方法一:编程方式配置SSLContext与TrustManager
// 加载PKCS12格式的客户端证书和私钥
KeyStore keyStore = KeyStore.getInstance("PKCS12");
char[] keystorePassword = "your Certificate Passphrase".toCharArray();
String clientKeyPath = ResourceUtils.getFile("classpath:security/ctt.p12").getAbsolutePath();
FileInputStream fis = new FileInputStream(clientKeyPath);
try {
keyStore.load(fis, keystorePassword);
} finally {
fis.close();
}
// 初始化KeyManagerFactory
String algorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(keyStore, keystorePassword);
// 创建TrustManagerFactory,这里假设我们信任服务器提供的证书
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init((KeyStore) null);
// 创建SSLContext并设置KeyManager和TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
String result = HttpRequest.post(schedulingConfigProperties.getTokenUrl())
.header(HttpHeaders.CONNECTION, "keep-alive")
.setSSLSocketFactory(sslContext.getSocketFactory())
.timeout(20000)//超时,毫秒
.form(paramMap)
.addRequestInterceptor(request -> {
})
.execute().body();
//然后在http client或者webservice client设置对应的客户端代理类中
String result = HttpRequest.post(schedulingConfigProperties.getTokenUrl())
.header(HttpHeaders.CONNECTION, "keep-alive")
.setSSLSocketFactory(sslContext.getSocketFactory())
.timeout(20000)
.form(paramMap)
.addRequestInterceptor(request -> {
})
.execute().body();
