segui88久久综合9999,欧美区二区三区,亚洲欧美在线观看

Http Https Webservice

abin — Sun, 10 May 2015 03:27:00 GMT

1.Http作�ؓ(f��)web服务的首选协议，居有4大优点：(x��)
   1�Q�http非常��单，以纯文本(��文�?形式�~�码的请求和响应�l�成
   2�Q�http是无状态的。一旦发送了一个http��h��Q�客户和服务器之间的�q�接信息��׃��(x��)被释放，有利于减��服务器资源的消耗�?br />   3�Q�http的运行端�?0�Q�在大多数防火墙上是公开�?br />   4�Q�行业认可�?br /> 但是Http的缺点：(x��)
   1�Q�缺��对异步消息的支�?br />   2�Q�消息传输的不可靠�?br />

web service相对http (post/get)有好处吗�Q?/h3>

1.接口中实现的�Ҏ(gu��)��和要求参��C��目了�?/p>
2.不用担心大小写问�?/p>
3.不用担心中文urlencode问题
4.代码中不用多�ơ声明认�?账号,密码)参数
5.传递参数可以�ؓ(f��)数组�Q�对象等...

http和webservice的区别：(x��)
1、http是采用get�Q�post�{�方式传输数据，而webservice是采用xml格式打包数据�Q�传输是��Z��http协议�q�行传输�?br />2、http直接传输数据�Q�而webservice是采用xml�~�解码数据，所以能速度上面有些慢�?br />3、webservice可以直接传输数组或者对象的数据格式�Q�实际现在常用的http+json也可以的�Q�只是需要进行字�W�串和各�U�格式的转换�?br />4、http传输占用的带宽要比webservice占用的带宽少�?br />5、webservice支持用户权限的验证，而http不支持直接的用户权限验证�?br />6、webservice接口中实现的�Ҏ(gu��)��和要求参��C��目了然�?br />

HTTPS和HTTP的区别：(x��)
https协议需要到ca甌��证书�Q�一般免费证书很��，需要交贏V�?br />http是超文本传输协议�Q�信息是明文传输�Q�https 则是��h��安全性的ssl加密传输协议
http和https使用的是完全不同的连接方式用的端口也不一�?前者是80,后者是443�?br />http的连接很��?是无状态的
HTTPS协议是由SSL+HTTP协议构徏的可�q�行加密传输、��n份认证的�|�络协议要比http协议安全

SSL协议基础

SSL协议位于TCP/IP协议与各�U�应用层协议之间�Q�本�w�又分�ؓ(f��)两层�Q?/p>
SSL记录协议(SSL Record Protocol)�Q�徏立在可靠传输层协�?TCP)之上�Q��ؓ(f��)上层协议提供数据��装、压�~�、加密等基本功能�?/p>
SSL握手协议(SSL Handshake Procotol)�Q�在SSL记录协议之上�Q�用于实际数据传输前�Q�通讯双方�q�行�w�䆾认证、协商加密算法、交换加密密钥等�?/p>
HTTPS通信�q�程�Q?/div>
1.在服务器端存在一个公钥及(qi��ng)�U�钥
2.客户端从服务器取得这个公�?/div>
3.客户端��生一个随机的密钥
4.客户端通过公钥对密钥加密（非对�U�加密）
5.客户端发送到服务器端
6.服务器端接受�q�个密钥�q�且以后的服务器端和客户端的数据全部通过�q�个密钥加密�Q�对�U�加密）

abin 2015-05-10 11:27 发表评论

web.xml中配�|�http讉K��转向https

abin — Sun, 06 Jan 2013 13:28:00 GMT

1.tomcat下所有应用都强制https讉K��

在tomcat\conf\web.xml中的后面加上以下配置:

CLIENT-CERT

Client Cert Users-only Area

SSL

CONFIDENTIAL

2.单个应用强制https讉K��

WEB-INF/web.xml�?lt;/welcome-file-list>后面加上以下配置:

