HttpClient https双向验证

已经发布的准备要测试的https服务：

package com.abin.lee.https;

 

import java.io.IOException;

import java.io.PrintWriter;

import java.util.Map;

 

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

 

@SuppressWarnings("serial")

public class ReceiveHttpClientRequest extends HttpServlet {

public void service(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

System.out.println("receive https request");

Map map=request.getParameterMap();

String user=(((Object[])map.get("user"))[0]).toString();

System.out.println("user="+user);

String pwd=(((Object[])map.get("pwd"))[0]).toString();

System.out.println("pwd="+pwd);

 

//给调用者返回值

PrintWriter write=response.getWriter();

write.write("receive HttpClient success");

write.flush();

write.close();

}

}

//web.xml

<servlet>

<servlet-name>httpsClientRequest</servlet-name>

<servlet-class>com.abin.lee.https.ReceiveHttpClientRequest</servlet-class>

</servlet>

<servlet-mapping>

<servlet-name>httpsClientRequest</servlet-name>

<url-pattern>/httpsClientRequest</url-pattern>

</servlet-mapping>

//HttpClient测试类

package com.abin.lee.test;

 

import java.io.BufferedReader;

import java.io.FileInputStream;

import java.io.InputStreamReader;

import java.security.KeyStore;

import java.util.ArrayList;

import java.util.List;

 

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

 

import junit.framework.TestCase;

 

import org.apache.http.HttpResponse;

import org.apache.http.NameValuePair;

import org.apache.http.client.HttpClient;

import org.apache.http.client.entity.UrlEncodedFormEntity;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.conn.scheme.Scheme;

import org.apache.http.conn.ssl.SSLSocketFactory;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.message.BasicNameValuePair;

import org.apache.http.protocol.HTTP;

import org.junit.Before;

import org.junit.Test;

 

public class HttpsClient extends TestCase {

private String httpUrl = "https://localhost:8443/global/httpsClientRequest";

// 客户端密钥库

private String sslKeyStorePath;

private String sslKeyStorePassword;

private String sslKeyStoreType;

// 客户端信任的证书

private String sslTrustStore;

private String sslTrustStorePassword;

 

@Before

public void setUp() {

sslKeyStorePath = "D:\\home\\tomcat.keystore";

sslKeyStorePassword = "stevenjohn";

sslKeyStoreType = "JKS"; // 密钥库类型，有JKS PKCS12等

sslTrustStore = "D:\\home\\tomcat.keystore";

sslTrustStorePassword = "stevenjohn";

System.setProperty("javax.net.ssl.keyStore", sslKeyStorePath);

System.setProperty("javax.net.ssl.keyStorePassword",

sslKeyStorePassword);

System.setProperty("javax.net.ssl.keyStoreType", sslKeyStoreType);

// 设置系统参数

System.setProperty("javax.net.ssl.trustStore", sslTrustStore);

System.setProperty("javax.net.ssl.trustStorePassword",

sslTrustStorePassword);

}

 

@Test

public void testHttpsClient() {

SSLContext sslContext = null;

try {

KeyStore kstore = KeyStore.getInstance("jks");

kstore.load(new FileInputStream(sslKeyStorePath),

sslKeyStorePassword.toCharArray());

KeyManagerFactory keyFactory = KeyManagerFactory

.getInstance("sunx509");

keyFactory.init(kstore, sslKeyStorePassword.toCharArray());

 

KeyStore tstore = KeyStore.getInstance("jks");

tstore.load(new FileInputStream(sslTrustStore),

sslTrustStorePassword.toCharArray());

TrustManager[] tm;

TrustManagerFactory tmf = TrustManagerFactory

.getInstance("sunx509");

tmf.init(tstore);

tm = tmf.getTrustManagers();

 

sslContext = SSLContext.getInstance("SSL");

sslContext.init(keyFactory.getKeyManagers(), tm, null);

} catch (Exception e) {

e.printStackTrace();

}

 

try {

HttpClient httpClient = new DefaultHttpClient();

SSLSocketFactory socketFactory = new SSLSocketFactory(sslContext);

Scheme sch = new Scheme("https", 8443, socketFactory);

httpClient.getConnectionManager().getSchemeRegistry().register(sch);

 

HttpPost httpPost = new HttpPost(httpUrl);

List<NameValuePair> nvps = new ArrayList<NameValuePair>();

nvps.add(new BasicNameValuePair("user", "abin"));

nvps.add(new BasicNameValuePair("pwd", "abing"));

 

httpPost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

HttpResponse httpResponse = httpClient.execute(httpPost);

String spt = System.getProperty("line.separator"); 

BufferedReader buffer = new BufferedReader(new InputStreamReader(

httpResponse.getEntity().getContent()));

StringBuffer stb=new StringBuffer();

String line=null;

while((line=buffer.readLine())!=null){

stb.append(line);

}

buffer.close();

String result=stb.toString();

System.out.println("result="+result);

} catch (Exception e) {

e.printStackTrace();

}

 

}

 

}

 

//tomcat配置文件：（前提是https双向验证证书生成的没有一点问题）

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

   SSLEnabled="true" maxThreads="150" scheme="https"

   secure="true" clientAuth="true" sslProtocol="TLS"

   keystoreFile="D:\\home\\tomcat.keystore" keystorePass="stevenjohn"

   truststoreFile="D:\\home\\tomcat.keystore" truststorePass="stevenjohn" />