Recently to do the client and server-side two-way authentication, in the client to the server to send a request with a certificate here is a bit of a problem, the online example is mostly not very good, so I looked for GitHub on the HttpClient source code example to change a bit, finally figured out
On GitHub I refer to the example in: https://github.com/apache/httpclient/blob/4.5.x/httpclient/src/examples/org/apache/http/ Examples/client/clientcustomssl.java
Next, I'll put my own code (need to import httpclient and other related jar packages), and then explain
Importorg.apache.commons.io.IOUtils;Importorg.apache.http.HttpEntity;ImportOrg.apache.http.client.methods.CloseableHttpResponse;ImportOrg.apache.http.client.methods.HttpGet;Importorg.apache.http.conn.ssl.SSLConnectionSocketFactory;ImportOrg.apache.http.conn.ssl.TrustStrategy;Importorg.apache.http.impl.client.CloseableHttpClient;Importorg.apache.http.impl.client.HttpClients;Importorg.apache.http.ssl.SSLContexts;Importorg.apache.http.util.EntityUtils;ImportJavax.net.ssl.SSLContext;ImportJava.io.File;ImportJava.io.FileInputStream;ImportJava.security.KeyStore;Importjava.security.cert.CertificateException;Importjava.security.cert.X509Certificate;/** Created with Intellij idea * USER: kj a flat * DATE:2016/5/8 * time:1:10 * To change this template use File | Settings | File Template*/ Public classSsldemo { Public Static voidMain (string[] args)throwsException {KeyStore KeyStore= Keystore.getinstance ("PKCS12"); Keystore.load (NewFileInputStream (NewFile ("c:\\users\\administrator\\desktop\\client.pfx")), "123456". ToCharArray ()); Sslcontext Sslcontext=Sslcontexts.custom ()//Ignore validation of server-side certificates. Loadtrustmaterial (NewTruststrategy () {@Override Public BooleanIsTrusted (x509certificate[] chain, String authtype)throwscertificateexception {returnChain.length = = 1; }}). loadkeymaterial (KeyStore,"123456". ToCharArray ()). build (); Sslconnectionsocketfactory sslconnectionsocketfactory=Newsslconnectionsocketfactory (Sslcontext,Newstring[]{"TLSv1"}, NULL, Sslconnectionsocketfactory.getdefaulthostnameverifier ()); Closeablehttpclient httpclient=Httpclients.custom (). Setsslsocketfactory (Sslconnectionsocketfactory). build (); Try{httpget HttpGet=NewHttpGet ("https://192.168.62.130/status.jsp"); System.out.println ("Executing request" +httpget.getrequestline ()); Closeablehttpresponse Response=Httpclient.execute (HttpGet); Try{httpentity entity=response.getentity (); System.out.println (Response.getstatusline ()); System.out.println (Ioutils.tostring (Entity.getcontent ())); Entityutils.consume (entity); } finally{response.close (); } } finally{httpclient.close (); } }}
The Sslcontexts.custom () method returns a Sslcontextbuilder instance to build Sslcontext, and the following is a list of methods for Sslcontextbuilder:
which
The Loadkeymaterial () overload method is used to load the client certificate
method to implement a trust policy, do not verify the server-side certificate),
When the httpclient is generated, the corresponding sslsocketfactory is specified, and then the GET request and the POST request sent using this httpclient are automatically appended with the certificate information
If we only need to ignore the validation of the server-side certificate, and do not need to send client certificate information, when building sslcontext, only need loadtrustmaterial () do not need loadkeymaterial ()
How clients trust only one server-side certificate information is written in a later article
How to use HttpClient to send a request with a client certificate, and how to ignore the checksum of the server-side certificate