HttpClient4实现SSL双向认证的客户端
服务器端使用netty实现的http服务器端,只能处理get和post请求。下面是具体的代码:
HttpDemoServer.java
package https;
import io.netty.bootstrap.ServerBootstrap;
import io.netty.channel.Channel;
import io.netty.channel.EventLoopGroup;
import io.netty.channel.nio.NioEventLoopGroup;
import io.netty.channel.socket.nio.NioServerSocketChannel;
/**
* A HTTP server showing how to use the HTTP multipart package for file uploads.
*/
public class HttpDemoServer {
private final int port;
public static boolean isSSL;
public HttpDemoServer(int port) {
this.port = port;
}
public void run() throws Exception {
EventLoopGroup bossGroup = new NioEventLoopGroup(1);
EventLoopGroup workerGroup = new NioEventLoopGroup();
try {
ServerBootstrap b = new ServerBootstrap();
b.group(bossGroup, workerGroup).channel(NioServerSocketChannel.class)
.childHandler(new HttpDemoServerInitializer());
Channel ch = b.bind(port).sync().channel();
ch.closeFuture().sync();
} finally {
bossGroup.shutdownGracefully();
workerGroup.shutdownGracefully();
}
}
public static void main(String[] args) throws Exception {
int port = 8888;
isSSL = true;
new HttpDemoServer(port).run();
}
}
HttpDemoServerInitializer.java
package https;
import io.netty.channel.ChannelInitializer;
import io.netty.channel.ChannelPipeline;
import io.netty.channel.socket.SocketChannel;
import io.netty.handler.codec.http.HttpContentCompressor;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpRequestDecoder;
import io.netty.handler.codec.http.HttpResponseEncoder;
import io.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLEngine;
public class HttpDemoServerInitializer extends ChannelInitializer<SocketChannel> {
@Override
public void initChannel(SocketChannel ch) throws Exception {
// Create a default pipeline implementation.
ChannelPipeline pipeline = ch.pipeline();
if (HttpDemoServer.isSSL) {
SSLEngine engine = SecureChatSslContextFactory.getServerContext().createSSLEngine();
engine.setNeedClientAuth(true); //ssl双向认证
engine.setUseClientMode(false);
engine.setWantClientAuth(true);
engine.setEnabledProtocols(new String[]{"SSLv3"});
pipeline.addLast("ssl", new SslHandler(engine));
}
/**
* http服务器端对request解码
*/
pipeline.addLast("decoder", new HttpRequestDecoder());
/**
* http服务器端对response编码
*/
pipeline.addLast("encoder", new HttpResponseEncoder());
pipeline.addLast("aggregator", new HttpObjectAggregator(1048576));
/**
* 压缩
* Compresses an HttpMessage and an HttpContent in gzip or deflate encoding
* while respecting the "Accept-Encoding" header.
* If there is no matching encoding, no compression is done.
*/
pipeline.addLast("deflater", new HttpContentCompressor());
pipeline.addLast("handler", new HttpDemoServerHandler());
}
}
HttpDemoServerHandler.java
package https;
import io.netty.buffer.ByteBuf;
import io.netty.channel.*;
import io.netty.handler.codec.http.*;
import io.netty.handler.codec.http.multipart.*;
import io.netty.handler.codec.http.multipart.HttpPostRequestDecoder.EndOfDataDecoderException;
import io.netty.handler.codec.http.multipart.HttpPostRequestDecoder.ErrorDataDecoderException;
import io.netty.handler.codec.http.multipart.InterfaceHttpData.HttpDataType;
import io.netty.handler.ssl.SslHandler;
import io.netty.util.CharsetUtil;
import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import static io.netty.buffer.Unpooled.copiedBuffer;
import static io.netty.handler.codec.http.HttpHeaders.Names.*;
public class HttpDemoServerHandler extends SimpleChannelInboundHandler<HttpObject> {
private static final Logger logger = Logger.getLogger(HttpDemoServerHandler.class.getName());
private DefaultFullHttpRequest fullHttpRequest;
private boolean readingChunks;
private final StringBuilder responseContent = new StringBuilder();
private static final HttpDataFactory factory = new DefaultHttpDataFactory(DefaultHttpDataFactory.MINSIZE); //Disk
private HttpPostRequestDecoder decoder;
@Override
public void channelInactive(ChannelHandlerContext ctx) throws Exception {
if (decoder != null) {
decoder.cleanFiles();
}
}
public void messageReceived(ChannelHandlerContext ctx, HttpObject msg) throws Exception {
System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
fullHttpRequest = (DefaultFullHttpRequest) msg;
