C++指针探讨 函数对象
2011-09-04 19:37
357 查看
前一篇写了TOMCAT怎么进行SSL单向认证
现在接着写TOMCAT怎么进行SSL双向认证
1、通过keytools生成serverkeystore
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore
注意CN必须域名
比如以后通过https://localhost:8443/path/ 访问网站
这时候CN = localhost
2、导出x509证书
keytool -export -alias tomcat -file d:\server.cer -keystore d:\server.keystore.
先导出一个x509证书
3、新建client信任的trustclientkeystore.
keytool -genkey -alias trust -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trust.keystore
4、添加服务器端证书进入本地信任trustclientkeystore.
keytool -import -v -alias tomcat -file d:\server.cer -keystore d:\trust.keystore
前面不变
5、通过keytools生成clientkeystore
keytool -genkey -alias client -keyalg RSA -keypass changeit -storepass changeit -keystore d:\client.keystore
6、导出x509证书
keytool -export -alias client -file d:\client.cer -keystore d:\client.keystore.
7、新建server信任的trustserverkeystore.
keytool -genkey -alias trustserver -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trustserver.keystore
8、添加本地证书进入服务器信任trustserverkeystore.
keytool -import -v -alias client -file d:\client.cer -keystore d:\trustserver.keystore
到目前为止就有2个keystore 2个trustkeystore
9、tomcat 配置
clientAuth 设置为 true
10、javacode
现在接着写TOMCAT怎么进行SSL双向认证
1、通过keytools生成serverkeystore
keytool -genkey -alias tomcat -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore
注意CN必须域名
比如以后通过https://localhost:8443/path/ 访问网站
这时候CN = localhost
2、导出x509证书
keytool -export -alias tomcat -file d:\server.cer -keystore d:\server.keystore.
先导出一个x509证书
3、新建client信任的trustclientkeystore.
keytool -genkey -alias trust -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trust.keystore
4、添加服务器端证书进入本地信任trustclientkeystore.
keytool -import -v -alias tomcat -file d:\server.cer -keystore d:\trust.keystore
前面不变
5、通过keytools生成clientkeystore
keytool -genkey -alias client -keyalg RSA -keypass changeit -storepass changeit -keystore d:\client.keystore
6、导出x509证书
keytool -export -alias client -file d:\client.cer -keystore d:\client.keystore.
7、新建server信任的trustserverkeystore.
keytool -genkey -alias trustserver -keyalg RSA -keypass changeit -storepass changeit -keystore d:\trustserver.keystore
8、添加本地证书进入服务器信任trustserverkeystore.
keytool -import -v -alias client -file d:\client.cer -keystore d:\trustserver.keystore
到目前为止就有2个keystore 2个trustkeystore
9、tomcat 配置
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" [color=red]clientAuth="true"[/color] sslProtocol="TLS" keystoreFile="d:/server.keystore" keystorePass="changeit" truststoreFile="d:/trustserver.keystore" truststorePass="changeit" />
clientAuth 设置为 true
10、javacode
import java.io.File; import java.io.FileInputStream; import java.security.KeyStore; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpPost; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; public class Client { /** * @param args * @throws Exception */ public static void main(String[] args) throws Exception { HttpClient httpclient = new DefaultHttpClient(); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream keyStoreIn = new FileInputStream(new File("d:/client.keystore")); FileInputStream trustStoreIn = new FileInputStream(new File("d:/trust.keystore")); try { keyStore.load(keyStoreIn, "123456".toCharArray()); trustStore.load(trustStoreIn, "123456".toCharArray()); } finally { keyStoreIn.close(); trustStoreIn.close(); } SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore, "123456", trustStore); httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https",socketFactory, 8443)); HttpPost httpget = new HttpPost("https://localhost:8443/SSOClient/login.html"); System.out.println("Request:" + httpget.getRequestLine()); HttpResponse response = httpclient.execute(httpget); System.out.println(response.getStatusLine()); httpclient.getConnectionManager().shutdown(); } }
相关文章推荐
- C++指针探讨 -- 函数对象
- C++指针探讨 (四) 函数对象
- C++指针探讨 (四) 函数对象
- C++指针探讨 (四) 函数对象
- C++指针探讨 (四) 函数对象
- C++指针探讨 函数对象
- C++指针探讨 (四) 函数对象
- C++函数对象与函数指针不同之处
- 当C++指向对象的指针被赋值为NULL,对象那些函数可以运行?
- C++中仿函数/函数对象,函数指针的用法
- c++中类定义中,对象,引用,指针等针对函数的选择顺序
- C++指针探讨 (二)函数指针
- C++函数对象与函数指针不同之处
- Self Summary: C++函数返回引用和指针的问题,局部对象与new对象的问题
- C++函数对象与函数指针的不同之处
- C++指针探讨 (二) 函数指针
- C++指针探讨 (二) 函数指针
- 【C++总结】函数形参,返回const对象与非const对象,成员函数,函数指针
- C++学习笔记(13)——利用对象、引用、指针调用虚函数
- Self Summary: C++函数返回引用和指针的问题,局部对象与new对象的问题