搭建环境

服务端:dropwizard-jetty

准备文件:服务端秘钥d_server.jks,客户端公钥证书d_client_for_server.jks

客户端:retrofit / okhttp

准备文件:需要服务端证书d_server.cer,客户端私钥d_client.jks

生成证书

服务端,准备d_server.jks,d_client_for_server.jks

//生成服务端d_server.jks文件

1.keytool -genkey -alias d_server -keyalg RSA -keystore d_server.jks -validity 720 -storepass 123456

//生成公钥证书文件d_server.cer
2.keytool -export -alias d_server -file d_server.cer -keystore d_server.jks -storepass 123456

客户端:

1.keytool -genkey -alias d_client -keyalg RSA -keystore d_client.jks -validity 720 -storepass 654321
2.keytool -export -alias d_client -file d_client.cer -keystore d_client.jks -storepass 654321

//生成服务端d_client_for_server.jks文件
3.keytool -import -alias d_client -file d_client.cer -keystore d_client_for_server.jks

Okhttp代码

InputStream insCer = new Buffer().writeUtf8(httpClientConf.getCer()).inputStream();
InputStream[] insCerArry = new InputStream[]{insCer};
InputStream insJksDir = new FileInputStream(httpClientConf.getJksDir());
SSLParams sslParams = HttpsUtils.getSslSocketFactory(insCerArry,insJksDir,httpClientConf.getJkspwd());
OkHttpClient.Builder builder = new OkHttpClient.Builder().sslSocketFactory(sslParams.sSLSocketFactory, sslParams.trustManager)

HttpUtils代码

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;public class HttpsUtils {public static class SSLParams {public SSLSocketFactory sSLSocketFactory;public X509TrustManager trustManager;}public static SSLParams getSslSocketFactory(InputStream[] certificates, InputStream jksFile, String password) {SSLParams sslParams = new SSLParams();try {TrustManager[] trustManagers = prepareTrustManager(certificates);KeyManager[] keyManagers = prepareKeyManager(jksFile, password);SSLContext sslContext = SSLContext.getInstance("TLS");X509TrustManager trustManager = null;if (trustManagers != null) {trustManager = new MyTrustManager(chooseTrustManager(trustManagers));} else {trustManager = new UnSafeTrustManager();}sslContext.init(keyManagers, new TrustManager[] { trustManager }, null);sslParams.sSLSocketFactory = sslContext.getSocketFactory();sslParams.trustManager = trustManager;return sslParams;} catch (NoSuchAlgorithmException e) {throw new AssertionError(e);} catch (KeyManagementException e) {throw new AssertionError(e);} catch (KeyStoreException e) {throw new AssertionError(e);}}private class UnSafeHostnameVerifier implements HostnameVerifier {@Overridepublic boolean verify(String hostname, SSLSession session) {return true;}}private static class UnSafeTrustManager implements X509TrustManager {@Overridepublic void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}@Overridepublic void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}@Overridepublic X509Certificate[] getAcceptedIssuers() {return new X509Certificate[] {};}}private static TrustManager[] prepareTrustManager(InputStream... certificates) {if (certificates == null || certificates.length <= 0)return null;try {CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());keyStore.load(null);int index = 0;for (InputStream certificate : certificates) {String certificateAlias = Integer.toString(index++);keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));try {if (certificate != null)certificate.close();} catch (IOException e){}}TrustManagerFactory trustManagerFactory = null;trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(keyStore);TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();return trustManagers;} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (KeyStoreException e) {e.printStackTrace();} catch (Exception e) {e.printStackTrace();}return null;}private static KeyManager[] prepareKeyManager(InputStream jksFile, String password) {try {if (jksFile == null || password == null)return null;KeyStore clientKeyStore = KeyStore.getInstance("JKS");clientKeyStore.load(jksFile, password.toCharArray());KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyManagerFactory.init(clientKeyStore, password.toCharArray());return keyManagerFactory.getKeyManagers();} catch (KeyStoreException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (UnrecoverableKeyException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} catch (Exception e) {e.printStackTrace();}return null;}private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers) {for (TrustManager trustManager : trustManagers) {if (trustManager instanceof X509TrustManager) {return (X509TrustManager) trustManager;}}return null;}private static class MyTrustManager implements X509TrustManager {private X509TrustManager defaultTrustManager;private X509TrustManager localTrustManager;public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException {TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());var4.init((KeyStore) null);defaultTrustManager = chooseTrustManager(var4.getTrustManagers());this.localTrustManager = localTrustManager;}@Overridepublic void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}@Overridepublic void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {try {defaultTrustManager.checkServerTrusted(chain, authType);} catch (CertificateException ce) {localTrustManager.checkServerTrusted(chain, authType);}}@Overridepublic X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}}
}