CLIENT-CERT

Client Cert Users-only Area

SSL

CONFIDENTIAL

abin 2013-01-06 21:28 发表评论

HttpClient 实现跌��{��h��

abin — Thu, 27 Sep 2012 12:31:00 GMT

实现servlet的蟩转，以输入流的�Ş式来传输数据

��试UnionPayServlet的httpClient��试�c�：(x��)
package com.abin.lee.https;

import java.io.IOException;

import java.io.OutputStream;

import java.io.OutputStreamWriter;

import java.io.Writer;

import junit.framework.TestCase;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.client.HttpClient;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.entity.ContentProducer;

import org.apache.http.entity.EntityTemplate;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.util.EntityUtils;

import org.junit.Test;

public class HttpClientTest extends TestCase {

private static final String Url = "http://localhost:9090/Spa/UnionPayServlet";

@Test

public void testHttpClient() throws Exception {

HttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(Url);

ContentProducer create = new ContentProducer() {

public void writeTo(OutputStream outstream) throws IOException {

Writer writer = new OutputStreamWriter(outstream, "UTF-8");

writer.write("start");

writer.flush();

writer.close();

}

};

HttpEntity request = new EntityTemplate(create);

post.setEntity(request);

HttpResponse response = client.execute(post);

HttpEntity entity = response.getEntity();

String result = EntityUtils.toString(entity);

System.out.println("the last message is: "+result);

}

//被访问的servlet�Q�也��是中间servlet

package org.litsoft.air.servlet;

import java.io.BufferedReader;

import java.io.BufferedWriter;

import java.io.IOException;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.io.OutputStreamWriter;

import java.io.Writer;

import javax.servlet.ServletException;

import javax.servlet.ServletOutputStream;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.apache.http.HttpEntity;

import org.apache.http.HttpResponse;

import org.apache.http.client.HttpClient;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.entity.ContentProducer;

import org.apache.http.entity.EntityTemplate;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.util.EntityUtils;

public class UnionPayServlet extends HttpServlet {

private static final String Url = "http://localhost:9090/Spa/changeServlet";

@Override

protected void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

System.out.println("UnionPayServlet");

String result=null;

BufferedReader reader=new BufferedReader(new InputStreamReader(request.getInputStream()));

int num=0;

char[] buffer=new char[1024];

while((num=reader.read(buffer))!=-1){

result=new String(buffer,0,num);

}

System.out.println("from HttpCLient message is: ="+result);

final String transfer=result;

HttpClient client = new DefaultHttpClient();

HttpPost post = new HttpPost(Url);

ContentProducer create = new ContentProducer() {

public void writeTo(OutputStream outstream) throws IOException {

Writer writer = new OutputStreamWriter(outstream, "UTF-8");

writer.write(transfer);

writer.flush();

writer.close();

}

};

HttpEntity httpEntity = new EntityTemplate(create);

post.setEntity(httpEntity);

HttpResponse httpResponse = client.execute(post);

HttpEntity entity = httpResponse.getEntity();

String result1 = EntityUtils.toString(entity);

// System.out.println(result1);

ServletOutputStream out=response.getOutputStream();

BufferedWriter writer=new BufferedWriter(new OutputStreamWriter(out));

writer.write("this message is received by UnionPayServlet is: "+result1);

writer.flush();

writer.close();

}

@Override

public void destroy() {

super.destroy();

}

//最�l�要处理的servlet

package org.litsoft.air.servlet;

import java.io.BufferedReader;

import java.io.BufferedWriter;

import java.io.IOException;

import java.io.InputStreamReader;

import java.io.OutputStreamWriter;

import java.io.PrintWriter;

import java.net.HttpURLConnection;

import java.net.URL;

import javax.servlet.ServletException;

import javax.servlet.ServletOutputStream;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import org.litsoft.air.unionpay.CreateJdomOne;

public class ChangeServlet extends HttpServlet {

@Override

protected void doPost(HttpServletRequest request,

HttpServletResponse response) throws ServletException, IOException {

// 接收Servlet传回来的信息

BufferedReader reader = new BufferedReader(new InputStreamReader(

request.getInputStream()));

String show = null;

StringBuffer stb = new StringBuffer();

while ((show = reader.readLine()) != null) {

stb.append(show);

}

System.out.println("from UnionPayServlet message is :" + stb.toString());

reader.close();

ServletOutputStream out=response.getOutputStream();

BufferedWriter writer=new BufferedWriter(new OutputStreamWriter(out));

writer.write("this message is received by ChangeServlet is :"+stb.toString());

writer.flush();

writer.close();

