使用 Axis2/Java 创建 SSL 客户端


Creating SSL client with Axis2/Java

我正在尝试连接到使用 SSL 但没有成功的 WebService。我使用 Axis2,我发现了一些有用的文章:http://people.apache.org/~dumindu/docs/HowToConfigureSSL.html,但它是针对 C 的。在这篇文章中,他们使用 axis2 设置了 SERVER_CERT、KEY_FILE 和 SSL_PASSPHRASE 的路径。 xml 或 C 编码。我试图更改配置文件,但这对我不起作用。如果有人知道如何在 Java 代码中设置此参数,请告诉我。

我为不同的端点初始化了 EasySSLProtocolSocketFactory 和协议实例,并使用这样的唯一键注册协议:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/**
 * This method does the following:
 * 1. Creates a new and unique protocol for each SSL URL that is secured by client certificate
 * 2. Bind keyStore related information to this protocol
 * 3. Registers it with HTTP Protocol object
 * 4. Stores the local reference for this custom protocol for use during furture collect calls
 *
 *  @throws Exception
 */
public void registerProtocolCertificate() throws Exception {
    EasySSLProtocolSocketFactory easySSLPSFactory = new EasySSLProtocolSocketFactory();
    easySSLPSFactory.setKeyMaterial(createKeyMaterial());
    myProtocolPrefix = (HTTPS_PROTOCOL + uniqueCounter.incrementAndGet());
    Protocol httpsProtocol = new Protocol(myProtocolPrefix,(ProtocolSocketFactory) easySSLPSFactory, port);
    Protocol.registerProtocol(myProtocolPrefix, httpsProtocol);
    log.trace("Protocol ["+myProtocolPrefix+" ] registered for the first time");
}

/**
 * Load keystore for CLIENT-CERT protected endpoints
 */
private KeyMaterial createKeyMaterial() throws GeneralSecurityException, Exception  {
    KeyMaterial km = null;
    char[] password = keyStorePassphrase.toCharArray();
    File f = new File(keyStoreLocation);
    if (f.exists()) {
        try {
            km = new KeyMaterial(keyStoreLocation, password);
            log.trace("Keystore location is:" + keyStoreLocation +"");
        } catch (GeneralSecurityException gse) {
            if (logErrors){
                log.error("Exception occured while loading keystore from the following location:"+keyStoreLocation, gse);
                throw gse;
            }
        }
    } else {
        log.error("Unable to load Keystore from the following location:" + keyStoreLocation );
        throw new CollectorInitException("Unable to load Keystore from the following location:" + keyStoreLocation);
    }
    return km;
}

当我必须调用 Web 服务时,我会这样做(基本上将 URL 中的"https"替换为 https1、https2 或其他内容,具体取决于您为该特定端点初始化的协议):

1
2
httpClient.getHostConfiguration().setHost(host, port,Protocol.getProtocol(myProtocolPrefix));
initializeHttpMethod(this.url.toString().replace(HTTPS_PROTOCOL, myProtocolPrefix));

它就像一个魅力!

相关讨论

您可能对类似问题的回答感兴趣。特别是,Axis 2 似乎正在使用 Apache HttpClient 3.x,根据此文档:

If you want to perform SSL client
authentication (2-way SSL), you may
use the Protocol.registerProtocol
feature of HttpClient. You can
overwrite the"https" protocol, or use
a different protocol for your SSL
client authentication communications
if you don't want to mess with regular
https. Find more information at
http://jakarta.apache.org/commons/httpclient/sslguide.html

(您可以从现有的密钥库构建 SSLContext,并使用此套接字工厂配置 HttpClient 3.1。)