我有一些应用程序需要在同一个应用程序服务器中运行.每个应用程序都需要使用特定于该应用程序的证书通过同一Web服务进行身份验证.
显然,我可以将所有证书放在同一个密钥库中,但是如何指定我必须使用哪个?
对于我正在使用Spring WebServiceTemplate的调用,我想找到一些可以在spring xml配置文件中轻松配置的东西.
我试图遵循这个:
How can I have multiple SSL certificates for a Java server
整个概念很清楚但我无法理解如何将它与Spring WebServiceTemplate链接以及如何在调用内部指定我必须使用的证书.
最佳答案
我找到了解决方案.它不完美,或完全干净.
我需要更多的测试,以确保它正在运行,在它运行的那一刻.
我需要更多的测试,以确保它正在运行,在它运行的那一刻.
这是神奇的factorybean“CustomSSLHttpClientFactory.java”.
package foo.bar.services;
import java.io.InputStream;
import java.net.Socket;
import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.SSLContext;
import org.apache.http.client.HttpClient;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.HttpClientConnectionManager;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.PrivateKeyDetails;
import org.apache.http.conn.ssl.PrivateKeyStrategy;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
import org.springframework.beans.factory.factorybean;
import org.springframework.core.io.Resource;
/**
* Custom SSL HttpClientFactoy.
* It allow to specify the certificate for a single specific implementation.
* It's needed when you have a single URL to call but different certificate,each one specific for a single page/function/user
*
* @author roberto.gabrieli
*
*/
public class CustomSSLHttpClientFactory implements factorybeantocharArray());
keyStore.load(instreamKeys,keyStorePassword.tocharArray());
}
finally
{
instreamKeys.close();
instreamTrust.close();
}
SSLContextBuilder sslCtxBuilder = SSLContexts.custom().loadTrustMaterial(trustStore,new TrustSelfSignedStrategy());
PrivateKeyStrategy apks = null;
// check if the alias is specified null and "" will mean -no alias-
if ( this.certAlias != null && !this.certAlias.trim().equals("") )
{
apks = new AliasPrivateKeyStrategy(this.certAlias);
sslCtxBuilder = sslCtxBuilder.loadKeyMaterial(keyStore,keyStorePassword.tocharArray(),apks);
}
else
{
sslCtxBuilder = sslCtxBuilder.loadKeyMaterial(keyStore,keyStorePassword.tocharArray());
}
SSLContext sslcontext = sslCtxBuilder.build();
//All the stuff for the connection build
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,allowedProtocols,null,SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
builder.setSSLSocketFactory(sslsf);
Registry 这是“spring-config.xml”中所需的配置
