Apache自定义TrustManager
Apache自定义TrustManager
提问于 2014-12-04 18:06:58
我想为特定的org.apache.axis.client.Call分配一个自定义的信任管理器。使用Java中的常规HTTP客户端,我只需创建一个SSLContext和TrustManager。
这在Apache中是可能的吗?
回答 1
Stack Overflow用户
发布于 2015-02-18 13:00:15
这在Apache中是非常可能的,当您考虑创建一个自定义SSLContext和TrustManager时,您就会发现这一点。您可以创建一个实现Axis SecureSocketFactory接口的类,并定义一个create()方法,该方法将返回一个自定义套接字。在调用之前,您必须告诉Axis,您希望使用这个自定义套接字工厂,代码如下:
AxisProperties.setProperty("axis.socketSecureFactory", "com.ade.martini.YourSecureSocketFactory");之后,您可以像往常一样调用Axis:
Service service = new Service();
Call call = (Call) service.createCall();
// set your endpoint, operation, etc.
call.invoke(...);下面是类YourSecureSocketFactory的样子:
package com.ade.martini;
import org.apache.axis.components.net.BooleanHolder;
import org.apache.axis.components.net.SecureSocketFactory;
import javax.net.ssl.*;
import java.io.*;
import java.net.Socket;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
public class YourSecureSocketFactory implements SecureSocketFactory {
private String KEYSTORE_TYPE = "JKS";
private String PROTOCOL = "SSL";
private String ALGORITHM = "SunX509";
private int DEFAULT_PORT = 443;
protected SSLSocketFactory sslFactory = null;
private String keystoreFile;
private String keystorePass;
private KeyStore kstore = null;
public AxisSecureSocketFactory(Hashtable attributes) {
}
public Socket create(String host, int port, StringBuffer otherHeaders, BooleanHolder useFullURL)
throws Exception {
if (sslFactory == null) initFactory();
if (port<=0) port = DEFAULT_PORT;
Socket sslSocket = sslFactory.createSocket(host, port);
return sslSocket;
}
protected void initFactory() throws IOException {
/* One way to find certificates */
keystoreFile = "yourkeystore.jks";
keystorePass = "password";
try {
SSLContext sslContext = getContext();
sslFactory = sslContext.getSocketFactory();
} catch (Exception e) {
if (e instanceof IOException) {
throw (IOException) e;
}
throw new IOException(e.getMessage());
}
}
/* this method will accept all certificates and therefore should NOT
be used in most production settings */
private TrustManager[ ] getTrustManagers() {
TrustManager[ ] certs = new TrustManager[ ] {
new X509TrustManager() {
public X509Certificate[ ] getAcceptedIssuers() { return null; }
public void checkClientTrusted(X509Certificate[ ] certs, String t) { }
public void checkServerTrusted(X509Certificate[ ] certs, String t) { }
}
};
return certs;
}
protected SSLContext getContext() throws Exception {
kstore = initKeyStore(keystoreFile, keystorePass);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(ALGORITHM);
kmf.init(kstore, keystorePass.toCharArray());
SSLContext sslContext = SSLContext.getInstance(PROTOCOL);
sslContext.init(kmf.getKeyManagers(), getTrustManagers(), new SecureRandom());
return (sslContext);
}
private KeyStore initKeyStore(String keystoreFile, String keystorePass)
throws IOException {
try {
KeyStore kstore = KeyStore.getInstance(KEYSTORE_TYPE);
ClassLoader classLoader = YourSecureSocketFactory.class.getClassLoader();
File file = new File(classLoader.getResource(keystoreFile).getFile());
InputStream istream = new FileInputStream(file);
kstore.load(istream, keystorePass.toCharArray());
return kstore;
} catch (FileNotFoundException fnfe) {
throw fnfe;
} catch (IOException ioe) {
throw ioe;
} catch (Exception ex) {
ex.printStackTrace();
throw new IOException("Exception trying to load keystore " + keystoreFile + ": " + ex.getMessage());
}
}
}如果在create()方法中放置断点,则会注意到当调用Axis调用时将执行断点。看到正在执行的代码,就可以确认Axis正在使用您的自定义套接字以及我们定义的自定义TrustManager。
请注意,我在示例代码中使用的TrustManager将接受来自服务器的所有证书。这通常不是你在生产中想要的行为。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/27300946
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号