如果一个jboss应用发https命令到其他应用,下文中称其为https 客户端
如果jboss应用接受https request,称其为https服务端
对于https客户端, 需要将服务端的证书导入到一个keystore中,放在一个指定的位置,在生成keystore时需要指定其密码,
可以称其为trust keystore文件,表明客户端信任这个keystore
发送https请求
使用package org.apache.http.client;中的接口类
sendhttpsRequest(InputStreamEntity body ,String url)
org.apache.http.client.HttpClient client = null;
try {
client = getDefaultHttpClient();
HttpPut method = new HttpPut(url);
method.addHeader("Content-Type", "multipart/mixed; boundary=\"frontier\"");
method.setEntity(body);
int resp = client.execute(method).getStatusLine().getStatusCode();
}
getDefaultHttpClient(){
HttpParams params = new BasicHttpParams();
SchemeRegistry schemeR = new SchemeRegistry();
SSLSocketFactory sslFactory = getSslFactory();
schemeR.register(new Scheme(HTTPS, sslFactory, 8443));
ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager(params, schemeR);
DefaultHttpClient client = new DefaultHttpClient(cm, params);
return client;
}
getSslFactory(){
//path表示trust store文件的位置,ksPass表明keystore的密码
FileInputStream keyStoreIn = new FileInputStream(new File(path));
KeyStore tmpKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
tmpKeyStore.load(keyStoreIn, ksPass.toCharArray());
SSLSocketFactory sslFactory = new SSLSocketFactory(null,ksPass, tmpKeyStore);
return sslFactory ;
}
如果是作为服务端,需要在服务端生成key文件和csr文件,然后使用csr文件去CA签名获得证书
需要将key文件和证书文件导入到一个keystore文件中,并且指定alias
假设keystore 文件为/var/tmp/sample.keystore,密码是12345678,导入key和证书到keystore中指定的alias为samplehttps
在standalone.xml中需要做配置
<connector enabled="true" name="https" protocol="HTTP/1.1" scheme="https" secure="true" socket-binding="https">
<ssl certificate-key-file="/var/tmp/sample.keystore" key-alias="samplehttps" name="ssl" password="12345678" protocol="all" session-timeout="1800" verify-client="false"/>
</connector>