}

//servlet的配�|?br />

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://java.sun.com/xml/ns/javaee

http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

UnionPayServlet

org.litsoft.air.servlet.UnionPayServlet

UnionPayServlet

/UnionPayServlet

changeServlet

org.litsoft.air.servlet.ChangeServlet

changeServlet

/changeServlet

index.jsp

abin 2012-09-27 20:31 发表评论

HttpsUrlConnection https双向验证

abin — Wed, 26 Sep 2012 16:16:00 GMT

以下文章都是整合了好多网上的好多朋友的优�U�资源�Q�才写出来的。具体参考过谁的�Q�我也记不清楚了。关于怎么生成https双向的证书，地址在这里：(x��)
http://www.aygfsteel.com/stevenjohn/archive/2012/08/22/385989.html
应该正常来说�Q�按照这个教�E�做的话是没有�Q何问题的�Q�但是也有些朋友��问题�Q�主要问题是在，把证书导入到��览器里面的时候出的，注意�q�里�?br />
我这里面的我都做�q�三四次了，基本没啥问题。但也不排除不会(x��)不出问题�?br />
�׃��|�上关于httpCilent来测试调用HTTPS的例子较?y��u)��，�l�过在度娘和��L(f��ng)��的查找，�ȝ��是也扑ֈ�了一��文章，参考以后，做出来一个测试类�Q�在我机器上面是能够跑通的。具体地址�Q?a href="http://www.aygfsteel.com/stevenjohn/archive/2012/09/27/388646.html">http://www.aygfsteel.com/stevenjohn/archive/2012/09/27/388646.html

//首先说一下，�q�个是我随便写的一个发布到tomcat的httpsUrlConnection的Servlet服务�Q�主要是用来��试一下https双向验证的，现在�|�上好多的文章都是https单向验证的Java代码�Q�我在网上看�q�好多，但是好多都是半成品，然后�ȝ��了一下，在自��q��机器上面是完全能够跑通的�Q�在�q�里做个�W�记�Q�以后用得着的时候来拿：(x��)

package com.abin.lee.https;

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.io.PrintWriter;

import java.util.Enumeration;

import java.util.Map;

import javax.servlet.ServletException;

import javax.servlet.ServletOutputStream;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@SuppressWarnings("serial")

public class ReceiveHttpsUrlConnectionRequest extends HttpServlet {

public void service(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

System.out.println("receive https request");
/**�q�个主要是接�Ӟ��由对方给以POST形式发过来的内容�Q�这�U�内容不是以key-value的�Ş式发的，而是直接通过Java�?br /> *string content="test https double auth";
*BufferedWriter writer = new BufferedWriter();
*writer.writer(content.getBytes());
*通过�q�种形式发过来的内容的接�Ӟ��׃��直接攑ֈ�request里面发送过来的�Q�所以的从request里面来接收�?br /> *之前做银联的手机支付的时候也是这么传递参数的�?br /> */

BufferedReader reader=new BufferedReader(new InputStreamReader(request.getInputStream()));

String line=null;

StringBuffer stb=new StringBuffer();
//循环的一行一行的��d��内容
while((line=reader.readLine())!=null){

stb.append(line);

}
//打印��d��到的内容�?/div>

System.out.println("stb="+stb.toString());
//�l�调用者返回内�?/div>

PrintWriter write=response.getWriter();

write.write("receive HttpsUrlConnection success");

write.flush();

write.close();

}

//�q�个是在web工程里面的web.xml里面配置的发布的servlet服务
//web.xml

httpsUrlConnectionRequest

com.abin.lee.https.ReceiveHttpsUrlConnectionRequest

httpsUrlConnectionRequest

/httpsUrlConnectionRequest

//HttpsUrlConnection��试�c?br />

package com.abin.lee.test;

import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStreamReader;

import java.io.OutputStream;

import java.net.URL;

import java.util.Date;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLSession;

import junit.framework.TestCase;

import org.junit.Before;

import org.junit.Test;

public class HttpsUrlConnectionClient extends TestCase {

// 客户端密钥库

private String sslKeyStorePath;

private String sslKeyStorePassword;

private String sslKeyStoreType;

