#设置变量 set OPENSSL_CONF=openssl.cfg # 生成一个RSA密钥 openssl genrsa -des3 -out server.key 1024 # 生成一个证书请求 openssl req -new -key server.key -out server.csr # 拷贝一个不需要输入密码的密钥文件 openssl rsa -in server.key -out server_nopwd.key # 自己签发证书 openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
2.生成cxf调用https webservice 所用的证书文件
#从key和crt生成pkcs12格式的keystore openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile server.crt -caname root -chain #生成需要的keystore keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456
3.客户端代码
package cn.net.sunge.gdms.util; import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import java.util.Map; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.jaxws.JaxWsProxyfactorybean; import org.apache.cxf.transport.http.HTTPConduit; public class WsClientUtil { public static <T> T getInterface(Class<T> clazz,String address) { return getInterface(clazz,address,null); } @SuppressWarnings("unchecked") public static <T> T getInterface(Class<T> clazz,String address,Map<String,Object> properties) { JaxWsProxyfactorybean factory = new JaxWsProxyfactorybean(); factory.setAddress(address); factory.setServiceClass(clazz); if (null != properties) { factory.setProperties(properties); } return (T) factory.create(); } public static <T> T getHttpsInterface(Class<T> clazz,String jksPath,String jksPwd) { return getHttpsInterface(clazz,jksPath,jksPwd,null); } @SuppressWarnings("unchecked") public static <T> T getHttpsInterface(Class<T> clazz,String jksPwd,Object> properties) { JaxWsProxyfactorybean factory = new JaxWsProxyfactorybean(); factory.setAddress(address); factory.setServiceClass(clazz); if (null != properties) { factory.setProperties(properties); } T t = (T) factory.create(); configureSSLOnTheClient(t,jksPwd); return t; } private static void configureSSLOnTheClient(Object obj,String jksPwd) { File file = new File(jksPath); Client client = ClientProxy.getClient(obj); HTTPConduit httpConduit = (HTTPConduit) client.getConduit(); try { TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setdisableCNCheck(true); KeyStore keyStore = KeyStore.getInstance("JKS"); String password = jksPwd; String storePassword = jksPwd; keyStore.load(new FileInputStream(file),storePassword.tochararray()); TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustFactory.init(keyStore); TrustManager[] trustManagers = trustFactory.getTrustManagers(); tlsParams.setTrustManagers(trustManagers); keyStore.load(new FileInputStream(file),storePassword.tochararray()); KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyFactory.init(keyStore,password.tochararray()); KeyManager[] keyManagers = keyFactory.getKeyManagers(); tlsParams.setKeyManagers(keyManagers); // FiltersType filtersTypes = new FiltersType(); // filtersTypes.getInclude().add(".*_EXPORT_.*"); // filtersTypes.getInclude().add(".*_EXPORT1024_.*"); // filtersTypes.getInclude().add(".*_WITH_DES_.*"); // filtersTypes.getInclude().add(".*_WITH_NULL_.*"); // filtersTypes.getExclude().add(".*_DH_anon_.*"); // tlsParams.setCipherSuitesFilter(filtersTypes); tlsParams.setdisableCNCheck(true); httpConduit.setTlsClientParameters(tlsParams); } catch (Exception e) { e.printstacktrace(); } } }
参考资料:
http://bbs.csdn.net/topics/350150090
http://www.educity.cn/wenda/130283.html
http://www.voidcn.com/article/p-tmywelna-nt.html
http://bbs.csdn.net/topics/350150090
http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
http://www.voidcn.com/article/p-gwravcec-ke.html
http://zhidao.baidu.com/link?url=YCxDHHSJWpuin3OdnmN9QUj7lauIEAHi2RE6BT0cwk22G3eqbX30Dr-OXcJt0hYCHZcp27e3iAx0xIG8IyInOqzq2YUCDbON78D3rOJ1y_7
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