if (HttpDemoServer.isSSL) {
System.out.println("Your session is protected by " +
ctx.pipeline().get(SslHandler.class).engine().getSession().getCipherSuite() +
" cipher suite.\n");
}
/**
* 在服务器端打印请求信息
*/
System.out.println("VERSION: " + fullHttpRequest.getProtocolVersion().text() + "\r\n");
System.out.println("REQUEST_URI: " + fullHttpRequest.getUri() + "\r\n\r\n");
System.out.println("\r\n\r\n");
for (Entry<String, String> entry : fullHttpRequest.headers()) {
System.out.println("HEADER: " + entry.getKey() + '=' + entry.getValue() + "\r\n");
}
/**
* 服务器端返回信息
*/
responseContent.setLength(0);
responseContent.append("WELCOME TO THE WILD WILD WEB SERVER\r\n");
responseContent.append("===================================\r\n");
responseContent.append("VERSION: " + fullHttpRequest.getProtocolVersion().text() + "\r\n");
responseContent.append("REQUEST_URI: " + fullHttpRequest.getUri() + "\r\n\r\n");
responseContent.append("\r\n\r\n");
for (Entry<String, String> entry : fullHttpRequest.headers()) {
responseContent.append("HEADER: " + entry.getKey() + '=' + entry.getValue() + "\r\n");
}
responseContent.append("\r\n\r\n");
Set<Cookie> cookies;
String value = fullHttpRequest.headers().get(COOKIE);
if (value == null) {
cookies = Collections.emptySet();
} else {
cookies = CookieDecoder.decode(value);
}
for (Cookie cookie : cookies) {
responseContent.append("COOKIE: " + cookie.toString() + "\r\n");
}
responseContent.append("\r\n\r\n");
if (fullHttpRequest.getMethod().equals(HttpMethod.GET)) {
//get请求
QueryStringDecoder decoderQuery = new QueryStringDecoder(fullHttpRequest.getUri());
Map<String, List<String>> uriAttributes = decoderQuery.parameters();
for (Entry<String, List<String>> attr : uriAttributes.entrySet()) {
for (String attrVal : attr.getValue()) {
responseContent.append("URI: " + attr.getKey() + '=' + attrVal + "\r\n");
}
}
responseContent.append("\r\n\r\n");
responseContent.append("\r\n\r\nEND OF GET CONTENT\r\n");
writeResponse(ctx.channel());
return;
} else if (fullHttpRequest.getMethod().equals(HttpMethod.POST)) {
//post请求
decoder = new HttpPostRequestDecoder(factory, fullHttpRequest);
readingChunks = HttpHeaders.isTransferEncodingChunked(fullHttpRequest);
responseContent.append("Is Chunked: " + readingChunks + "\r\n");
responseContent.append("IsMultipart: " + decoder.isMultipart() + "\r\n");
try {
while (decoder.hasNext()) {
InterfaceHttpData data = decoder.next();
if (data != null) {
try {
writeHttpData(data);
} finally {
data.release();
}
}
}
} catch (EndOfDataDecoderException e1) {
responseContent.append("\r\n\r\nEND OF POST CONTENT\r\n\r\n");
}
writeResponse(ctx.channel());
return;
} else {
System.out.println("discard.......");
return;
}
}
private void reset() {
fullHttpRequest = null;
// destroy the decoder to release all resources
decoder.destroy();
decoder = null;
}
private void writeHttpData(InterfaceHttpData data) {
/**
* HttpDataType有三种类型
* Attribute, FileUpload, InternalAttribute
*/
if (data.getHttpDataType() == HttpDataType.Attribute) {
Attribute attribute = (Attribute) data;
String value;
try {
value = attribute.getValue();
} catch (IOException e1) {
e1.printStackTrace();
responseContent.append("\r\nBODY Attribute: " + attribute.getHttpDataType().name() + ":"
+ attribute.getName() + " Error while reading value: " + e1.getMessage() + "\r\n");
return;
}
if (value.length() > 100) {
responseContent.append("\r\nBODY Attribute: " + attribute.getHttpDataType().name() + ":"
+ attribute.getName() + " data too long\r\n");
} else {
responseContent.append("\r\nBODY Attribute: " + attribute.getHttpDataType().name() + ":"
+ attribute.toString() + "\r\n");
}
}
}
/**
* http返回响应数据
*
* @param channel
*/
private void writeResponse(Channel channel) {
// Convert the response content to a ChannelBuffer.
ByteBuf buf = copiedBuffer(responseContent.toString(), CharsetUtil.UTF_8);
responseContent.setLength(0);
// Decide whether to close the connection or not.
boolean close = fullHttpRequest.headers().contains(CONNECTION, HttpHeaders.Values.CLOSE, true)
|| fullHttpRequest.getProtocolVersion().equals(HttpVersion.HTTP_1_0)
&& !fullHttpRequest.headers().contains(CONNECTION, HttpHeaders.Values.KEEP_ALIVE, true);
// Build the response object.