// 客户端信�ȝ��证书

private String sslTrustStore;

private String sslTrustStorePassword;
//上面发布的servlet��h��地址

private String httpsUrlConnectionUrl = "https://localhost:8443/global/httpsUrlConnectionRequest";

@Before

public void setUp() {
//�q�是密钥�?br /> sslKeyStorePath = "D:\\home\\tomcat.keystore";

sslKeyStorePassword = "stevenjohn";

sslKeyStoreType = "JKS"; // 密钥库类型，有JKS PKCS12�{?br /> //信�Q库，�q�里需要服务端来新人客��L(f��ng)��才能调用�Q�因��个我是配�|�的https双向验证�Q�不但是要客��L(f��ng)��信�Q服务端，服务端也要信��d��L(f��ng)��?/div>

sslTrustStore = "D:\\home\\tomcat.keystore";

sslTrustStorePassword = "stevenjohn";

System.setProperty("javax.net.ssl.keyStore", sslKeyStorePath);

System.setProperty("javax.net.ssl.keyStorePassword",

sslKeyStorePassword);

System.setProperty("javax.net.ssl.keyStoreType", sslKeyStoreType);

// 讄��pȝ��参数

System.setProperty("javax.net.ssl.trustStore", sslTrustStore);

System.setProperty("javax.net.ssl.trustStorePassword",

sslTrustStorePassword);

System.setProperty("java.protocol.handler.pkgs", "sun.net.www.protocol");

}

@Test

public void testHttpsUrlConnectionClient() {

try {

URL url = new URL(httpsUrlConnectionUrl);
//对于��L��名的验证�Q�因为配�|�服务器端的tomcat.keystore的证书的时候，是需要填写用户名的，一般用户名来说是本地ip地址�Q�或者本地配�|�的域名
HostnameVerifier hv = new HostnameVerifier() {

public boolean verify(String urlHostName, SSLSession session) {

return true;

}

};

HttpsURLConnection.setDefaultHostnameVerifier(hv);
//�~�写HttpsURLConnection 的请求对象，�q�里需要注意HttpsURLConnection 比我们��^时用的HttpURLConnection对了一个s�Q�因为https是也是遵循http协议的，�q�且是采用ssl�q�个安全套接字来传输信息的，但是也有可能遭到黑客的攻�?

HttpsURLConnection connection = (HttpsURLConnection) url

.openConnection();

connection.setRequestProperty("Content-Type", "text/xml");

connection.setDoOutput(true);

connection.setDoInput(true);
//讄��h��方式为post,�q�里面当然也可以用get�Q�但是我�q�里必须用post
connection.setRequestMethod("POST");

connection.setUseCaches(false);

connection.setReadTimeout(30000);

String user="abin";

String pwd="abing";

String request="user="+user+"&pwd="+pwd;

OutputStream out = connection.getOutputStream();
//下面的这句话是给servlet发送请求内�?/div>

out.write(request.getBytes());

out.flush();

out.close();

//接收��h��的返回�?/div>

BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));

StringBuffer stb = new StringBuffer();

String line;

while ((line = reader.readLine()) != null) {

stb.append(line);

}

Integer statusCode = connection.getResponseCode();

System.out.println("�q�回状态码:" + statusCode);

reader.close();

connection.disconnect();

} catch (IOException e) {

e.printStackTrace();

}

//发布好了服务�Q�你需要在tomcat里面配置好了https服务的端口才能��用�?br />//tomcat配置文�g�Q?br />

connectionTimeout="20000"

redirectPort="8443" />

/**关于https端口的说明，银联一般用的都�?--9 443,�q�种�c�d��的端口，�W�一位是0--9中的��L��一位，然后后面三位�?43�Q�而通过我的��试�Q�发觉随便一个端口号都可 * 以的�Q�只要不和你机器的其他端口冲�H�就行，911,95553�q�些端口都是可以滴�?br /> *clientAuth="true" �q�里讄��为false是https单向认证�Q�设�|��ؓ(f��)true则是https双向认证
*/

