(如果和 keystore 密码相同,按回车):
以上命令执行完成后,将获得一个名为server.keystore的密匙库。
keytool -export -alias Server -file test_axis.cer -storepass strongit-keystore server.keystore
然后把RSA证书输入到一个新的信任库文件中。这个信任库被客户端使用,被用来验证服务器端的身份。
keytool -import -file test_axis.cer -storepass changeit -keystore client.truststore -alias serverkey -noprompt
以上命令执行完成后,将获得一个名为client.truststore的信任库。
同理生成客户端的密匙库client.keystore和服务器端的信任库server.truststore.方便起见给出.bat文件
gen-cer-store.bat内容如下:
更改Tomcat的配置文件(server.xml),增加以下部署描述符:(其实里面有,只是被注释掉了)
1<Connector port="8440"
2 maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
3 enableLookups="false" disableUploadTimeout="true"
4 acceptCount="100" scheme="https" secure="true"
5 clientAuth="true" keystoreFile="f:\server.keystore" keystorePass="changeit"
6 truststoreFile="f:\server.truststore" truststorePass="changeit"
7 sslProtocol="TLS" />
下面这个函数可以直接用:public static String requsetUrl(String urls) throws Exception{
BufferedReader br = null
String sTotalString= ""
try{
URL url = new URL(urls)
URLConnection connection = url.openConnection()
connection.setConnectTimeout(3000)
connection.setDoOutput(true)
String line = ""
InputStream l_urlStream
l_urlStream = connection.getInputStream()
br = new BufferedReader(new InputStreamReader(l_urlStream, "UTF-8"))
while ((line = br.readLine()) != null) {
sTotalString += line + "\r\n"
}
} finally {
if(br!=null){
try {
br.close()
} catch (IOException e) {
br = null
}
}
}
return sTotalString
}
public String sendPost(String url, String param) {String requestData = param//参数
String requsetString = url//远程接口地址
// First create a trust manager that won't care.
//信任任何证书
X509TrustManager trustManager = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Don't do anything.
}
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
// Don't do anything.
}
public X509Certificate[] getAcceptedIssuers() {
// Don't do anything.
return null
}
}
// 把信任证书放到ssl中
SSLContext sslcontext
String result = ""
try {
sslcontext = SSLContext.getInstance("SSL")
sslcontext.init(null, new TrustManager[] {trustManager}, null)
// Use the above SSLContext to create your socket factory
// (I found trying to extend the factory a bit difficult due to a
// call to createSocket with no arguments, a method which doesn't
// exist anywhere I can find, but hey-ho).
SSLSocketFactory sf = new SSLSocketFactory(sslcontext)
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
DefaultHttpClient httpclient = new DefaultHttpClient()
httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", sf, VariableTool.HTTP_NUM))
HttpPost httpPost = new HttpPost(requsetString)
// 执行https请求
httpPost.setHeader("Authorization", "basic " + "dGNsb3VkYWRtaW46dGNsb3VkMTIz")
httpPost.setHeader("Content-type", "application/xml")
StringEntity reqEntity
// 将请求参数封装成HttpEntity
reqEntity = new StringEntity(requestData,"UTF-8")
BufferedHttpEntity bhe = new BufferedHttpEntity(reqEntity)
httpPost.setEntity(bhe)
HttpResponse response = httpclient.execute(httpPost)
HttpEntity resEntity = response.getEntity()
InputStreamReader reader = new InputStreamReader(resEntity.getContent())
char[] buff = new char[1024]
int length = 0
while ((length = reader.read(buff)) != -1) {
result += new String(buff, 0, length)
}
logger.debug("调用ws接口返回:" + result)
httpclient.getConnectionManager().shutdown()
} catch (Exception e) {
e.printStackTrace()
return ""
}
return result
}
result 就是远程接口返回的接口