FullHttpResponse response = new DefaultFullHttpResponse(HttpVersion.HTTP_1_1, HttpResponseStatus.OK, buf);
response.headers().set(CONTENT_TYPE, "text/plain; charset=UTF-8");
if (!close) {
// There's no need to add 'Content-Length' header
// if this is the last response.
response.headers().set(CONTENT_LENGTH, buf.readableBytes());
}
Set<Cookie> cookies;
String value = fullHttpRequest.headers().get(COOKIE);
if (value == null) {
cookies = Collections.emptySet();
} else {
cookies = CookieDecoder.decode(value);
}
if (!cookies.isEmpty()) {
// Reset the cookies if necessary.
for (Cookie cookie : cookies) {
response.headers().add(SET_COOKIE, ServerCookieEncoder.encode(cookie));
}
}
// Write the response.
ChannelFuture future = channel.writeAndFlush(response);
// Close the connection after the write operation is done if necessary.
if (close) {
future.addListener(ChannelFutureListener.CLOSE);
}
}
@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
logger.log(Level.WARNING, responseContent.toString(), cause);
ctx.channel().close();
}
@Override
protected void channelRead0(ChannelHandlerContext ctx, HttpObject msg) throws Exception {
messageReceived(ctx, msg);
}
}
SecureChatSslContextFactory.java
这个类是用来进行设置ssl通信的类。。
package https;
import javax.net.ssl.*;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public final class SecureChatSslContextFactory {
private static final String PROTOCOL = "SSL";
private static final SSLContext SERVER_CONTEXT;
// private static final SSLContext CLIENT_CONTEXT;
// private static String CLIENT_KEY_STORE = "E:\\https\\client.keystore";
// private static String CLIENT_TRUST_KEY_STORE = "E:\\https\\client.truststore";
// private static String CLIENT_KEY_STORE_PASSWORD = "123456";
// private static String CLIENT_TRUST_KEY_STORE_PASSWORD = "123456";
private static String SERVER_KEY_STORE = "E:\\https\\server.keystore";
private static String SERVER_TRUST_KEY_STORE = "E:\\https\\server.truststore";
private static String SERVER_KEY_STORE_PASSWORD = "123456";
private static String SERVER_TRUST_KEY_STORE_PASSWORD = "123456";
static {
SSLContext serverContext;
// SSLContext clientContext;
try {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
ks.load(new FileInputStream(SERVER_KEY_STORE), SERVER_KEY_STORE_PASSWORD.toCharArray());
KeyStore tks = KeyStore.getInstance(KeyStore.getDefaultType());
tks.load(new FileInputStream(SERVER_TRUST_KEY_STORE), SERVER_TRUST_KEY_STORE_PASSWORD.toCharArray());
// Set up key manager factory to use our key store
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
kmf.init(ks, SERVER_KEY_STORE_PASSWORD.toCharArray());
tmf.init(tks);
// Initialize the SSLContext to work with our key managers.
serverContext = SSLContext.getInstance(PROTOCOL);
serverContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
} catch (Exception e) {
throw new Error("Failed to initialize the server-side SSLContext", e);
}
// try {
// KeyStore ks2 = KeyStore.getInstance("JKS");
// ks2.load(new FileInputStream(CLIENT_KEY_STORE), CLIENT_KEY_STORE_PASSWORD.toCharArray());
//
// KeyStore tks2 = KeyStore.getInstance("JKS");
// tks2.load(new FileInputStream(CLIENT_TRUST_KEY_STORE), CLIENT_TRUST_KEY_STORE_PASSWORD.toCharArray());
// // Set up key manager factory to use our key store
// KeyManagerFactory kmf2 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// TrustManagerFactory tmf2 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// kmf2.init(ks2, CLIENT_KEY_STORE_PASSWORD.toCharArray());
// tmf2.init(tks2);
// clientContext = SSLContext.getInstance(PROTOCOL);
// clientContext.init(kmf2.getKeyManagers(), tmf2.getTrustManagers(), null);
// } catch (Exception e) {
// throw new Error("Failed to initialize the client-side SSLContext", e);
// }
SERVER_CONTEXT = serverContext;
// CLIENT_CONTEXT = clientContext;
}
public static SSLContext getServerContext() {
return SERVER_CONTEXT;
}
// public static SSLContext getClientContext() {
// return CLIENT_CONTEXT;
// }
private SecureChatSslContextFactory() {
// Unused
}
}
好了以上就是服务器端程序。
在服务器端要配置服务器端使用的证书和信任库。
具体如何生成证书和密钥库,在这篇文章中有写到http://my.oschina.net/xinxingegeya/blog/266826
下篇文章就来看如何实现httpclient客户端进行双向认证的ssl通信过程。
=========================
http://my.oschina.net/xinxingegeya/blog/289264
=========================
504
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
