1. Certificate making
Reference: http://394938226.iteye.com/admin/blogs/2326459
2. Sample code
package com.irt.test.invoke; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.InputStream; import java.io.InputStreamReader; import java.net.URL; import java.security.KeyStore; import java.util.Map; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; public class Test { private static SSLSocketFactory socketFactory = null; /** * Use this method to send https requests to call the service interface * * @param url * request address * @param params * request parameters * @throws Exception */ public static String request(String url, Map<String, String> params) throws Exception { URL ur = new URL(url); HttpsURLConnection connection = (HttpsURLConnection) ur.openConnection(); if (socketFactory != null) { connection.setSSLSocketFactory(socketFactory); } else { initSSLFactory(); connection.setSSLSocketFactory(socketFactory); } // Get the input stream of the connection to read the response content InputStream in = connection.getInputStream(); InputStreamReader inr = new InputStreamReader(in, "utf-8"); BufferedReader reader = new BufferedReader(inr); StringBuffer bf = new StringBuffer(); String msg; while ((msg = reader.readLine()) != null) { bf.append(msg); } in.close(); inr.close(); reader.close(); return bf.toString(); } private static synchronized void initSSLFactory() throws Exception { if (socketFactory == null) { // Build the sslcontext instance SSLContext ctx = SSLContext.getInstance("TLS"); KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); KeyStore ks = KeyStore.getInstance("PKCS12"); KeyStore tks = KeyStore.getInstance("JKS"); // Set client private key store ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray()); // Set the server public key store tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray()); kmf.init(ks, "irt123".toCharArray()); tmf.init(tks); // Initialize private key and trust certificate ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); socketFactory = ctx.getSocketFactory(); } } }
3. Pay attention
When making a certificate, do not add the server public key to the client keystore client.store.p12, and then
// Set client private key store ks.load(new FileInputStream("e:/ssl/irootech/client.store.p12"), "123456".toCharArray()); // Set the server public key store tks.load(new FileInputStream("e:/ssl/irootech/server-pub.store.jks"), "654321".toCharArray());
This place uses the same file client.store.p12, otherwise when running in the jkd1.7 environment, the ssl verification will fail.