如何在 Jersey 2.x 和 Apache 连接管理器中使用 SSL

How to use SSL with Jersey 2.x and Apache Connection manager

我想对我的 Jersey 2.x rest 客户端使用连接池。我有以下代码:

ClientConfig clientConfig = new ClientConfig();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager();
connectionManager.setMaxTotal(100);
connectionManager.setDefaultMaxPerRoute(20);
clientConfig.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);

clientConfig.connectorProvider(new ApacheConnectorProvider());  

Client client = ClientBuilder.newBuilder()
    .withConfig(clientConfig)
    .sslContext(SslConfigurator.getDefaultContext())
    .build();

但这不适用于需要客户端证书的站点。如果我不使用 PoolingHttpClientConnectionManager(即像这样注释掉它:)

//clientConfig.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);

然后发送客户端证书。

如何设置 PoolingHttpClientConnectionManager 以使用 javax.net.ssl... 属性?

使用系统属性配置的 SSL 套接字工厂

Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.getSocketFactory())
        .register("https", SSLConnectionSocketFactory.getSystemSocketFactory())
        .build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

如果您使用默认的 SSL 上下文,则上面的示例有效。 如果您有自定义 SSL 上下文,例如:

    SslConfigurator sslConfig = SslConfigurator.newInstance()
    .trustStoreFile(...).trustStorePassword(...)
    .keyStoreFile(...).keyStorePassword(...).keyPassword(...);
SSLContext sslContext = sslConfig.createSSLContext();

然后将其交给 PoolingHttpClientConnectionManager :

    Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
    .register("http", PlainConnectionSocketFactory.getSocketFactory())
    .register("https", new SSLConnectionSocketFactory(sslContext))
    .build();
    PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

不再需要调用 ClientBuilder.sslContext()。