By

文章目录
  1. 1. SSL证书生成,及在SpringBoot中应用,兼容http和https
    1. 1.0.1. 证书生成
    2. 1.0.2. SpringBoot中发布https服务
    3. 1.0.3. SpringBoot中请求https服务

SSL证书生成,及在SpringBoot中应用,兼容http和https

证书生成

1、生成密钥库(自签名的证书和私钥)

keytool -genkey -alias mykey -keyalg RSA -keystore keystore.jks
CN=127.0.0.1, OU=PP, O=IT, L=GZ, ST=GD, C=CN

2、查看密钥库

keytool -list -v -keystore keystore.jks

3、导出密钥库公钥、信息等到证书中

keytool -export -alias mykey -keystore keystore.jks -storepass 123456 -file scert.cer

4、建立信任密钥库(将服务端证书,导入到客户端的信任密钥库中)

keytool -import -alias  mykey  -file scert.cer -keystore truststore.jks

5、查看信任密钥库

keytool -list -v -keystore truststore.jks

6、生成客户端的密钥库和证书,客户端证书导入到服务器端

keytool -genkey -alias smsClient -keyalg RSA -keystore ckeystore.jks
keytool -export -alias smsClient -keystore ckeystore.jks -storepass 123456 -file ccert.cer
keytool -import -alias  smsClient  -file ccert.cer -keystore struststore

SpringBoot中发布https服务

1、tomcat.https.properties

custom.tomcat.https.port=8443
custom.tomcat.https.secure=true
custom.tomcat.https.scheme=https
custom.tomcat.https.ssl=true
custom.tomcat.https.password=123456
custom.tomcat.https.alias=smsserver
custom.tomcat.https.store_name=keystore.jks

2、WebConfiguration.java

@Configuration
public class WebConfiguration extends WebMvcConfigurerAdapter {

    @Autowired
    private TomcatSslConnectorProperties sslConnectorProperties;

    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
        tomcat.addAdditionalTomcatConnectors(createSslConnector(sslConnectorProperties));
        return tomcat;
    }

    private Connector createSslConnector(TomcatSslConnectorProperties properties) {

        return properties.configureConnector();
    }
}

3、TomcatSslConnectorProperties.java

   @ConfigurationProperties(prefix = "custom.tomcat.https", locations = "classpath:/tomcat.https.properties")
public class TomcatSslConnectorProperties {
    private Integer port;
    private Boolean ssl = true;
    private Boolean secure = true;
    private String scheme = "https";
    private String key_store;
    private String password;
    private String alias;

    //shengl省略省略了get set方法

public Connector configureConnector() {
    Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
    Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
    try {

        File keystore = new ClassPathResource(key_store).getFile();
        connector.setScheme(scheme);
        connector.setSecure(secure);
        connector.setPort(port);
        protocol.setSSLEnabled(ssl);
        protocol.setKeystoreFile(keystore.getAbsolutePath());
        protocol.setKeystorePass(password);
        protocol.setKeyAlias(alias);
        return connector;
    }
    catch (Exception ex) {
        throw new IllegalStateException("can't access keystore: [" + "keystore"
                + "] or truststore: [" + "keystore" + "]", ex);
    }
}

4、 

@SpringBootApplication
@EnableConfigurationProperties({TomcatSslConnectorProperties.class})
public class TianRunMockServer {
    public static void main(String[] args) {
        SpringApplication.run(TianRunMockServer.class, args);
    }
}

SpringBoot中请求https服务

1、main调用

public static void main(String[] args) throws Exception {
        String[] keyInfo = "spring2.jks=123456".split("=");
        String aa = HttpRequestUtil.sslHttpsPost("https://127.0.0.1:8443/sms/submit", keyInfo,new UrlEncodedFormEntity(new ArrayList<NameValuePair>(), "UTF-8"));
        System.out.println(aa);
    }

2、HttpRequestUtil工具封装

public static String sslHttpsPost(String url, String[] keyInfo, HttpEntity httpEntity) throws Exception {
    HttpClientBuilder builder = HttpClients.custom();
    builder.setSSLContext(SSLHttpClient.getSSLContext(keyInfo[0], keyInfo[1]));
    CloseableHttpClient httpclient = builder.build();
    HttpPost httppost = new HttpPost(url);
    String result = "";
    try {
        httppost.setEntity(httpEntity);
        CloseableHttpResponse response = httpclient.execute(httppost);
        HttpEntity entity = response.getEntity();
        result = EntityUtils.toString(entity, Consts.UTF_8.name());
    } finally {
        httppost.releaseConnection();
    }
    return result;
}

3、SSLContext工具

public static SSLContext getSSLContext(String fileName,String password) throws Exception {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    InputStream input = ClassLoader.getSystemResourceAsStream(path);
    ks.load(input, password.toCharArray());

    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
    tmf.init(ks);

    SSLContext context = SSLContext.getInstance("TLSv1.2");
    // 这里只指定了受信任的证书(单向认证),如果是双向认证的话,则第一个参数不能为null
    context.init(null, tmf.getTrustManagers(), null);
    input.close();
    return context;
}
文章目录
  1. 1. SSL证书生成,及在SpringBoot中应用,兼容http和https
    1. 1.0.1. 证书生成
    2. 1.0.2. SpringBoot中发布https服务
    3. 1.0.3. SpringBoot中请求https服务