Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/ssl/3.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Authentication 如何配置ApacheHttpClient 4.x以使用特定的WebSphereSSL别名?_Authentication_Ssl_Websphere_Apache Httpclient 4.x - Fatal编程技术网
Fatal编程技术网
  • authentication/
  • Authentication 如何配置ApacheHttpClient 4.x以使用特定的WebSphereSSL别名?

Authentication 如何配置ApacheHttpClient 4.x以使用特定的WebSphereSSL别名?

authentication ssl websphere

Authentication 如何配置ApacheHttpClient 4.x以使用特定的WebSphereSSL别名?,authentication,ssl,websphere,apache-httpclient-4.x,Authentication,Ssl,Websphere,Apache Httpclient 4.x,当使用Websphere尝试使用HttpClient 4.x(当前版本为4.2.1)连接到外部系统时,我们的环境中存在一个问题。连接到外部系统很好,证书安装在Websphere中,无需额外配置HttpClient。但是,当他们启用相互身份验证时,它不再工作,我们会得到一个SSLPeerUnverifiedException异常: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated, at com.ibm.jsse2.S

当使用Websphere尝试使用HttpClient 4.x(当前版本为4.2.1)连接到外部系统时,我们的环境中存在一个问题。连接到外部系统很好,证书安装在Websphere中,无需额外配置HttpClient。但是,当他们启用相互身份验证时,它不再工作,我们会得到一个SSLPeerUnverifiedException异常:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated,
at com.ibm.jsse2.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:105),
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128),
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572),
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180),
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294),
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:640),
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479),
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906),
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:1066),
我收到了以下代码示例,我想知道是否有任何方法可以将HttpClient配置为像此代码示例那样使用显式别名。我曾试图找到关于在HttpClient 4上使用SSL相互身份验证的好文档,但没有找到多少

下面是代码示例:

private HttpURLConnection getConnection(String server, String machine,
String port) throws Exception {
URL u = new URL(server);
HttpsURLConnection connection = (HttpsURLConnection) u.openConnection();
String alias = "CellDefaultSSLSettings";

final HashMap connectionInfo = new HashMap();
connectionInfo.put(JSSEHelper.CONNECTION_INFO_DIRECTION,
JSSEHelper.DIRECTION_OUTBOUND);
connectionInfo.put(JSSEHelper.CONNECTION_INFO_REMOTE_HOST, machine);
connectionInfo.put(JSSEHelper.CONNECTION_INFO_REMOTE_PORT, port);

javax.net.ssl.SSLSocketFactory sslFact = JSSEHelper.getInstance()
.getSSLSocketFactory(alias, connectionInfo, null);

connection.setSSLSocketFactory(sslFact);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setRequestMethod("POST");
return connection;
}
基本上,我如何让HttpClient使用“CellDefaultSSLSettings”?

从根本上说,这个问题与HttpClient无关。HttpClient可以配置为使用任何自定义的
SSLContext
SSLSocketFactory
实例建立HTTPS连接。这主要是关于如何使用JSSEAPI以正确的方式配置
SSLContext
。在您的特殊情况下,
JSSEHelper
为您完成所有的艰苦工作

// JSSE socket factory
javax.net.ssl.SSLSocketFactory jssesf = JSSEHelper.getInstance().getSSLSocketFactory(alias, connectionInfo, null);
// HC socket factory
SSLSocketFactory hcsf = new SSLSocketFactory(jssesf, SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
这将提供一个可以在连接管理器中注册的连接套接字工厂

HttpClient 4.3还附带SSLContextBuilder类,该类可用于使用fluid builder API组装自定义SSL配置

奥列格的回答帮助了我

我所做的是扩展DefaultHttpClient,每个构造函数为目标URL获取一个字符串参数,并调用一个方法setupScheme:

private void setupScheme(final String url) throws Exception {
    Scheme scheme = new Scheme("https", 443, retrieveWebsphereSSLConnectionFactory(url));
    getConnectionManager().getSchemeRegistry().register(scheme);
}
RetrieveWebSpheresLconnectionFactory方法基本上将示例中的代码与提供的代码oleg组合在一起:

private SchemeSocketFactory retrieveWebsphereSSLConnectionFactory(final String url)
        throws SSLException, URISyntaxException {
    final String alias = "CellDefaultSSLSettings";

    final HashMap<String, String> connectionInfo = new HashMap<String, String>();
    connectionInfo.put(JSSEHelper.CONNECTION_INFO_DIRECTION, JSSEHelper.DIRECTION_OUTBOUND);
    connectionInfo.put(JSSEHelper.CONNECTION_INFO_REMOTE_HOST,
            URIUtils.extractHost(new URI(url)).getHostName());
    connectionInfo.put(JSSEHelper.CONNECTION_INFO_REMOTE_PORT, "443");

    return new SSLSocketFactory(JSSEHelper.getInstance().getSSLSocketFactory(alias, connectionInfo, null),
            SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}

private SchemeSocketFactory retrieveWebSpheresLconnectionFactory(最终字符串url)
抛出SSLException、URI语法异常{
最终字符串别名=“CellDefaultSSLSettings”;
final HashMap connectionInfo=新HashMap();
connectionInfo.put(JSSEHelper.CONNECTION\u INFO\u方向,JSSEHelper.DIRECTION\u出站);
connectionInfo.put(JSSEHelper.CONNECTION\u INFO\u REMOTE\u HOST,
URIUtils.extractHost(新URI(url)).getHostName();
connectionInfo.put(JSSEHelper.CONNECTION\u INFO\u REMOTE\u PORT,“443”);
返回新的SSLSocketFactory(JSSEHelper.getInstance().getSSLSocketFactory(别名,connectionInfo,null),
浏览器(兼容主机名(验证程序);
}
我有点希望有人知道某种配置,我可以用它来避免编程。然而,由于这导致了我不得不使用的解决方案,我将接受它。@MetroidFan2002:我不确定我是否理解这个问题。通常JSSE会根据证书请求的安全原则自动获取私钥。如果您需要使用特定私钥的别名强制进行身份验证,那么您正在做一些非常不寻常的事情。我不确定这可以通过标准的JSSE配置来完成。是的,我根本不了解Websphere或JSSE——我希望有人能够正确地配置它,但一旦它进入Websphere,所有希望都破灭了(因为我没有Websphere可供使用-实际上我必须基本上创建JSSEHelper来链接到它-我们部署到Websphere,但使用Tomcat进行开发)。