转载相关 支持https和http连接池的HttpClientUtil

The First Article.

https://blog.csdn.net/l964289880/article/details/84919664

Tomcat添加HTTPS单向认证和双向认证
https://www.cnblogs.com/kevinshen/p/7015891.html

用openssl、keytool创建数字证书颁发二级证书
https://github.com/shenzewen/LearningRecord/blob/master/other/openssl_keytool.md

Java安全通信：HTTPS与SSL
https://www.geek-share.com/detail/2541413600.html

https单向认证和双向认证区别
https://www.geek-share.com/detail/2704860904.html

SSL单向认证Java实现 Tomcat篇
https://firefly.iteye.com/blog/667196
单向验证，客户机只验证服务器的证书，服务器不验证客户机的证书。所以只需要生成服务器端的keystore.

1. 以jks格式生成服务器端包含Public key和Private Key的keystore文件，keypass与storepass务必要一样，因为在tomcat server.xml中只配置一个password.
   keytool -genkey -alias server -keystore e:\serverKeystore.jks -keypass 123456 -storepass 123456 -keyalg RSA -keysize 512 -validity 365 -v -dname “CN = W03GCA01A,O = ABC BANK,DC = Server Https,DC = ABC,OU = Firefly Technology And Operation”

2. 从keystore中导出别名为server的服务端证书.
   keytool -export -alias server -keystore e:\serverKeystore.jks -storepass 123456 -file e:\server.cer

3. 将server.cer导入客户端的信任证书库clientTruststore.jks
   keytool -import -alias trustServer -file e:\server.cer -keystore e:\clientTruststore.jks -storepass 123456

服务器端： serverKeystore.jks
客户端： clientTruststore.jks

genkeypair和genseckey的区别
官方的说明文档中对于选项【keyalg】的默认值有这样的说明：
-keyalg
“DSA” (when using -genkeypair)
“DES” (when using -genseckey)
由此推测，这2个选项所创建的密钥的加密算法不一样，【genkeypair】用于创建非对称加密，默认算法是【DSA】，【genseckey】用于创建对称加密，默认算法是【DES】
参考资料：https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html

Java 枚举(enum) 详解7种常见的用法
https://www.geek-share.com/detail/2722351080.html