SSLEnabled="true" maxThreads="150" scheme="https"

secure="true" clientAuth="true" sslProtocol="TLS"

keystoreFile="D:\\home\\tomcat.keystore" keystorePass="stevenjohn" //密钥�?/div>

truststoreFile="D:\\home\\tomcat.keystore" truststorePass="stevenjohn" />//信�Q�?/div>

abin 2012-09-27 00:16 发表评论

HttpClient https双向验证

abin — Wed, 26 Sep 2012 16:11:00 GMT

已经发布的准备要��试的https服务�Q?br />

package com.abin.lee.https;

import java.io.IOException;

import java.io.PrintWriter;

import java.util.Map;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@SuppressWarnings("serial")

public class ReceiveHttpClientRequest extends HttpServlet {

public void service(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

System.out.println("receive https request");

Map map=request.getParameterMap();

String user=(((Object[])map.get("user"))[0]).toString();

System.out.println("user="+user);

String pwd=(((Object[])map.get("pwd"))[0]).toString();

System.out.println("pwd="+pwd);

//�l�调用者返回�?/div>

PrintWriter write=response.getWriter();

write.write("receive HttpClient success");

write.flush();

write.close();

}

//web.xml

httpsClientRequest

com.abin.lee.https.ReceiveHttpClientRequest

httpsClientRequest

/httpsClientRequest

//HttpClient��试�c?br />

package com.abin.lee.test;

import java.io.BufferedReader;

import java.io.FileInputStream;

import java.io.InputStreamReader;

import java.security.KeyStore;

import java.util.ArrayList;

import java.util.List;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import junit.framework.TestCase;

import org.apache.http.HttpResponse;

import org.apache.http.NameValuePair;

import org.apache.http.client.HttpClient;

import org.apache.http.client.entity.UrlEncodedFormEntity;

import org.apache.http.client.methods.HttpPost;

import org.apache.http.conn.scheme.Scheme;

import org.apache.http.conn.ssl.SSLSocketFactory;

import org.apache.http.impl.client.DefaultHttpClient;

import org.apache.http.message.BasicNameValuePair;

import org.apache.http.protocol.HTTP;

import org.junit.Before;

import org.junit.Test;

public class HttpsClient extends TestCase {

private String httpUrl = "https://localhost:8443/global/httpsClientRequest";

// 客户端密钥库

private String sslKeyStorePath;

private String sslKeyStorePassword;

private String sslKeyStoreType;

// 客户端信�ȝ��证书

private String sslTrustStore;

private String sslTrustStorePassword;

@Before

public void setUp() {

sslKeyStorePath = "D:\\home\\tomcat.keystore";

sslKeyStorePassword = "stevenjohn";

sslKeyStoreType = "JKS"; // 密钥库类型，有JKS PKCS12�{?/div>

sslTrustStore = "D:\\home\\tomcat.keystore";

sslTrustStorePassword = "stevenjohn";

System.setProperty("javax.net.ssl.keyStore", sslKeyStorePath);

System.setProperty("javax.net.ssl.keyStorePassword",

sslKeyStorePassword);

System.setProperty("javax.net.ssl.keyStoreType", sslKeyStoreType);

// 讄��pȝ��参数

System.setProperty("javax.net.ssl.trustStore", sslTrustStore);

System.setProperty("javax.net.ssl.trustStorePassword",

sslTrustStorePassword);

}

@Test

public void testHttpsClient() {

SSLContext sslContext = null;

try {

KeyStore kstore = KeyStore.getInstance("jks");

kstore.load(new FileInputStream(sslKeyStorePath),

sslKeyStorePassword.toCharArray());

KeyManagerFactory keyFactory = KeyManagerFactory

.getInstance("sunx509");

keyFactory.init(kstore, sslKeyStorePassword.toCharArray());

KeyStore tstore = KeyStore.getInstance("jks");

tstore.load(new FileInputStream(sslTrustStore),

sslTrustStorePassword.toCharArray());

TrustManager[] tm;

TrustManagerFactory tmf = TrustManagerFactory

.getInstance("sunx509");

tmf.init(tstore);

tm = tmf.getTrustManagers();

sslContext = SSLContext.getInstance("SSL");

sslContext.init(keyFactory.getKeyManagers(), tm, null);

} catch (Exception e) {

e.printStackTrace();

}

try {

HttpClient httpClient = new DefaultHttpClient();

SSLSocketFactory socketFactory = new SSLSocketFactory(sslContext);

