Chinaunix首页 | 论坛 | 博客
  • 博客访问: 262923
  • 博文数量: 34
  • 博客积分: 569
  • 博客等级: 中士
  • 技术积分: 380
  • 用 户 组: 普通用户
  • 注册时间: 2012-05-10 14:10
文章分类

全部博文(34)

文章存档

2016年(6)

2014年(1)

2013年(5)

2012年(22)

我的朋友

分类: Java

2013-11-28 11:09:53

场景说明

项目开发了restful的webservice提供给第三方厂家进行调用,在默认情况下,知道地址就能进行连接,虽然提交的数据可能无法真正的运行到后端,但是还是比较危险。所以需要对访问进行控制。首先想到的就是通过数字证书进行控制。

解决方法

1、生成服务端密钥库并导出证书;
2、将服务端证书导入客户端环境;
3、配置服务端的SSL。

1.1 生成服务端密钥库

  1. keytool -genkey -alias wsca9000 -keyalg RSA -keypass changeit -storepass changeit -keystore d:\server.keystore -validity 9000

1.2 导出服务器证书

  1. keytool -export -trustcacerts -alias wsca9000 -file d:\server.cer -keystore d:\server.keystore -storepass changeit
2.1 将服务端的证书复制到客户端,并进行导入。

  1. keytool -import -trustcacerts -alias wsca9000 -file d:\server.cer -keystore "C:\Program Files\Java\jdk1.7.0_25\jre\lib\security\cacerts" -storepass changeit

3.1 配置服务端的tomcat下server.xml

  1. maxThreads="150" scheme="https" secure="true"
  2. clientAuth="false" sslProtocol="TLS"
  3. keystoreFile="D:/server.keystore"
  4. keystorePass="changeit"/>

4.1 测试

  1. RestfullTester tester = new RestfullTester();
  2.         String data = "";
  3.         tester.setUrl("");
  4.         tester.setDatatype("application/json");
  5.         tester.setMethod("POST");
  6.         data = "{\"id\":\"100163331\",\"head\":{\"id\":\"100163331\", \"mainid\":100163331, \"createtime\":\"2013-11-27 11:44:00\", \"paytime\":\"2013-11-27 11:45:00\", \"type\":0, \"status\":2, \"quantity\":1, \"discount\":1389.9, \"total\":0.1, \"vipno\":\"\", \"vipmemo\":\"\", \"storeno\":\"HZ13\"},\"detail\":[{\"id\":\"100163331\", \"productid\":287175, \"productname\":\"221119\", \"price\":1390, \"discount\":1389.9, \"vipdiscount\":0, \"quantity\":1, \"total\":0.1, \"rowno\":1, \"comcode\":\"2143410\", \"counter\":\"03714\", \"memo\":\"ss\", \"storeno\":\"HZ13\"},{\"id\":\"100163331\", \"productid\":287175, \"productname\":\"221119\", \"price\":1390, \"discount\":1389.9, \"vipdiscount\":0, \"quantity\":1, \"total\":0.1, \"rowno\":2, \"comcode\":\"2143410\", \"counter\":\"03714\", \"memo\":\"ss\", \"storeno\":\"HZ13\"}],\"payment\":[{\"id\":\"100163331\", \"type\":\"C0\", \"typeid\":27, \"typename\":\"微信支付\", \"no\":\"\", \"amount\":0.1, \"rowno\":1, \"memo\":null, \"storeno\":\"HZ13\"},{\"id\":\"100163331\", \"type\":\"C0\", \"typeid\":27, \"typename\":\"微信支付\", \"no\":\"\", \"amount\":0.1, \"rowno\":2, \"memo\":null, \"storeno\":\"HZ13\"}]}";
  7.         tester.setData(data);
  8.         tester.test();
备注:RestfullTester 是笔者自己写的测试restful的测试类。
在导入了证书的客户端可以调用成功,并返回数据,
在没有证书的客户端运行抛出异常:

  1. javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  2.     at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
  3.     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
  4.     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
  5.     at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
  6.     at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
  7.     at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
  8.     at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
  9.     at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
  10.     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
  11.     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
  12.     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
  13.     at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
  14.     at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
  15.     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
  16.     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1014)
  17.     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:230)
  18.     at com.intime.ws.util.RestfullTester.test(RestfullTester.java:65)
  19.     at com.intime.ws.util.RestfullTester.main(RestfullTester.java:175)





阅读(1537) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~