1、将证书myCA.cer通过keytool导出一个密钥文件,然后通过代码加载该文件进行验证
D:\>keytool -importcert -alias test -file test.cer -keystore test.keystore
导入文件命令:
D:\>keytool -importcert -alias test -file test.cer -keystore test.keystore 或
keytool -importcert -keystore serverKeyStore.jks -file ca.crt -alias ca -storepass Changeme_123 -noprompt
2、java代码
package com.oms.test.gapi.common.util;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import java.io.File;
import java.security.KeyStore;
import java.io.FileInputStream;
import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import java.util.List;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.protocol.HTTP;
import javax.net.ssl.TrustManager;
public class testAAA {
private static SSLSocketFactory getOpenApiSSLSocketFactory() {
String dir = System.getProperty("oms.path.etc", "etc");
String certificate = dir + File.separator + "certificate"
+ File.separator + "JettyServerKeyStore";
String storepass = "Changeme_123";// 密码必须跟上面keytool命令时的保持一致
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore
.getDefaultType());// 获得密匙库实例
FileInputStream instream = new FileInputStream(
new File(certificate));// 读取keystore
// 使用密匙库的密码加载证书
trustStore.load(instream, storepass.toCharArray());
// 注册密匙库,初始化SSLSoceketFactory
return new SSLSocketFactory(trustStore);
} catch (Exception e) {
e.printStackTrace();
try {
return new SSLSocketFactory(SSLContext.getDefault());
} catch (Exception e2) {
return null;
}
}
}
private static SSLSocketFactory getDefaultSSLSocketFactory()
throws Exception {
SSLContext ctx = SSLContext.getInstance("TLSv1.2");// 需先确定项目使用的是SSL哪个协议
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory sslSocketFactory = new SSLSocketFactory(ctx,
new AllowAllHostnameVerifier());
return sslSocketFactory;
}
public static HttpClient wrapClient(HttpClient base) throws Exception {
Scheme openAPIScheme = new Scheme("https", Integer.parseInt("32101"),
getOpenApiSSLSocketFactory());
Scheme httpsScheme = new Scheme("https", Integer.parseInt("31943"),
getDefaultSSLSocketFactory());
// 获得httpclient对象
DefaultHttpClient httpclient = new DefaultHttpClient(
base.getConnectionManager(), base.getParams());
httpclient.getConnectionManager().getSchemeRegistry()
.register(openAPIScheme);
httpclient.getConnectionManager().getSchemeRegistry()
.register(httpsScheme);
return httpclient;
}
private static HttpResponse post(String url, List<NameValuePair> Formlist,
String cookie) throws Exception {
HttpClient httpClient = new DefaultHttpClient();
httpClient = wrapClient(httpClient);
HttpResponse response;
HttpPost post = new HttpPost();
post.setEntity(new UrlEncodedFormEntity(Formlist, HTTP.UTF_8));
post.setURI(new URI(url));
post.setHeader("Content-type", "application/x-www-form-urlencoded");
if (!cookie.isEmpty()) {
post.addHeader("Cookie", cookie);
}
response = httpClient.execute(post);
return response;
}
}