我正在实现Jersey服务器,并希望支持双向(双向)SSL客户端身份验证。在哪里配置相互认证? 下面的代码建立TLS连接,但不请求客户端证书。
public void start() throws Exception {
// config server
ResourceConfig config = new ResourceConfig(Rsi2018Api.class, LocationApi.class);
Map<String, Object> properties = new HashMap<>();
properties.put("listener", this);
config.setProperties(properties);
config.register(JacksonJsonProvider.class);
config.register(JacksonFeature.class);
config.register(new LoggingFeature(java.util.logging.Logger.getLogger(ApplicationLogger.SERVER_LOGGER_NAME),
Level.INFO,
LoggingFeature.Verbosity.PAYLOAD_TEXT,
8192));
// start server
SSLContext sslContext = createSSLContext();
HttpsServer httpsServer = (HttpsServer) JdkHttpServerFactory.createHttpServer(baseUri, config, sslContext, true);
}
private SSLContext createSSLContext() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance("TLS");
// initialise the keystore
char[] password = "password".toCharArray();
KeyStore ks = KeyStore.getInstance("JKS");
ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
InputStream fis = classLoader.getResourceAsStream("testkey.jks");
ks.load(fis, password);
// setup the key manager factory
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, password);
// setup the trust manager factory
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
// setup the HTTPS context and parameters
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
return sslContext;
}