我在Java项目中使用Apache http客户端。
我能够为一条路由加载ssl密钥库和信任库。
这是我正在使用的代码段:
protected void initConnectionManager(HttpClientProps props) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException, CertificateException, IOException {
PoolingHttpClientConnectionManager connectionManager = createConnectionManager(buildRegistry(props));
connectionManager.setMaxTotal(props.getMaxThreadPool());
connectionManager.setDefaultMaxPerRoute(props.getDefaultMaxPerRoute());
setConnManager(connectionManager);
}
protected Registry<ConnectionSocketFactory> buildRegistry(HttpClientProps props) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
final RegistryBuilder<ConnectionSocketFactory> registryBuilder;
if (props.isSslEnabled()) {
final KeyStore ts = getKeyStoreInstance(), ks = getKeyStoreInstance();
ts.load(new FileInputStream(props.getTrustStorePath()), props.getTrustStoreKey().toCharArray());
ks.load(new FileInputStream(props.getKeyStorePath()), props.getKeyStoreKey().toCharArray());
final SSLContext ssl = buildSslContext(props, ts, ks);
final ConnectionSocketFactory sslConnectionFactory = getSslConnectionFactory(ssl);
registryBuilder = createRegistryBuilder(HTTPS, sslConnectionFactory);
} else {
registryBuilder = createRegistryBuilder(HTTP, new PlainConnectionSocketFactory());
}
return registryBuilder.build();
}
protected RegistryBuilder<ConnectionSocketFactory> createRegistryBuilder(String id, ConnectionSocketFactory factory) {
return RegistryBuilder.<ConnectionSocketFactory>create().register(id, factory);
}
protected SSLContext buildSslContext(HttpClientProps props, KeyStore ts, KeyStore ks) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
return SSLContexts.custom()
.loadTrustMaterial(ts, this::getTrustStrategy)
.loadKeyMaterial(ks, props.getKeyStoreKey().toCharArray())
.setSecureRandom(new SecureRandom())
.build();
}
现在我正在尝试找出多个路线,例如:
如果两个路由都需要不同的密钥库JKS和信任库JKS 那么我如何在同一客户端中设置它,并将其配置为将keystore1和truststore1用于route1,将keystore2和truststore2用于route2?
还是应该为每个路由使用httpclient的新对象并分别设置密钥库和信任库? [在这种方法中,将为每个客户端创建一个新的线程池。我正在努力避免它。]