Ukážka konfigurácie Apache HttpClienta 4.1.x pre nasledovnú situáciu:
- klient sa autentifikuje oproti SSL serveru klientskym certifikátom
- klientsky certifikát je uložený v PKCS#12 súbore (spolu s privátnym kľúčom) s príslušným heslom
- neoverujeme identitu servera a serverovský certifikát ignorujeme
Kód
KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream("etc/test.p12"), "nbusr123".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "nbusr123".toCharArray());
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{tm}, null);
SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", 443, socketFactory));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(ccm);
HttpGet httpGet = new HttpGet("https://test.com:8181/");
HttpResponse httpResponse = httpClient.execute(httpGet);
httpResponse.getEntity().writeTo(System.out);