您可以使用密钥库来管理您的所有客户端证书,这些证书将通过别名进行标识。
默认KeyManager
将在握手中选择第一个证书,因此在创建连接之前无需构建自己的X509KeyManager
来指定要使用的别名。见How I can tell alias of the wanted key-entry to SSLSocket before connecting?
KeyStore keystore = ... //The keystore with all your certificates
//The keymanager for an specific connection
KeyManagerFactory kmf= KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keystore, password.toCharArray());
//Create a keyManager wrapper that returns the alias to use
final X509KeyManager origKm = (X509KeyManager)kmf.getKeyManagers()[0];
X509KeyManager km = new X509KeyManager() {
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
return "alias";
}
public X509Certificate[] getCertificateChain(String alias) {
return origKm.getCertificateChain(alias);
}
// override the rest of the methods delegating to origKm ...
}
在HttpsUrlConnectionMessageSender
HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
//messageSender.setKeyManagers(keyManagerFactory.getKeyManagers());
messageSender.setKeyManagers(new KeyManager[] { km });
我想你的方式注入新
keyManager
,它的工作,但我面临的另一个问题。我声明了X509Keymanager并重写了上述两种方法,但是当我打电话给目标服务器时,我得到了下面的错误信息'main,RECV TLSv1.2 ALERT:fatal,unexpected_message main,处理异常:javax.net.ssl .SSLException:收到致命错误'我通过将KeyManager对象提供给HttpsUrlConnectionMessageSender而不是X509KeyManager来修复此错误。服务器SSL跟踪显示服务器未从客户端获取_CERTIFICATE-VERIFY message_,因此连接突然终止。 – user3709612确切的错误是:'引起:org.springframework.ws.client.WebServiceIOException:I/O错误:收到致命警报:unexpected_message;嵌套异常是javax.net.ssl.SSLException:收到致命警报:unexpected_message \t at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:561)〜[spring-ws-core-2.3.1 .RELEASE.jar:2.3.1.RELEASE]引起:javax.net.ssl.SSLException:收到致命警报:unexpected_message \t at sun.security.ssl.Alerts.getSSLException(Alerts.java:208 )〜[na:1.8.0_71]' – user3709612
我解决了这个问题,看起来像我的应用程序获取私钥为空,因为我没有重写该方法。这是修复:'@Override \t \t \t公共专用密钥getPrivateKey(字符串为arg0){ \t \t \t \t // TODO自动生成方法存根 \t \t \t \t返回origKm.getPrivateKey(为arg0); \t \t \t}' – user3709612