94 lines
3.6 KiB
Java
94 lines
3.6 KiB
Java
package com.tenwa.httpclient;
|
||
|
||
|
||
|
||
|
||
|
||
import com.amarsoft.awe.Configure;
|
||
import com.tenwa.httpclient.PyConfig;
|
||
|
||
import java.io.FileInputStream;
|
||
import java.io.IOException;
|
||
import java.io.InputStream;
|
||
import java.security.KeyManagementException;
|
||
import java.security.KeyStore;
|
||
import java.security.KeyStoreException;
|
||
import java.security.NoSuchAlgorithmException;
|
||
import java.security.UnrecoverableKeyException;
|
||
import java.security.cert.CertificateException;
|
||
|
||
import javax.net.ssl.KeyManager;
|
||
import javax.net.ssl.KeyManagerFactory;
|
||
import javax.net.ssl.SSLContext;
|
||
import javax.net.ssl.TrustManager;
|
||
import javax.net.ssl.TrustManagerFactory;
|
||
import javax.net.ssl.X509TrustManager;
|
||
|
||
/**
|
||
* 鹏元征信 SSLContext 帮助类
|
||
*/
|
||
public class PySSLContextUtil {
|
||
|
||
/**
|
||
* 使用该SSLContext,证书如下
|
||
* keystore : javax.net.ssl.keyStore 指定的证书
|
||
* truststore : javax.net.ssl.trustStore 指定的证书
|
||
*
|
||
* @return
|
||
* @throws NoSuchAlgorithmException
|
||
*/
|
||
public static SSLContext createDefaultSSLContext() throws NoSuchAlgorithmException {
|
||
return SSLContext.getDefault();
|
||
}
|
||
|
||
/**
|
||
* 使用该SSLContext, 证书可自定义
|
||
*
|
||
* @return
|
||
* @throws Exception
|
||
*/
|
||
public static SSLContext createCustomerSSLContext() throws Exception {
|
||
Configure CurConfig = Configure.getInstance();
|
||
SSLContext context = SSLContext.getInstance("TLSv1.2");
|
||
//KeyStore keyStore = getKeyStore("JKS", new FileInputStream(PyConfig.KEYSTORE_FILE), PyConfig.KEYSTORE_PASSWORD);
|
||
KeyStore keyStore = getKeyStore("JKS", new FileInputStream(CurConfig.getConfigure("KEYSTORE_FILE")), CurConfig.getConfigure("KEYSTORE_PASSWORD"));
|
||
|
||
KeyManager[] kms = createKeyManager(keyStore, PyConfig.KEYSTORE_PASSWORD);
|
||
KeyStore trustStore = getKeyStore("JKS", new FileInputStream(CurConfig.getConfigure("TRUSTSTORE_FILE")), CurConfig.getConfigure("TRUSTSTORE_PASSWORD"));
|
||
//带公钥证书
|
||
// TrustManager[] tms = createTrustManager(trustStore);
|
||
// context.init(kms, tms, null);
|
||
//不带公钥证书
|
||
context.init(kms,new TrustManager[]{new X509TrustManager(){
|
||
public void checkClientTrusted(java.security.cert.X509Certificate[] arg0,String arg1) throws CertificateException{
|
||
}
|
||
public void checkServerTrusted(java.security.cert.X509Certificate[] arg0,String arg1) throws CertificateException{
|
||
}
|
||
public java.security.cert.X509Certificate[] getAcceptedIssuers(){
|
||
return null;
|
||
}
|
||
}},null);
|
||
SSLContext.setDefault(context);
|
||
return context;
|
||
}
|
||
|
||
private static KeyManager[] createKeyManager(KeyStore keyStore, String password) throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
|
||
KeyManagerFactory factory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||
factory.init(keyStore, password.toCharArray());
|
||
return factory.getKeyManagers();
|
||
}
|
||
|
||
private static TrustManager[] createTrustManager(KeyStore trustStore) throws NoSuchAlgorithmException, KeyStoreException {
|
||
TrustManagerFactory factory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||
factory.init(trustStore);
|
||
return factory.getTrustManagers();
|
||
}
|
||
|
||
|
||
public static KeyStore getKeyStore(String keyStoreType, InputStream stream, String password) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
|
||
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
|
||
keyStore.load(stream, password.toCharArray());
|
||
return keyStore;
|
||
}
|
||
}
|