SSL证书生成,及在SpringBoot中应用,兼容http和https
文章目录
SSL证书生成,及在SpringBoot中应用,兼容http和https
证书生成
1、生成密钥库(自签名的证书和私钥)
keytool -genkey -alias mykey -keyalg RSA -keystore keystore.jks
CN=127.0.0.1, OU=PP, O=IT, L=GZ, ST=GD, C=CN
2、查看密钥库
keytool -list -v -keystore keystore.jks
3、导出密钥库公钥、信息等到证书中
keytool -export -alias mykey -keystore keystore.jks -storepass 123456 -file scert.cer
4、建立信任密钥库(将服务端证书,导入到客户端的信任密钥库中)
keytool -import -alias mykey -file scert.cer -keystore truststore.jks
5、查看信任密钥库
keytool -list -v -keystore truststore.jks
6、生成客户端的密钥库和证书,客户端证书导入到服务器端
keytool -genkey -alias smsClient -keyalg RSA -keystore ckeystore.jks
keytool -export -alias smsClient -keystore ckeystore.jks -storepass 123456 -file ccert.cer
keytool -import -alias smsClient -file ccert.cer -keystore struststore
SpringBoot中发布https服务
1、tomcat.https.properties
custom.tomcat.https.port=8443
custom.tomcat.https.secure=true
custom.tomcat.https.scheme=https
custom.tomcat.https.ssl=true
custom.tomcat.https.password=123456
custom.tomcat.https.alias=smsserver
custom.tomcat.https.store_name=keystore.jks
2、WebConfiguration.java
@Configuration
public class WebConfiguration extends WebMvcConfigurerAdapter {
@Autowired
private TomcatSslConnectorProperties sslConnectorProperties;
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createSslConnector(sslConnectorProperties));
return tomcat;
}
private Connector createSslConnector(TomcatSslConnectorProperties properties) {
return properties.configureConnector();
}
}
3、TomcatSslConnectorProperties.java
@ConfigurationProperties(prefix = "custom.tomcat.https", locations = "classpath:/tomcat.https.properties")
public class TomcatSslConnectorProperties {
private Integer port;
private Boolean ssl = true;
private Boolean secure = true;
private String scheme = "https";
private String key_store;
private String password;
private String alias;
//shengl省略省略了get set方法
public Connector configureConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
Http11NioProtocol protocol = (Http11NioProtocol) connector.getProtocolHandler();
try {
File keystore = new ClassPathResource(key_store).getFile();
connector.setScheme(scheme);
connector.setSecure(secure);
connector.setPort(port);
protocol.setSSLEnabled(ssl);
protocol.setKeystoreFile(keystore.getAbsolutePath());
protocol.setKeystorePass(password);
protocol.setKeyAlias(alias);
return connector;
}
catch (Exception ex) {
throw new IllegalStateException("can't access keystore: [" + "keystore"
+ "] or truststore: [" + "keystore" + "]", ex);
}
}
4、
@SpringBootApplication
@EnableConfigurationProperties({TomcatSslConnectorProperties.class})
public class TianRunMockServer {
public static void main(String[] args) {
SpringApplication.run(TianRunMockServer.class, args);
}
}
SpringBoot中请求https服务
1、main调用
public static void main(String[] args) throws Exception {
String[] keyInfo = "spring2.jks=123456".split("=");
String aa = HttpRequestUtil.sslHttpsPost("https://127.0.0.1:8443/sms/submit", keyInfo,new UrlEncodedFormEntity(new ArrayList<NameValuePair>(), "UTF-8"));
System.out.println(aa);
}
2、HttpRequestUtil工具封装
public static String sslHttpsPost(String url, String[] keyInfo, HttpEntity httpEntity) throws Exception {
HttpClientBuilder builder = HttpClients.custom();
builder.setSSLContext(SSLHttpClient.getSSLContext(keyInfo[0], keyInfo[1]));
CloseableHttpClient httpclient = builder.build();
HttpPost httppost = new HttpPost(url);
String result = "";
try {
httppost.setEntity(httpEntity);
CloseableHttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
result = EntityUtils.toString(entity, Consts.UTF_8.name());
} finally {
httppost.releaseConnection();
}
return result;
}
3、SSLContext工具
public static SSLContext getSSLContext(String fileName,String password) throws Exception {
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream input = ClassLoader.getSystemResourceAsStream(path);
ks.load(input, password.toCharArray());
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(ks);
SSLContext context = SSLContext.getInstance("TLSv1.2");
// 这里只指定了受信任的证书(单向认证),如果是双向认证的话,则第一个参数不能为null
context.init(null, tmf.getTrustManagers(), null);
input.close();
return context;
}