d_server.cer转换为字符串

>keytool -printcert -rfc -file d_server.cer
-----BEGIN CERTIFICATE-----\r\n
MIIDQzCCAiugAwIBAgIEBQTLUDANBgkqhkiG9w0BAQsFADBSMQswCQYDVQQGEwJjbjELMAkGA1UECBMCY2QxCzAJBgNVBAcTAmNkMQwwCgYDVQQKEwN6dGUxDDAKBgNVBAsTA3p0ZTENMAsGA1UEAxMEZHV5bDAeFw0xOTA4MTIwNjQ4NTlaFw0yMTA4MDEwNjQ4NTlaMFIxCzAJBgNVBAYTAmNuMQswCQYDVQQIEwJjZDELMAkGA1UEBxMCY2QxDDAKBgNVBAoTA3p0ZTEMMAoGA1UECxMDenRlMQ0wCwYDVQQDEwRkdXlsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk7YjCiZKUZM2Xnz2KPq5pnkoJUyCxbQ3cGHRJI2Zsw2FqW4Ed7nenx0NNfP2TeDYTFT3Xtgw93E98p5EGUsgkFjromeQsMKw5vuxUFu5wvQ1PrPWqc6m5b4fAnhL+Es9vAaLl2KCmeRjMztec/Syg3LWys3yMbOz51UkyDb1aSstauTFkdNYqCupxSKHQRELeY/qZuiOdTGA6+UAniQymQpy04/skGLKs246RNiKJI4XVCbHaQacpLHK2lXpyA+VpXXJmCShLESgPfI/x20P8BWf0uNH941Grd1yOxIgAXptTJ1KkJuwMKBBxuJoj1cADDeBxN5/CuxkaeCiggsvuQIDAQABoyEwHzAdBgNVHQ4EFgQUGkWEqxcEV/mBDaFQKb2/5wUYWTMwDQYJKoZIhvcNAQELBQADggEBAESD0R7fZHYpGlYv9svojiv0HOCnxXqVYFvustvWNx4gnlenf8iIV58wwGlOfIkrjA84hoknnAiyPim9zZ8GWAPQVh36CRq60SntzlD4P9H1WXdrnsl2knhNHwvLpQU0w8BUIOeBp0Wqbcc5eRMkqIo1sPFCGqeR3K6tkT2WFVhGNVX32Z0UbwJXUP3EQhv+yiK5B6w2K2ulFexDLsljWsory81X385iAdGnlPd7S0z+OgRfDqkTy7WEdZRYnIQLdDHI+ZVqiv5vkxLnxWbpj5eqT+812ubiLzGY6kV6/yoYNDPFW2BwAIY7VQIkWUU3QPHII12M4Gi8KmcV6wp0KM0=
-----END CERTIFICATE-----

jetty服务端配置

server:type: defaultrootPath: '/rest/*'applicationContextPath: /maxThreads: 20minThreads: 1applicationConnectors: - type: httpsport: 8443acceptorThreads: 1selectorThreads: 1acceptQueueSize: 1024keyStorePath: D:\project-spring\https\d_server.jkskeyStorePassword: 123456keyStoreType: JKStrustStorePath: D:\project-spring\https\d_client_for_server.jkstrustStorePassword: 654321trustStoreType: JKSneedClientAuth: trueenableCRLDP: falseenableOCSP: falsevalidateCerts: falsevalidatePeers: falseexcludedProtocols: [SSL, SSLv2, SSLv2Hello, SSLv3] # (Jetty's default)excludedCipherSuites: [.*_(MD5|SHA|SHA1)$] # (Jetty's default)allowRenegotiation: true

okhttp支持https双向认证相关推荐

  1. TurboMail邮件系统支持HTTPS双向认证

    2019独角兽企业重金招聘Python工程师标准>>> HTTP单向认证已经被普遍应用,而对企业邮箱安全保密要求更加严格的企事业单位,例如国家保密局等单位,为了达到闭环的安全加密要求 ...

