package demo.hw_https.client;
import java.io.File; import java.io.FileInputStream; import
java.io.FileNotFoundException; import java.io.IOException; import
java.net.URL; import java.security.GeneralSecurityException; import
java.security.KeyStore; import java.security.KeyStoreException; import
java.security.NoSuchAlgorithmException;
import javax.net.ssl.KeyManager; import
javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory; import
javax.xml.namespace.QName;
import org.apache.cxf.configuration.jsse.TLSClientParameters; import
org.apache.cxf.frontend.ClientProxy; import
org.apache.cxf.transport.http.HTTPConduit; import
org.apache.hello_world_soap_http.Greeter; import
org.apache.hello_world_soap_http.SOAPService;
public final class ClientNonSpring {
private static final QName SERVICE_NAME
= new QName("http://apache.org/hello_world_soap_http", "SOAPService");
private static final QName PORT_NAME =
new QName("http://apache.org/hello_world_soap_http", "SoapPort");
private ClientNonSpring() {
}
public static void main(String args[]) throws Exception {
if (args.length == 0) {
System.out.println("please specify wsdl");
System.exit(1);
}
URL wsdlURL;
File wsdlFile = new File(args[0]);
if (wsdlFile.exists()) {
wsdlURL = wsdlFile.toURI().toURL();
} else {
wsdlURL = new URL(args[0]);
}
System.out.println(wsdlURL);
SOAPService ss = new SOAPService(wsdlURL, SERVICE_NAME);
Greeter port = ss.getPort(PORT_NAME, Greeter.class);
if ("secure".equals(args[1])) {
setupTLS(port);
} else if ("insecure".equals(args[1])) {
//do nothing
} else {
System.out.println("arg1 needs to be either secure or insecure");
System.exit(1);
}
System.out.println("Invoking greetMe...");
try {
String resp = port.greetMe(System.getProperty("user.name"));
System.out.println("Server responded with: " + resp);
System.out.println();
} catch (Exception e) {
System.out.println("Invocation failed with the following: " + e.getCause());
System.out.println();
}
System.exit(0);
}
private static void setupTLS(Greeter port)
throws FileNotFoundException, IOException, GeneralSecurityException {
String keyStoreLoc = "src/main/config/clientKeystore.jks";
HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
TLSClientParameters tlsCP = new TLSClientParameters();
String keyPassword = "ckpass";
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
tlsCP.setKeyManagers(myKeyManagers);
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
tlsCP.setTrustManagers(myTrustStoreKeyManagers);
httpConduit.setTlsClientParameters(tlsCP);
}
private static TrustManager[] getTrustManagers(KeyStore trustStore)
throws NoSuchAlgorithmException, KeyStoreException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
fac.init(trustStore);
return fac.getTrustManagers();
}
private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
throws GeneralSecurityException, IOException {
String alg = KeyManagerFactory.getDefaultAlgorithm();
char[] keyPass = keyPassword != null
? keyPassword.toCharArray()
: null;
KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
fac.init(keyStore, keyPass);
return fac.getKeyManagers();
}
}
答案 0 :(得分:1)
不确定您的方式是单向还是双向...如果建立了SSL网络连接,它将以两种方式加密(请求和响应)。
但是如果你的问题是针对这个方向的,那么如果只对服务器进行身份验证或者客户端也是经过身份验证的,那么看起来你的代码就是这两种情况。如果仅使用服务器证书,则不需要客户端密钥库配置。服务器公钥必须包含在信任库中。通常不需要客户端身份验证(例如,当您通过服务器的https请求网页时)。