相互验证与X509证书使用的HttpClient 4.0.1 [英] Mutual Authentication with x509 Certificates using HttpClient 4.0.1

问题描述

有没有人对如何通过使用4.0.1 X509证书进行了HTTPClient客户端身份验证的友情提示？

Does anyone have any friendly tips on how to perform client authentication via an x509 certificate using HTTPClient 4.0.1?

感谢您的时间。

推荐答案

下面是一些code，让你去。在密钥库是包含客户端证书的对象。如果服务器使用的是自签名证书或由JVM中的cacerts包含可识别的文件，那么你将需要使用信任库。否则，使用默认的cacerts文件，在空传递给 SSLSockeFactory 的信任参数。

Here is some code to get you going. The KeyStore is the object that contains the client certificate. If the server is using a self-signed certificate or a certificate that isn't signed by a CA as recognized by the JVM in the included cacerts file then you will need to use a TrustStore. Otherwise to use the default cacerts file, pass in null to SSLSockeFactory for the truststore argument..

import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpParams;

...

final HttpParams httpParams = new BasicHttpParams();

// load the keystore containing the client certificate - keystore type is probably jks or pkcs12
final KeyStore keystore = KeyStore.getInstance("pkcs12");
InputStream keystoreInput = null;
// TODO get the keystore as an InputStream from somewhere
keystore.load(keystoreInput, "keystorepassword".toCharArray());

// load the trustore, leave it null to rely on cacerts distributed with the JVM - truststore type is probably jks or pkcs12
KeyStore truststore = KeyStore.getInstance("pkcs12");
InputStream truststoreInput = null;
// TODO get the trustore as an InputStream from somewhere
truststore.load(truststoreInput, "truststorepassword".toCharArray());

final SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", new SSLSocketFactory(keystore, keystorePassword, truststore), 443));

final DefaultHttpClient httpClient = new DefaultHttpClient(new ThreadSafeClientConnManager(httpParams, schemeRegistry), httpParams);

这篇关于相互验证与X509证书使用的HttpClient 4.0.1的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！