlConn != null) httpUrlConn.disconnect();
}