CXF客户端调用https Webservice
发布时间:2020-12-16 22:27:58 所属栏目:安全 来源:网络整理
导读:1.生成服务器端所需证书文件 #设置变量set OPENSSL_CONF=openssl.cfg# 生成一个RSA密钥 openssl genrsa -des3 -out server.key 1024# 生成一个证书请求openssl req -new -key server.key -out server.csr# 拷贝一个不需要输入密码的密钥文件openssl rsa -in
|
1.生成服务器端所需证书文件 #设置变量 set OPENSSL_CONF=openssl.cfg # 生成一个RSA密钥 openssl genrsa -des3 -out server.key 1024 # 生成一个证书请求 openssl req -new -key server.key -out server.csr # 拷贝一个不需要输入密码的密钥文件 openssl rsa -in server.key -out server_nopwd.key # 自己签发证书 openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt 2.生成cxf调用https webservice 所用的证书文件 #从key和crt生成pkcs12格式的keystore openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile server.crt -caname root -chain #生成需要的keystore keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456 3.客户端代码 package cn.net.sunge.gdms.util;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
public class WsClientUtil {
public static <T> T getInterface(Class<T> clazz,String address) {
return getInterface(clazz,address,null);
}
@SuppressWarnings("unchecked")
public static <T> T getInterface(Class<T> clazz,String address,Map<String,Object> properties) {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setAddress(address);
factory.setServiceClass(clazz);
if (null != properties) {
factory.setProperties(properties);
}
return (T) factory.create();
}
public static <T> T getHttpsInterface(Class<T> clazz,String jksPath,String jksPwd) {
return getHttpsInterface(clazz,jksPath,jksPwd,null);
}
@SuppressWarnings("unchecked")
public static <T> T getHttpsInterface(Class<T> clazz,String jksPwd,Object> properties) {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setAddress(address);
factory.setServiceClass(clazz);
if (null != properties) {
factory.setProperties(properties);
}
T t = (T) factory.create();
configureSSLOnTheClient(t,jksPwd);
return t;
}
private static void configureSSLOnTheClient(Object obj,String jksPwd) {
File file = new File(jksPath);
Client client = ClientProxy.getClient(obj);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
try {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);
KeyStore keyStore = KeyStore.getInstance("JKS");
String password = jksPwd;
String storePassword = jksPwd;
keyStore.load(new FileInputStream(file),storePassword.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(trustManagers);
keyStore.load(new FileInputStream(file),storePassword.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore,password.toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(keyManagers);
// FiltersType filtersTypes = new FiltersType();
// filtersTypes.getInclude().add(".*_EXPORT_.*");
// filtersTypes.getInclude().add(".*_EXPORT1024_.*");
// filtersTypes.getInclude().add(".*_WITH_DES_.*");
// filtersTypes.getInclude().add(".*_WITH_NULL_.*");
// filtersTypes.getExclude().add(".*_DH_anon_.*");
// tlsParams.setCipherSuitesFilter(filtersTypes);
tlsParams.setDisableCNCheck(true);
httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
e.printStackTrace();
}
}
}
参考资料: http://bbs.csdn.net/topics/350150090 (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |