证书认证和Httpclient远程调度调度的方法
一.证书认证创建
1.0 服务认证命令
keytool -genkey -v -alias server -keyalg RSA -keystore /opt/yht/aaa/tomcat.keystore -validity 36500
你的名字与姓氏是什么(填当前部署的IP地址)不然远程调度会出错
2.0 客户端认证的命令
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore /opt/yht/aaa/client.key.p12
(但是可以绕过https认证,就可以不需要客户端认证,如果要认证就得生成客户端认证)
网上的方法
为服务器生成证书
keytool -genkey -v -alias server -keyalg RSA -keystore d:\key2\server.keystore -validity 36500
为客户端生成证书
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:\key2\client.key.p12
导入客户端证书
让服务器信任客户端证书
1.先把客户端证书到处为cer文件格式
keytool -export -alias client -keystore d:\key2\client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:\key2\client.key.cer
2.将客户端cer导入到服务器证书库
keytool -import -v -file d:\key2\client.key.cer -keystore d:\key2\server.keystore
3.查看安装结果
keytool -list -keystore d:\key2\server.keystore
让客户端信任服务器证书
1.把服务器证书到处为cer文件
keytool -keystore d:\key2\server.keystore -export -alias server -file d:\key2\server.cer
2.在客户端安装服务器证书
选择受信任的根证书颁发机构
配置tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\\key2\\server.keystore" keystorePass="123456"
truststoreFile="D:\\key2\\server.keystore" truststorePass="123456" />
二.Httpclient远程调度的方法
package com.gh.client.tools;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
/**
* 用 http 进行get post的请求进行传值
*
* @author yht
*
*/
public class HttpclientMethodTools {
/**
* 绕过验证
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("SSLv3");
// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
return sc;
}
/**
* 进行post 请求
*
* @param url
* 传递的url参数
* @param msgbody
* 传递信息结构
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static Map<String, Object> methPost(String url, Map<String, String> msgbody)
throws KeyManagementException, NoSuchAlgorithmException {
// 返回结果对象
Map<String, Object> resultobject = new HashMap<String, Object>();
// 是否请求成功后的状态码 2000 表示成功 2001 表示失败
int statuscode = 2000;
// 采用绕过验证的方式处理https请求
SSLContext sslcontext = createIgnoreVerifySSL();
// 设置协议http和https对应的处理socket链接工厂的对象
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", new SSLConnectionSocketFactory(sslcontext)).build();
PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
HttpClients.custom().setConnectionManager(connManager);
// 创建自定义的httpclient对象
CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(connManager).build();
// 实例化httpClient
// CloseableHttpClient httpclient = HttpClients.createDefault();
// 实例化post方法
HttpPost httpPost = new HttpPost(url);
// 指定报文头Content-type、User-Agent
httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2");
// 处理参数
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
Set<String> keySet = msgbody.keySet();
for (String key : keySet) {
nvps.add(new BasicNameValuePair(key, msgbody.get(key)));
}
// 结果
CloseableHttpResponse response = null;
String content = "";
try {
// 提交的参数
UrlEncodedFormEntity uefEntity = new UrlEncodedFormEntity(nvps, "UTF-8");
// 将参数给post方法
httpPost.setEntity(uefEntity);
// 执行post方法
response = httpclient.execute(httpPost);
if (response.getStatusLine().getStatusCode() == 200) {
content = EntityUtils.toString(response.getEntity(), "utf-8");
} else {
statuscode = 2001;
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
statuscode = 2001;
} catch (ClientProtocolException e) {
e.printStackTrace();
statuscode = 2001;
} catch (IOException e) {
e.printStackTrace();
statuscode = 2001;
} finally {
try {
if (response != null) {
response.close();
}
if (httpclient != null) {
httpclient.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
resultobject.put("statuscode", statuscode);
resultobject.put("content", content);
return resultobject;
}
}