1.证书制作
参考:http://394938226.iteye.com/admin/blogs/2326459
2.示例代码
package com.irt.test.invoke;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class Test {
private static SSLSocketFactory socketFactory = null;
/**
* 使用此方法发送https请求调用服务接口
*
* @param url
* 请求地址
* @param params
* 请求参数
* @throws Exception
*/
public static String request(String url, Map<String, String> params) throws Exception {
URL ur = new URL(url);
HttpsURLConnection connection = (HttpsURLConnection) ur.openConnection();
if (socketFactory != null) {
connection.setSSLSocketFactory(socketFactory);
} else {
initSSLFactory();
connection.setSSLSocketFactory(socketFactory);
}
// 取得该连接的输入流,以读取响应内容
InputStream in = connection.getInputStream();
InputStreamReader inr = new InputStreamReader(in, "utf-8");
BufferedReader reader = new BufferedReader(inr);
StringBuffer bf = new StringBuffer();
String msg;
while ((msg = reader.readLine()) != null) {
bf.append(msg);
}
in.close();
inr.close();
reader.close();
return bf.toString();
}
private static synchronized void initSSLFactory() throws Exception {
if (socketFactory == null) {
// 构建sslcontext实例
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("PKCS12");
KeyStore tks = KeyStore.getInstance("JKS");
// 设置客户端私钥库
ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray());
// 设置服务端公钥库
tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
kmf.init(ks, "irt123".toCharArray());
tmf.init(tks);
// 初始化私钥和信任证书
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
socketFactory = ctx.getSocketFactory();
}
}
}
3.注意
制作证书时,不要将服务端公钥加入到客户端秘钥库client.store.p12中,然后在代码
// 设置客户端私钥库
ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray());
// 设置服务端公钥库
tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
这个地方都使用同一个文件client.store.p12,否则当运行在jkd1.7环境时,ssl校验会失败。