  2. (转载)Android 让WebView完美支持https双向认证(SSL)

    (转载)https://blog.csdn.net/kpioneer123/article/details/51491739 这是@happyzhang0502   关于webview https的建 ...

  3. android webview单向认证,android 让webview支持自签名证书https 双向认证(SSL)

    最近完成一个项目,安全级别比较高.所以涉及到https双向认证,在网上找了很多资料都没有完美的解决方案.最后参考了org.sandrob.sslexample的实现方式,结合实际情况才完成该技术难题, ...

  4. Apache httpd设置HTTPS双向认证

    一.环境 httpd: 2.4.4  openssl:1.0.1  os:ubuntu 12.04 LTS 二.场景 我准备在httpd上配置一个HTTPS双向认证,既向客户端表明自己的身份,也只允许 ...

  5. httpd设置HTTPS双向认证

    去年用tomcat.jboss配置过HTTPS双向认证,那时候主要用的是JDK自带的keytool工具.这次是用httpd + openssl,区别比较大 在网上搜索了很多文章,发现全面介绍的不多,或 ...

  6. 巧用 Nginx 快速实现 HTTPS 双向认证

    1.原理 双向认证,顾名思义,客户端和服务器端都需要验证对方的身份,在建立 HTTPS 连接的过程中,握手的流程比单向认证多了几步.单向认证的过程,客户端从服务器端下载服务器端公钥证书进行验证,然后建 ...

  7. HTTPS双向认证(Mutual TLS authentication)

    HTTPS双向认证(Mutual TLS authentication) 双向认证,顾名思义,客户端和服务器端都需要验证对方的身份,在建立Https连接的过程中,握手的流程比单向认证多了几步.单向认证 ...

  8. 证书类型、自签CA证书、https双向认证(一篇就懂系列)

    #博学谷IT学习技术支持# 文章目录 1.Linux准备环境 2.证书扩展名 3.自签CA证书 3.1 生成根证书 3.2 生成服务端证书 3.3 生成客户端证书 4.开启https,并校验客户端(双 ...

  9. https 双向认证开发实践

    https双向认证 证书如何使用 一.概念介绍 1.https协议介绍 与http协议的区别 https协议简单来说就是http协议的基础上增加了SSL协议 ,从而来保证数据传输的安全性. SSL协议 ...

最新文章

  1. python scrapy框架基如何实现多线程_【转】爬虫的一般方法、异步、并发与框架scrapy的效率比较...
  2. SQL2005的安装
  3. 下列选项中 采用边界值平滑_使用Illustrator中的混合工具创建很有个性的蛋宝宝...
  4. 4.3.5子网划分和子网掩码
  5. 上去很美的 Serverless 在中国落地的怎么样了?
  6. .xib .plist .pch
  7. 路由添加失败 参数错误_路由器故障排错三大经典案例详解
  8. c语言实验题水仙花数5359,《C语言程序设计》实验报告(实验1-12).doc
  9. Python——模拟轮盘抽奖游戏
  10. spring mvc原理_SpringBoot:认认真真梳理一遍自动装配原理
  11. PHP5.2\5.3 Xdebug 调试器配置及应用
  12. java可以用var定义吗_浅析java 10中的var关键字用法
  13. 计算机在机械设制造中的应用实例,三维设计软件和技术在机械设计中的应用
  14. cadence SPB16.6原理图库(.olb)集合的库内容列表2
  15. JAVA面经【来源网络转载】
  16. 斐讯n1安装linux安装微信,斐讯N1打造小型NAS六之armbian安装aria2
  17. 成都二手房长啥样 —— 基于链家数据
  18. 齐治堡垒机_任意用户登录漏洞
  19. win7 屏保播放视频
  20. 浅析如何把ER模型转换为关系模式

热门文章

  1. seurat的 addmodule循环画图 等同于基因的叠加图 识别细胞类型 空转与单细胞得到的marker基因联合
  2. TQIMX6ULL测试----网络设备
  3. Eigen 求解两个向量的夹角
  4. android 关于plurals 和xliff 的使用方法
  5. java实现开方运算(牛顿迭代法)
  6. Java-使用Math,实现lg、平方、开方、round、floor、ceil
  7. 2022年蓝桥杯:第十三届蓝桥杯大赛软件赛省赛(题解C/C++B组)
  8. git中不小心误删dropcommit如何恢复
  9. NesC学习经验总结 第一篇和第二篇
  10. uoj #117. 欧拉回路 圈套圈算法求欧拉回路