Apache HTTP客户端-如何加载多个密钥库?

时间:2020-07-27 13:54:53

标签: java apache-httpclient-4.x apache-httpcomponents

我在Java项目中使用Apache http客户端。

我能够为一条路由加载ssl密钥库和信任库。

这是我正在使用的代码段:

protected void initConnectionManager(HttpClientProps props) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, CertificateException, IOException {
    PoolingHttpClientConnectionManager connectionManager = createConnectionManager(buildRegistry(props));
    connectionManager.setMaxTotal(props.getMaxThreadPool());
    connectionManager.setDefaultMaxPerRoute(props.getDefaultMaxPerRoute());
    setConnManager(connectionManager);
}

protected Registry<ConnectionSocketFactory> buildRegistry(HttpClientProps props) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
    final RegistryBuilder<ConnectionSocketFactory> registryBuilder;
    if (props.isSslEnabled()) {
        final KeyStore ts = getKeyStoreInstance(), ks = getKeyStoreInstance();
        ts.load(new FileInputStream(props.getTrustStorePath()), props.getTrustStoreKey().toCharArray());
        ks.load(new FileInputStream(props.getKeyStorePath()), props.getKeyStoreKey().toCharArray());
        final SSLContext ssl = buildSslContext(props, ts, ks);
        final ConnectionSocketFactory sslConnectionFactory = getSslConnectionFactory(ssl);
        registryBuilder = createRegistryBuilder(HTTPS, sslConnectionFactory);
    } else {
        registryBuilder = createRegistryBuilder(HTTP, new PlainConnectionSocketFactory());
    }
    return registryBuilder.build();
}

protected RegistryBuilder<ConnectionSocketFactory> createRegistryBuilder(String id, ConnectionSocketFactory factory) {
    return RegistryBuilder.<ConnectionSocketFactory>create().register(id, factory);
}

protected SSLContext buildSslContext(HttpClientProps props, KeyStore ts, KeyStore ks) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
    return SSLContexts.custom()
            .loadTrustMaterial(ts, this::getTrustStrategy)
            .loadKeyMaterial(ks, props.getKeyStoreKey().toCharArray())
            .setSecureRandom(new SecureRandom())
            .build();
}

现在我正在尝试找出多个路线,例如:

  1. https://route1.com/path
  2. https://route2.com/path

如果两个路由都需要不同的密钥库JKS和信任库JKS 那么我如何在同一客户端中设置它,并将其配置为将keystore1和truststore1用于route1,将keystore2和truststore2用于route2?

还是应该为每个路由使用httpclient的新对象并分别设置密钥库和信任库? [在这种方法中,将为每个客户端创建一个新的线程池。我正在努力避免它。]

0 个答案:

没有答案
相关问题
最新问题