- 浏览: 327069 次
- 性别:
- 来自: 火星
文章分类
最新评论
-
zhanggang807:
这个ibatis 还真是不好用啊。楼主解决了我看文档也没解决的 ...
IBATIS Iterate用法 初探 -
lijunwyf41:
不错 SqlMapClientTemplate sqlMa ...
IBATIS batch用法探究 -
huyuancai1010:
.
struts2 常量配置详解 -
jd2bs:
2楼肯定是people.xsd格式错了
spring schema 扩展 -
xiaokang1582830:
遇到同样的问题,请教如何解决的java.io.NotSeria ...
ibatis 延迟加载 探究
直接上实例:
我有一个私钥证书,访问我们公司内网:
a.pfx (PKCS12标准的证书)
需要用JAVA程序访问公司内网,内网采用SSL安全机制,并要求客户端出示身份证明,即a.pfx中的私钥。
需要做的事情:
1,把a.pfx导成根证书,放到trustkeyStore中去。以便在SSL握手中 客户端(我)信任 服务端(内网)用。
要做到a.pfx导出成 .cer后缀的证书文件很简单:
首先把a.pfx导入到IE。然后用IE的Internet选项--》内容--》证书--》导出成不带私钥的cer格式就搞定了
我按照以上步骤导出成a.pfx.cer 格式的证书
然后进行如下步骤:
# 用以下命令把cer格式的证书放到 server.keystore中去 keytool -import -v -trustcacerts -alias yajun.wuyj -file a.pfx.cer -storepass changeit -keystore server.keystore |
2,把私钥放到 keyStore中去,以便在SSL我手中,服务器要我出示我的身份证明时使用。
public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory { private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class); private String keystoreUrl = null; private String keystorePassword = null; private String truststoreUrl = null; private String truststorePassword = null; private SSLContext sslcontext = null; public AuthSSLProtocolSocketFactory(final String keyStoreFile, String keystorePassword, String truststoreFile, final String truststorePassword){ super(); this.keystoreUrl = keyStoreFile; this.keystorePassword = keystorePassword; this.truststoreUrl = truststoreFile; this.truststorePassword = truststorePassword; } private static KeyStore createKeyStore(final String file, final String password) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { if (file == null) { throw new IllegalArgumentException("Keystore url may not be null"); } LOG.debug("Initializing key store"); KeyStore keystore = null; InputStream is = null; try { // 尝试 使用PKCS12的格式读取私钥证书 keystore = KeyStore.getInstance("PKCS12"); is = new FileInputStream(new File(file)); keystore.load(is, password != null ? password.toCharArray() : null); } catch (Exception ce) { // 再次 尝试使用JKS的格式读取私钥证书 keystore = KeyStore.getInstance("jks"); is = new FileInputStream(new File(file)); keystore.load(is, password != null ? password.toCharArray() : null); } finally { IOUtils.closeQuietly(is); } return keystore; } private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); } LOG.debug("Initializing key manager"); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, password != null ? password.toCharArray() : null); return kmfactory.getKeyManagers(); } private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); } LOG.debug("Initializing trust manager"); TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(keystore); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { trustmanagers[i] = new AuthSSLX509TrustManager((X509TrustManager) trustmanagers[i]); } } return trustmanagers; } private SSLContext createSSLContext() { try { KeyManager[] keymanagers = null; TrustManager[] trustmanagers = null; if (this.keystoreUrl != null) { // 证明自己身份的keyStore KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword); if (LOG.isDebugEnabled()) { Enumeration<String> aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); Certificate[] certs = keystore.getCertificateChain(alias); if (certs != null) { LOG.debug("Certificate chain '" + alias + "':"); for (int c = 0; c < certs.length; c++) { if (certs[c] instanceof X509Certificate) { X509Certificate cert = (X509Certificate) certs[c]; LOG.debug(" Certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } } } keymanagers = createKeyManagers(keystore, this.keystorePassword); } if (this.truststoreUrl != null) { // 信任其他的store KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword); if (LOG.isDebugEnabled()) { Enumeration<String> aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String) aliases.nextElement(); LOG.debug("Trusted certificate '" + alias + "':"); Certificate trustedcert = keystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate) trustedcert; LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore()); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } trustmanagers = createTrustManagers(keystore); } SSLContext sslcontext = SSLContext.getInstance("SSL"); sslcontext.init(keymanagers, trustmanagers, null); return sslcontext; } catch (NoSuchAlgorithmException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage()); } catch (KeyStoreException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage()); } catch (GeneralSecurityException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Key management exception: " + e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: " + e.getMessage()); } } private SSLContext getSSLContext() { if (this.sslcontext == null) { this.sslcontext = createSSLContext(); } return this.sslcontext; } public Socket createSocket(final String host, final int port, final InetAddress localAddress, final int localPort, final HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { if (params == null) { throw new IllegalArgumentException("Parameters may not be null"); } int timeout = params.getConnectionTimeout(); SocketFactory socketfactory = getSSLContext().getSocketFactory(); if (timeout == 0) { return socketfactory.createSocket(host, port, localAddress, localPort); } else { Socket socket = socketfactory.createSocket(); SocketAddress localaddr = new InetSocketAddress(localAddress, localPort); SocketAddress remoteaddr = new InetSocketAddress(host, port); socket.bind(localaddr); socket.connect(remoteaddr, timeout); return socket; } } /** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) */ public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort); } /** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(host, port); } /** * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) */ public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose); }
3,SSL握手通过了,咱们就开始访问页面吧。
/** * 访问内网的程序 * * @author Administrator 2010-1-19 下午10:27:40 */ public class pfxSSLExample { private static final String KEYSTORE_FILE = "src/main/resources/a.pfx"; private static final String TRUST_KEY_FILE = "src/main/resources/server.keystore"; private static final String TRUST_PASSWORD = "changeit"; private static final String KEYSTORE_PASSWORD = "1983413"; public static void main(String[] args) throws Exception { AuthSSLProtocolSocketFactory factory = new AuthSSLProtocolSocketFactory(KEYSTORE_FILE, KEYSTORE_PASSWORD, TRUST_KEY_FILE, TRUST_PASSWORD); Protocol.registerProtocol("https", new Protocol("https", factory, 443)); HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod("https://www.cn.xxxx-inc.com/"); try { httpclient.executeMethod(httpget); System.out.println(httpget.getResponseBodyAsString()); } catch (HttpException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { httpget.releaseConnection(); } } }
发表评论
-
JAVA 机密机制初探(JCA)—— 核心类
2010-01-10 20:52 1474===================== MessageDi ... -
JAVA 机密机制初探(JCA)—— 概览
2010-01-10 14:23 3522java中安全服务都是从java.se ... -
RSA 算法原理
2009-11-11 21:20 2808<一>基础RSA算法非常简单,概述如下:找两素数p ... -
JAVA 机密机制初探(JCA)—— 安全证书
2009-11-10 21:13 2413数字证书好比人的身份 ... -
JAVA 机密机制探究(JCA)——密钥加密对称算法
2009-11-04 20:50 2587/** * 私钥加密的对称算法 * ... -
DSA算法原理
2009-10-19 22:43 2317Digital Signature Algorithm (DS ...
相关推荐
websphere 内存溢出 javacore分析工具jca456 分析javacore的好工具 分析javacore的好工具
javacore分析工具,很好的一款图形界面分析工具
websphere javacore 分析工具 jca412
websphere 内存溢出 javacore分析工具jca401 分析javacore的好工具 分析javacore的好工具
帮忙分析javacore和dump文件,查看内存泄漏,线程阻塞,个人觉得很实用,希望可以帮忙到需要的人
IBM Thread and Monitor Dump Analyzer for Java(简称 jca)。它可以识别Java线程中的挂起,死锁,资源竞争,和瓶颈。 使用方法: java -Xmx1000m -jar jca456.jar
IBM Thread and Monitor Dump Analyzer for Java(简称 jca)。它可以识别Java线程中的挂起,死锁,资源竞争,和瓶颈。 使用方法: java -Xmx1000m -jar jca456.jar
不懂jca的朋友可以来这看看,一个jca的演示程序,程序逻辑清晰
jca工具分析死锁及内存情况
ibm websphere 服务器内存溢出或其他故障,生成javacore,分析工具
JCA练习 JCA练习 JCA练习 JCA练习 JCA练习
java线程堆栈分析工具jca466.jar;堆内存分析工具Memory Analyzer;分析内存泄露产生的javacore文件,以便于定位blocked线程
jca java dump分析工具,检测java 内存溢出,检测java 堆栈资源分析
javacore分析工具 jca37.zip IBM javacore分析工具 jca37.zip heapdump分析工具HeapAnalyzer heapdump分析工具------HeapAnalyzer: 2014年1月最新发布 用法: 在命令行执行 java -Xmx500m -jar ha453.jar
JCA技术,在Windchill开发中比较常用,在客制任务表单模板中,使用评率高
IBM Thread and Monitor Dump Analyzer for Java 2014年1月最新发布 可以分析weblogic或was当机生成的javacore和dump文件 使用方法在命令行输入 java -Xmx500m -jar jca452.jar
该资源包含了两部分内容,jca和ha。jca是java线程堆栈分析工具,此压缩包包含的版本是jca396.jar,ha是java内存使用情况分析工具,此压缩包包含的版本是ha405.jar
最新IBM javacore分析工具。它提供了广泛的详细 GC 数据值的图形显示,并处理 optthruput、optavgpause 和 gencon GC 模式。它具有原始日志、表格式数据和图表视图,并且可以将数据保存到 jpeg 或 .csv 文件(用于...
利用Jca工具分析JavaCore文件/Thread dump文件。Jca工具分析JavaCore文件/Thread dump文件。很实用。
启动工具:java -jar jca * .jar 在基于POSIX的系统(例如Linux)上请求线程转储的最简单方法是发送kill -3信号,该信号无损地暂停JVM,创建线程转储,然后JVM继续(暂停通常为几百毫秒最多)。例如(用Java进程的...