JAX-WS 独立服务器通过证书相互认证
JAX-WS standalone server mutual authentication through certificates
我有一个使用 TLS 的简单 JAX-WS 独立服务器:
SSLContext ssl = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
store.load(new FileInputStream(keystoreFile), keyPass.toCharArray());
kmf.init(store, keyPass.toCharArray());
KeyManager[] keyManagers = new KeyManager[1];
keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(store);
TrustManager[] trustManagers = tmf.getTrustManagers();
ssl.init(keyManagers, trustManagers, new SecureRandom());
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 8443), 8443);
httpsServer.setHttpsConfigurator(configurator);
HttpContext context = httpsServer.createContext("/test");
httpsServer.start();
endpoint.publish(context);
我想在使用网络服务之前使用客户端证书创建相互验证。另外我想看看客户端用什么证书来读取DN和其他证书属性。
我该怎么做?
终于成功了。
可以通过 SSLParameters 中的 setNeedClientAuth 配置相互身份验证,如下所示:
HttpsConfigurator configurator=new HttpsConfigurator(ssl) {
public void configure (HttpsParameters params)
{
SSLContext context;
SSLParameters sslparams;
context=getSSLContext();
sslparams=context.getDefaultSSLParameters();
sslparams.setNeedClientAuth(true);
params.setSSLParameters(sslparams);
}
};
并且客户端证书可以根据需要从SSLSession中查看和解析。此 class 可以作为 Web 服务中的资源加载 class:
@Resource
private WebServiceContext context;
HttpsExchange exchange = (HttpsExchange) context.getMessageContext().get(JAXWSProperties.HTTP_EXCHANGE);
SSLSession sslsession = exchange.getSSLSession();
sslsession.getPeerCertificates();
我有一个使用 TLS 的简单 JAX-WS 独立服务器:
SSLContext ssl = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
store.load(new FileInputStream(keystoreFile), keyPass.toCharArray());
kmf.init(store, keyPass.toCharArray());
KeyManager[] keyManagers = new KeyManager[1];
keyManagers = kmf.getKeyManagers();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(store);
TrustManager[] trustManagers = tmf.getTrustManagers();
ssl.init(keyManagers, trustManagers, new SecureRandom());
HttpsConfigurator configurator = new HttpsConfigurator(ssl);
HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 8443), 8443);
httpsServer.setHttpsConfigurator(configurator);
HttpContext context = httpsServer.createContext("/test");
httpsServer.start();
endpoint.publish(context);
我想在使用网络服务之前使用客户端证书创建相互验证。另外我想看看客户端用什么证书来读取DN和其他证书属性。
我该怎么做?
终于成功了。
可以通过 SSLParameters 中的 setNeedClientAuth 配置相互身份验证,如下所示:
HttpsConfigurator configurator=new HttpsConfigurator(ssl) {
public void configure (HttpsParameters params)
{
SSLContext context;
SSLParameters sslparams;
context=getSSLContext();
sslparams=context.getDefaultSSLParameters();
sslparams.setNeedClientAuth(true);
params.setSSLParameters(sslparams);
}
};
并且客户端证书可以根据需要从SSLSession中查看和解析。此 class 可以作为 Web 服务中的资源加载 class:
@Resource
private WebServiceContext context;
HttpsExchange exchange = (HttpsExchange) context.getMessageContext().get(JAXWSProperties.HTTP_EXCHANGE);
SSLSession sslsession = exchange.getSSLSession();
sslsession.getPeerCertificates();