使用HttpClient进行相互SSL

Question

我正在尝试使用HttpClient 4.3.3库在客户端和服务器之间设置双向SSL，以便WebApp与服务器组件进行通信。

我认为客户端/服务器通过SSL成功通信我认为是单向SSL，因为CA层次结构没有从我看到的内容严格验证，或者HttpClient隐藏了所有细节。获得对等证书链似乎也很困难，这似乎可以通过SSLSession对象访问，该对象将出现在严格的JSSE交互中，但HttpClient抽象远离并且似乎无法访问？

看看调试SSL记录它似乎没问题，我想我只是想确认即使在HttpClient中发生了2路SSL也会发生。

此外，TrustStrategy似乎只访问客户端证书链，无论返回的是真是假，都是＆＃39; isTrusted＆＃39;从来没有表现出不同的行为。

TLDR;这是2路SSL，如果不是需要改变什么？如何使用HttpClient访问对等证书链？ TrustStrategy实际上做了什么吗？

到目前为止，这是我的代码，它与我知道运行SSL的服务器一起使用：

try{
        KeyStore trustStore  = KeyStore.getInstance(keystoreType, keystoreProvider);
        FileInputStream instream = new FileInputStream(new File("/path/to/keystore"));
        try {
            trustStore.load(instream,keystorePassword.toCharArray());
        } finally {
            instream.close();
        }

        //establish trust strategy
        TrustStrategy trustStrategy = new TrustStrategy() {
            @Override
            public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
                for(X509Certificate cert : x509Certificates){
                    System.out.println("cert = " + cert);
                }
                return true;
            }
        };


        SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(trustStore, keystorePassword.toCharArray())
                .loadTrustMaterial(trustStore, trustStrategy).build();

        // Allow TLSv1 protocol only
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
                sslcontext,
                new String[] { "TLSv1" },
                null,
                SSLConnectionSocketFactory.STRICT_HOSTNAME_VERIFIER);
        CloseableHttpClient httpclient = HttpClients.custom()
                .setSSLSocketFactory(sslsf)
                .build();
        try {

            HttpPost post = new HttpPost(existingSSLServerURL);
            HttpEntity requestEntity = new ByteArrayEntity(sampleAuthenticationForSSL.getBytes("UTF-8"));
            post.setEntity(requestEntity);
            System.out.println("executing request" + post.getRequestLine());

            CloseableHttpResponse response = httpclient.execute(post);
            try {
                HttpEntity entity = response.getEntity();

                System.out.println("----------------------------------------");
                System.out.println(response.getStatusLine());
                if (entity != null) {
                    System.out.println("Response content length: " + entity.getContentLength());
                    BufferedReader in = new BufferedReader(new InputStreamReader(entity.getContent()));
                    String inputline = null;
                    while((inputline = in.readLine()) != null){
                        System.out.println(inputline);
                    }
                }
                EntityUtils.consume(entity);
            } finally {
                response.close();
            }
        } finally {
            httpclient.close();
        }



    }catch(Exception e){
        e.printStackTrace();
        fail();
    }