使用Axis2 / Java创建SSL客户端

时间:2011-06-24 09:27:13

标签: java ssl axis2

我正在尝试连接到使用SSL的WebService,但没有成功。我使用Axis2,我发现了一些有用的文章:http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html,但是它适用于C.在本文中,他们使用axis2.xml或C编码将pathes设置为SERVER_CERT,KEY_FILE和SSL_PASSPHRASE。我试图更改配置文件,但这对我不起作用。如果有人知道如何在Java代码中设置这些参数,请告诉我。

2 个答案:

答案 0 :(得分:1)

您可能对this answer感兴趣的类似问题。特别是,根据this document,Axis 2似乎正在使用Apache HttpClient 3.x:

  

如果要执行SSL客户端   验证(双向SSL),你可以   使用Protocol.registerProtocol   HttpClient的功能。您可以   覆盖“https”协议,或使用   SSL的不同协议   客户端认证通信   如果你不想乱用常规   HTTPS。有关详细信息,请访问   http://jakarta.apache.org/commons/httpclient/sslguide.html

(您可以从现有密钥库构建SSLContext,并使用this socket factory配置HttpClient 3.1。)

答案 1 :(得分:1)

我为不同的端点初始化EasySSLProtocolSocketFactory和Protocol实例,并使用如下唯一键注册协议:

/**
 * This method does the following:
 * 1. Creates a new and unique protocol for each SSL URL that is secured by client certificate
 * 2. Bind keyStore related information to this protocol
 * 3. Registers it with HTTP Protocol object 
 * 4. Stores the local reference for this custom protocol for use during furture collect calls
 * 
 *  @throws Exception
 */
public void registerProtocolCertificate() throws Exception {
    EasySSLProtocolSocketFactory easySSLPSFactory = new EasySSLProtocolSocketFactory();
    easySSLPSFactory.setKeyMaterial(createKeyMaterial());
    myProtocolPrefix = (HTTPS_PROTOCOL + uniqueCounter.incrementAndGet());
    Protocol httpsProtocol = new Protocol(myProtocolPrefix,(ProtocolSocketFactory) easySSLPSFactory, port);
    Protocol.registerProtocol(myProtocolPrefix, httpsProtocol);
    log.trace("Protocol [ "+myProtocolPrefix+" ] registered for the first time");
}

/**
 * Load keystore for CLIENT-CERT protected endpoints
 */
private KeyMaterial createKeyMaterial() throws GeneralSecurityException, Exception  {
    KeyMaterial km = null;
    char[] password = keyStorePassphrase.toCharArray();
    File f = new File(keyStoreLocation);
    if (f.exists()) {
        try {
            km = new KeyMaterial(keyStoreLocation, password);
            log.trace("Keystore location is: " + keyStoreLocation + "");
        } catch (GeneralSecurityException gse) {
            if (logErrors){
                log.error("Exception occured while loading keystore from the following location: "+keyStoreLocation, gse);
                throw gse;
            }
        }
    } else {
        log.error("Unable to load Keystore from the following location: " + keyStoreLocation );
        throw new CollectorInitException("Unable to load Keystore from the following location: " + keyStoreLocation);
    }
    return km;
}

当我必须调用Web服务时,我这样做(基本上用URL替换https1中的“https”,或https2或其他东西,具体取决于您为该特定端点初始化的协议):

httpClient.getHostConfiguration().setHost(host, port,Protocol.getProtocol(myProtocolPrefix));
initializeHttpMethod(this.url.toString().replace(HTTPS_PROTOCOL, myProtocolPrefix));

它就像一个魅力!

相关问题
最新问题