Axis2 implements two-way HTTPS Authentication

1. Override the transport sender class and redefine the axis2 configuration file.

Reference http://www.cnblogs.com/SoYoung/archive/2012/04/08/Custom_SSL_in_Axis2.html

 

The main purpose isImplement an sslcontext (Note: We mainly implement our own sslprotocolsocketfactory. In the getsslcontext method, use the following method to construct an sslcontent and return it. The following code is written in createsocket and can be separated)

Sslcontext CTX = sslcontext. getinstance ("SSL ");
Keymanagerfactory kmf = keymanagerfactory. getinstance ("sunx509 ");
Trustmanagerfactory TMF = trustmanagerfactory. getinstance ("sunx509 ");
Keystore Ks = keystore. getinstance ("jks ");
Keystore TKs = keystore. getinstance ("jks ");
KS. Load (New fileinputstream ("Data/kclient. keystore"), client_key_store_password.tochararray ());
TKs. Load (New fileinputstream ("Data/tclient. keystore"), client_trust_key_store_password.tochararray ());
Kmf. INIT (KS, client_key_store_password.tochararray ());
TMF. INIT (TKs );
CTX. INIT (kmf. getkeymanagers (), TMF. gettrustmanagers (), null );
Return (sslsocket) CTX. getsocketfactory (). createsocket (default_host, default_port );

With sslcontext

You can use httpclient as follows:
Protocol myhttps = new protocol ("HTTPS", new mysecureprotocolsocketfactory (), 443 );
Protocol. registerprotocol ("HTTPS", myhttps );
Httpclient = new httpclient ();

 

Custom transport sender class (key steps)

<Transportsender name = "HTTPS" class = "com. **. **. Common. myhttptransport">

<Parametername = "protocol"> HTTP/1.0 </parameter>

<Parametername = "transfer-encoding"> chunked </parameter>

</Transportsender>

 

Create a Java class myhttptransport to directly inherit the transportsender and copy the method.

In the writemessagewithcommons method, the abstracthttpsender and httpsender are used. The same method inherits and copies the methods to create the myabstracthttpsender and myhttpsender classes.

After configuring a custom processing class, what is left?Input customized sslcontextAnd howUse it in httpsender

 

In the gethostconfiguration method of httpsender, you will see this passage: (developers of axis2 are humorous)

// I assume the 90% case, or even 99% case will be no protocolhandler case.

If (protocolhandler = NULL ){

Config. sethost (TargetUrl. gethost (), port, TargetUrl. getprotocol ());

} Else {

Config. sethost (TargetUrl. gethost (), port, protocolhandler );

}

 

In this way, the custom protocol (including the configured sslcontext) can be passed in,Pass in through configcontext (NOTE: When the following code is written to build stub, you can set the keystore file path here too)

String Path = fileutil. getwebinfpath ();

Configurationcontext configcontext = configurationcontextfactory

. Createconfigurationcontextfromfilesystem (path, path + "CONF/axis2.xml ");

Authsslprotocolsocketfactory sslprotocalfactory = newauthsslprotocolsocketfactory (vdiconfig. getcertstream (), vdiconfig. getpk ());

Protocolsocketfactory socketfactory = (protocolsocketfactory) sslprotocalfactory;

Protocol authhttps = new protocol ("HTTPS", socketfactory, 443 );

Configcontext. setproperty ("httpsprotocol", authhttps );

Vdistub = new vdsservicestub (configcontext, itaurl );

 

Then add the setting code to the gethostconfiguration method in httpsender.

Protocol authhttps = (Protocol) msgctx. getconfigurationcontext (). getproperty ("httpsprotocol ");

Protocolhandler = authhttps;

 

 

2. directly use the Rampart configuration method

Reference: http://blog.csdn.net/lifetragedy/article/details/7844589

The following is used in the actual project (of course, sensitive words are hidden)

<! -- Enable the Rampart module for this service -->

<Module ref = "rampart"/>

 

<Parametername = "outflowsecurity">

<Action>

<Items> timestampsignature </items>

<Timetolive> 60000 </timetolive>

<! -- The user must be the same as the alias on the certificate -->

<User> gsdfsdf </user>

<Signaturepropfile> CONF/client. properties </signaturepropfile>

<Passwordcallbackclass> ***. pwcbhandler </passwordcallbackclass>

<Signaturekeyidentifier> x509keyidentifier </signaturekeyidentifier>

</Action>

</Parameter>

 

Org. Apache. ws. Security. crypto. provider = org. Apache. ws. Security. components. crypto. Merlin

Org. Apache. ws. Security. crypto. Merlin. keystore. type = PKCS12

Org. Apache. ws. Security. crypto. Merlin. keystore. Password =888888

Org. Apache. ws. Security. crypto. Merlin. File =Conf/Client. p12

 

In the code, you only need to specify the axis2.xml configuration file. Nothing else needs to be changed:

String Path = fileutil.Getwebinfpath();

Configurationcontextconfigcontext = configurationcontextfactory

.Createconfigurationcontextfromfilesystem(Path, path +
"CONF/axis2.xml ");

Configcontext. setproperty (httpconstants.Reuse_http_client,
Boolean.True);

 

3. Rewrite the org. Apache. ws. Security. crypto. provider method.

This method is a 2nd variant version. It can be used in some special cases, such as saving the prikey and certificate to the database.

PublicclassCustomizablecrypto
ImplementsCrypto

{

/**

*
Construct factory variables for X509 certificates

*/

PrivateCertificatefactory
Certfact;

 

/**

*
Obtain the factory variable used to construct an X509 Certificate (Singleton Mode)

*

*@ ReturnCertificate factory variable

*/

PublicsynchronizedCertificatefactory getcertificatefactory ()

{

If(Certfact =
Null)

{

Try

{

Certfact = certificatefactory.Getinstance("X.509 ");

}

Catch(Certificateexception E)

{

If(Logger. Iserrorenable ())

{

Logger. Error ("fail to get certificatefactory ");

}

}

ReturnCertfact;

}

 

ReturnCertfact;

}

 

PublicPrivatekeygetprivatekey (string keyname, string passwrod)

{

Pemreader pemin;

Bytearrayinputstreampembytein =
NewBytearrayinputstream (getprivatekey (keyname ));

Pemin =
NewPemreader (NewInputstreamreader (pembytein ));

Return (keypair) pemin. readobject (). getprivate ();

 

}

 

PublicX509certificate [] getcertificates (string keyname)

{

X509certificate [] certlist =
NewX509certificate [1];

//
SlavePsqlTo convert the certificate to the X509 format.

Certificatefactory cf =
Null;

X509certificate Cert =
Null;

Cf = getcertificatefactory ();

Bytearrayinputstream BAIS =NewBytearrayinputstream (Getcertificate(Keyname ));

CERT = (x509certificate) Cf. generatecertificate (BAIS );

Certlist [0] = Cert;

ReturnCertlist;

}

Other methods are empty.....

}