1.证书制作
参考:http://394938226.iteye.com/admin/blogs/2326459
2.示例代码
package com.irt.test.invoke; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.InputStream; import java.io.InputStreamReader; import java.net.URL; import java.security.KeyStore; import java.util.Map; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class Test { private static SSLSocketFactory socketFactory = null; /** * 使用此方法发送https请求调用服务接口 * * @param url * 请求地址 * @param params * 请求参数 * @throws Exception */ public static String request(String url, Map<String, String> params) throws Exception { URL ur = new URL(url); HttpsURLConnection connection = (HttpsURLConnection) ur.openConnection(); if (socketFactory != null) { connection.setSSLSocketFactory(socketFactory); } else { initSSLFactory(); connection.setSSLSocketFactory(socketFactory); } // 取得该连接的输入流,以读取响应内容 InputStream in = connection.getInputStream(); InputStreamReader inr = new InputStreamReader(in, "utf-8"); BufferedReader reader = new BufferedReader(inr); StringBuffer bf = new StringBuffer(); String msg; while ((msg = reader.readLine()) != null) { bf.append(msg); } in.close(); inr.close(); reader.close(); return bf.toString(); } private static synchronized void initSSLFactory() throws Exception { if (socketFactory == null) { // 构建sslcontext实例 SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("PKCS12"); KeyStore tks = KeyStore.getInstance("JKS"); // 设置客户端私钥库 ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray()); // 设置服务端公钥库 tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray()); kmf.init(ks, "irt123".toCharArray()); tmf.init(tks); // 初始化私钥和信任证书 ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); socketFactory = ctx.getSocketFactory(); } } }
3.注意
制作证书时,不要将服务端公钥加入到客户端秘钥库client.store.p12中,然后在代码
// 设置客户端私钥库 ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray()); // 设置服务端公钥库 tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
这个地方都使用同一个文件client.store.p12,否则当运行在jkd1.7环境时,ssl校验会失败。