1. Certificate making
Reference: http://394938226.iteye.com/admin/blogs/2326459
2. Sample code
package com.irt.test.invoke;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class Test {
private static SSLSocketFactory socketFactory = null;
/**
* Use this method to send https requests to call the service interface
*
* @param url
* request address
* @param params
* request parameters
* @throws Exception
*/
public static String request(String url, Map<String, String> params) throws Exception {
URL ur = new URL(url);
HttpsURLConnection connection = (HttpsURLConnection) ur.openConnection();
if (socketFactory != null) {
connection.setSSLSocketFactory(socketFactory);
} else {
initSSLFactory();
connection.setSSLSocketFactory(socketFactory);
}
// Get the input stream of the connection to read the response content
InputStream in = connection.getInputStream();
InputStreamReader inr = new InputStreamReader(in, "utf-8");
BufferedReader reader = new BufferedReader(inr);
StringBuffer bf = new StringBuffer();
String msg;
while ((msg = reader.readLine()) != null) {
bf.append(msg);
}
in.close();
inr.close();
reader.close();
return bf.toString();
}
private static synchronized void initSSLFactory() throws Exception {
if (socketFactory == null) {
// Build the sslcontext instance
SSLContext ctx = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore ks = KeyStore.getInstance("PKCS12");
KeyStore tks = KeyStore.getInstance("JKS");
// Set client private key store
ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray());
// Set the server public key store
tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
kmf.init(ks, "irt123".toCharArray());
tmf.init(tks);
// Initialize private key and trust certificate
ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
socketFactory = ctx.getSocketFactory();
}
}
}
3. Pay attention
When making a certificate, do not add the server public key to the client keystore client.store.p12, and then
// Set client private key store
ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray());
// Set the server public key store
tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
This place uses the same file client.store.p12, otherwise when running in the jkd1.7 environment, the ssl verification will fail.