CXF客户端调用https Webservice

#设置变量
set OPENSSL_CONF=openssl.cfg
# 生成一个RSA密钥
openssl genrsa -des3 -out server.key 1024
# 生成一个证书请求
openssl req -new -key server.key -out server.csr
# 拷贝一个不需要输入密码的密钥文件
openssl rsa -in server.key -out server_nopwd.key
# 自己签发证书
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

#从key和crt生成pkcs12格式的keystore
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile server.crt -caname root -chain
#生成需要的keystore
keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456

package cn.net.sunge.gdms.util;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Map;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;

public class WsClientUtil {

public static <T> T getInterface(Class<T> clazz, String address) {
return getInterface(clazz, address, null);
}

@SuppressWarnings("unchecked")
public static <T> T getInterface(Class<T> clazz, String address, Map<String, Object> properties) {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setAddress(address);
factory.setServiceClass(clazz);
if (null != properties) {
factory.setProperties(properties);
}
return (T) factory.create();
}

public static <T> T getHttpsInterface(Class<T> clazz, String address, String jksPath, String jksPwd) {
return getHttpsInterface(clazz, address, jksPath, jksPwd, null);
}

@SuppressWarnings("unchecked")
public static <T> T getHttpsInterface(Class<T> clazz, String address, String jksPath, String jksPwd, Map<String, Object> properties) {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setAddress(address);
factory.setServiceClass(clazz);
if (null != properties) {
factory.setProperties(properties);
}
T t = (T) factory.create();
configureSSLOnTheClient(t, jksPath, jksPwd);
return t;
}

private static void configureSSLOnTheClient(Object obj, String jksPath, String jksPwd) {
File file = new File(jksPath);

Client client = ClientProxy.getClient(obj);
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();

try {
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setDisableCNCheck(true);

KeyStore keyStore = KeyStore.getInstance("JKS");
String password = jksPwd;
String storePassword = jksPwd;

keyStore.load(new FileInputStream(file), storePassword.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustFactory.init(keyStore);
TrustManager[] trustManagers = trustFactory.getTrustManagers();
tlsParams.setTrustManagers(trustManagers);

keyStore.load(new FileInputStream(file), storePassword.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(keyStore, password.toCharArray());
KeyManager[] keyManagers = keyFactory.getKeyManagers();
tlsParams.setKeyManagers(keyManagers);

// FiltersType filtersTypes = new FiltersType();
// filtersTypes.getInclude().add(".*_EXPORT_.*");
// filtersTypes.getInclude().add(".*_EXPORT1024_.*");
// filtersTypes.getInclude().add(".*_WITH_DES_.*");
// filtersTypes.getInclude().add(".*_WITH_NULL_.*");
// filtersTypes.getExclude().add(".*_DH_anon_.*");
// tlsParams.setCipherSuitesFilter(filtersTypes);

tlsParams.setDisableCNCheck(true);

httpConduit.setTlsClientParameters(tlsParams);
} catch (Exception e) {
e.printStackTrace();
}
}
}