Certificate authentication and Httpclient remote scheduling method
1. Certificate Authentication Creation
1.0 Service Authentication Command
keytool -genkey -v -alias server -keyalg RSA -keystore /opt/yht/aaa/tomcat.keystore -validity 36500
What are your first and last names (fill in the currently deployed IP address) otherwise remote scheduling will
go
wrong .key.p12
(But you can bypass https authentication, you don't need client authentication, if you want to authenticate, you have to generate client authentication)
The online method
generates a certificate for the server
keytool -genkey -v -alias server -keyalg RSA -keystore d:\key2 \server.keystore -validity 36500
Generate certificate for client
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:\key2\client.key.p12
Import the client certificate
to let the server trust the client certificate
1. First put the client certificate in the cer file format
keytool -export -alias client -keystore d:\key2\client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:\key2\client.key.cer
2. Import the client cer into the server certificate store
keytool -import -v -file d:\key2\client.key.cer -keystore d:\key2\server.keystore
3. View the installation result
keytool -list -keystore d: \key2\server.keystore
Let the client trust the server certificate
1. Put the server certificate everywhere as a cer file
keytool -keystore d:\key2\server.keystore -export -alias server -file d:\key2\server.cer
2. Install the server certificate on the client,
select a trusted root certificate authority,
configure tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme= "https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\\key2\\server.keystore" keystorePass="123456"
truststoreFile="D:\\key2\\server.keystore " truststorePass="123456" />
II. Httpclient remote scheduling method
package com.gh.client.tools;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
/**
* Use http for get post request to pass value
*
* @author yht
*
*/
public class HttpclientMethodTools {
/**
* Bypass verification
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("SSLv3");
// Implement an X509TrustManager interface to bypass verification without modifying the method inside
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
return sc;
}
/**
* Make a post request
*
* @param url
* url parameter passed
* @param msgbody
* information structure passed
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static Map<String, Object> methPost(String url , Map<String, String> msgbody)
throws KeyManagementException, NoSuchAlgorithmException {
// Return the result object
Map<String, Object> resultobject = new HashMap<String, Object>();
// Whether the status code 2000 after the request is successful means success 2001 Indicates failure
int statuscode = 2000;
// Handle https request
SSLContext by bypassing verification sslcontext = createIgnoreVerifySSL();
// Set the object of processing socket link factory corresponding to protocol http and https
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", new SSLConnectionSocketFactory(sslcontext)).build();
PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
HttpClients.custom().setConnectionManager(connManager);
// 创建自定义的httpclient对象
CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(connManager).build();
// 实例化httpClient
// CloseableHttpClient httpclient = HttpClients.createDefault();
// 实例化post方法
HttpPost httpPost = new HttpPost(url);
// 指定报文头Content-type、User-Agent
httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2");
// 处理参数
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
Set<String> keySet = msgbody.keySet();
for (String key : keySet) {
nvps.add(new BasicNameValuePair(key, msgbody.get(key)));
}
// 结果
CloseableHttpResponse response = null;
String content = "";
try {
// 提交的参数
UrlEncodedFormEntity uefEntity = new UrlEncodedFormEntity(nvps, "UTF-8");
// 将参数给post方法
httpPost.setEntity(uefEntity);response = httpclient.execute(httpPost);
// Execute the post method
if (response.getStatusLine().getStatusCode() == 200) {
content = EntityUtils.toString(response.getEntity(), "utf-8");
} else {
statuscode = 2001;
}
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
statuscode = 2001;
} catch (ClientProtocolException e) {
e.printStackTrace();
statuscode = 2001;
} catch (IOException e) {
e.printStackTrace();
statuscode = 2001;
} finally {
try {
if (response != null) {
response.close();
}
if (httpclient != null) {
httpclient.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
resultobject.put("statuscode", statuscode);
resultobject.put("content", content);
return resultobject;
}
}