HttpClient a SSL autentifikácia klientskym certifikátom

Posted on by

Ukážka konfigurácie Apache HttpClienta 4.1.x pre nasledovnú situáciu:

  • klient sa autentifikuje oproti SSL serveru klientskym certifikátom
  • klientsky certifikát je uložený v PKCS#12 súbore (spolu s privátnym kľúčom) s príslušným heslom
  • neoverujeme identitu servera a serverovský certifikát ignorujeme

Kód

KeyStore keystore = KeyStore.getInstance("PKCS12");
keystore.load(new FileInputStream("etc/test.p12"), "nbusr123".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keystore, "nbusr123".toCharArray());


SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
  public void checkClientTrusted(X509Certificate[] xcs, String string)
      throws CertificateException {
  }

  public void checkServerTrusted(X509Certificate[] xcs, String string)
      throws CertificateException {
  }

  public X509Certificate[] getAcceptedIssuers() {
    return null;
  }
};

ctx.init(keyManagerFactory.getKeyManagers(), new TrustManager[]{tm}, null);

SSLSocketFactory socketFactory = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https", 443, socketFactory));

ClientConnectionManager ccm = new ThreadSafeClientConnManager(schemeRegistry);

HttpClient httpClient = new DefaultHttpClient(ccm);

HttpGet httpGet = new HttpGet("https://test.com:8181/");
HttpResponse httpResponse = httpClient.execute(httpGet);
httpResponse.getEntity().writeTo(System.out);

Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *