现在,我正在寻找有关如何重写已弃用方案的任务解决方案,该方案是客户端x509证书身份验证通过HttpComponentsMessageSender(不相关)。
例如,已废弃的解决方案如下:
SSLSocketFactory lSchemeSocketFactory = new SSLSocketFactory(this.keyStore, this.keyStorePassword);
Scheme sch = new Scheme("https", 443, lSchemeSocketFactory);
DefaultHttpClient httpClient = (DefaultHttpClient)getHttpClient();
httpClient.getConnectionManager().getSchemeRegistry().register(sch);
我正在使用带有CloseableHttpClient的新解决方案:
SSLContextBuilder sslContextBuilder = SSLContexts.custom()
// this key store must contain the key/cert of the client
.loadKeyMaterial(keyStore, keyStorePassword.toCharArray());
if (trustStore != null) {
// this key store must contain the certs needed and trusted to verify the servers cert
sslContextBuilder.loadTrustMaterial(trustStore);
}
SSLContext sslContext = sslContextBuilder.build();
LayeredConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
// Create a registry of custom connection socket factories for supported
// protocol schemes / https
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslsf)
.register("http", new PlainConnectionSocketFactory())
.build();
PoolingHttpClientConnectionManager connPoolControl =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
setConnPoolControl(connPoolControl);
getClientBuilder().setSSLSocketFactory(sslsf);
我仍然从服务器上收到403禁止访问的错误。但当我使用“已弃用”版本的解决方案时,它可以正常工作。SSL证书已由Thawte签名。
有什么想法吗? 谢谢