使用2路ssl证书进行resttemplate

时间:2018-05-10 08:24:13

标签: spring-boot ssl-certificate httpclient resttemplate

我正在使用rettemplate来击中使用2路ssl证书的第三方网址。我已经设置了httpclient与truststore和密钥库仍然获得ssl握手异常。在我的cacerts导入证书后我也尝试过,但仍然没有运气。任何使用过resttemplate的双向ssl的人

private HttpClient createHttpClient(final String keyAlias) {
    logger.info("Creating HTTP client using keystore={} and alias={}", keyStorePath, keyAlias);
    final KeyStore trustStore = new KeyStoreFactoryBean(makeResource(keyStorePath), keyStoreType, keyStorePassword)
            .newInstance();
    KeyStore keyStore = 
            new KeyStoreFactoryBean(makeResource(keyStorePath), keyStoreType, keyStorePassword)
            .newInstance();
    final SSLContext sslContext;
    HttpHost proxyNew = null;
    proxyNew = new HttpHost(proxyURL, proxyPort);
    HttpClient httpClient=null;
    try {


        sslContext = SSLContexts.custom()
                .loadKeyMaterial(keyStore, keyStorePassword.toCharArray(), (aliases, socket) -> keyAlias)
                .loadTrustMaterial(trustStore, (x509Certificates, s) -> false).build();
        SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build());

    } catch (NoSuchAlgorithmException | KeyManagementException | KeyStoreException | UnrecoverableKeyException e) {
        throw new IllegalStateException("Error loading key or trust material", e);
    }
    final SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext,
            new String[] { "TLSv1.2", "TLSv1.1" }, null, SSLConnectionSocketFactory.getDefaultHostnameVerifier());
    final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory> create()
            .register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", sslSocketFactory)
            .build();
    final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
    connectionManager.setMaxTotal(httpClientPoolSize);
    connectionManager.setDefaultMaxPerRoute(httpClientPoolSize);
    HttpHost proxy = null;
    proxy = new HttpHost(proxyURL, proxyPort);

    if(isProxy)
        return HttpClients.custom().setSSLSocketFactory(sslSocketFactory).setConnectionManager(connectionManager).setProxy(proxy).build();
    return HttpClients.custom().setSSLSocketFactory(sslSocketFactory).setConnectionManager(connectionManager).build();

}

0 个答案:

没有答案