我想使用SSL和客户端身份验证使用HttpAsyncClient(除了Server auth)。
我遇到了一些问题,但最后我找到了正确的方法。我告诉你该怎么做:
从PEM生成密钥库(PEM - > PKCS#12密钥库 - > JKS密钥库)
从私钥和公共证书创建PKCS12密钥库:
sudo openssl pkcs12 -export -name myservercert -in selfsigned.crt -inkey server.key -out keystore.p12
将PKCS12密钥库转换为JKS密钥库:
sudo keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias myservercert
列出JKS密钥库的内容:
sudo keytool -list -v -keystore mykeystore.jks
您的本地JVM应该信任服务器证书。如果是自签名的,请将其添加到cacerts(可信证书列表;其默认密码为'changeit'):
sudo keytool -import -alias alias_serv_cert -file /var/tmp/CERT_SERVER.cert -keystore /usr/lib/jvm/java-1.7.0-openjdk-1.7.0.25.x86_64/jre/lib/security/cacerts
用于生成客户端并执行POST的Java代码:
char[] keystorePass = "MY PASSWORD".toCharArray();
FileInputStream fis = null;
//Loading KEYSTORE in JKS format
KeyStore keyStorePci = KeyStore.getInstance(KeyStore.getDefaultType());
try {
fis = new FileInputStream(keystoreDirectory + keystoreFilename);
keyStorePci.load(fis, keystorePass);
} catch (Exception e) {
LOG.error("Error loading keystore: " + keystoreDirectory+ keystoreFilename);
} finally {
if (fis != null) {
fis.close();
}
}
//Setting JKS keystore in SSL Context (I do not reccomend pass a 3rd argument PrivateKeyStrategy!)
SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keyStorePci, keystorePass).build();
//Creating Async HTTP client with SSL
CloseableHttpAsyncClient httpclient = HttpAsyncClients.custom().setSSLContext(sslcontext).build();
//Executing POST method
try {
httpclient.start();
future = httpclient.execute(httppost, new MyCustomAsyncResultManager(transactionId, transactionToken));
HttpResponse response = future.get();
LOG.info("result: " + response.getStatusLine());
} finally {httpclient.close();}
我希望这对你有所帮助。