Scheme sch = new Scheme("https", 8443, socketFactory);

httpClient.getConnectionManager().getSchemeRegistry().register(sch);

HttpPost httpPost = new HttpPost(httpUrl);

List nvps = new ArrayList();

nvps.add(new BasicNameValuePair("user", "abin"));

nvps.add(new BasicNameValuePair("pwd", "abing"));

httpPost.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8));

HttpResponse httpResponse = httpClient.execute(httpPost);

String spt = System.getProperty("line.separator");

BufferedReader buffer = new BufferedReader(new InputStreamReader(

httpResponse.getEntity().getContent()));

StringBuffer stb=new StringBuffer();

String line=null;

while((line=buffer.readLine())!=null){

stb.append(line);

}

buffer.close();

String result=stb.toString();

System.out.println("result="+result);

} catch (Exception e) {

e.printStackTrace();

}

//tomcat配置文�g�Q�（前提是https双向验证证书生成的没有一炚w��题）

SSLEnabled="true" maxThreads="150" scheme="https"

secure="true" clientAuth="true" sslProtocol="TLS"

keystoreFile="D:\\home\\tomcat.keystore" keystorePass="stevenjohn"

truststoreFile="D:\\home\\tomcat.keystore" truststorePass="stevenjohn" />

abin 2012-09-27 00:11 发表评论

Tomcat配置HTTPS方式(单向)

abin — Wed, 26 Sep 2012 08:34:00 GMT

��要记录主要步骤备�?/p>

1、进入到jdk下的bin目录

2、输入如下指�?/strong>

keytool -v -genkey -alias tomcat -keyalg RSA -keystore d:/tomcat.keystore  -validity 36500

附：(x��)

d:/tomcat.keystore是将生成的tomcat.keystore攑ֈ�d盘根目录下�?/p>
"-validity 36500”含义是证书有效期�Q?/span>36500表示100�q�_(d��)��默认值是90�?/span>

注意若要攑ֈ�c盘，在win7�pȝ��下，需要以��理员��n份进入到命��o(h��)行中�q�行操作�Q�否则是无法创徏tomcat.keystore的。本例放到d盘下�?
如何以管理员�w�䆾�q�入到命令行下呢�Q�开�?>搜烦框中输入cmd->�{�待�Q�注意不回�R�Q?>出现cmd.exe->右键“以管理员�w�䆾�q�行”卛_��?

3、输入keystore密码

密码��L��Q�此处以123456��Z��Q�要��C��q�个密码�Q�之后在�q�行server.xml配置旉��要��用�?

4、输入名字、组�l�单位、组�l�、市、省、国家等信息

注意事项�Q?/div>
A、Enter keystore password�Q�此处需要输入大�?个字�W�的字符�?/div>
B�?#8220;What is your first and last name?”�q�是必填��，�q�且必须是TOMCAT部��v��L��的域名或者IP[如：(x��)gbcom.com 或�?nbsp;10.1.25.251]�Q�就是你��来要在��览器中输入的访问地址

C�?#8220;What is the name of your organizational unit?”�?#8220;What is the name of your organization?”�?#8220;What is the name of your City or Locality?”�?#8220;What is the name of your State or Province?”�?#8220;What is the two-letter country code for this unit?”可以按照需要填写也可以不填写直接回车，在系�l�询�?#8220;correct?”�Ӟ��对照输入信息�Q�如果符合要求则使用键盘输入字母“y”�Q�否则输�?#8220;n”重新填写上面的信�?/div>
D、Enter key password for �Q�这��较为重要，�?x��)在tomcat配置文�g中��用，��输入与keystore的密码一��_(d��)��讄��其它密码也可�?/div>
l  完成上述输入后，直接回�R则在你在�W�二步中定义的位�|�找到生成的文�g

5、输入之后会(x��)出现��认的提�C?

此时输入y�Q��ƈ回�R。此时创建完成keystore�?
�q�入到D盘根目录下可以看到已�l�生成的tomcat.xml

6、进入tomcat文�g�?
扑ֈ�conf目录下的sever.xml�q�进行编�?

7、编�?
     maxThreads="150" scheme="https" secure="true"
     clientAuth="false" keystoreFile="D:/AppServer/Tomcat/apache-tomcat-6.0.32/conf/tomcat.keystore"
     keystorePass="deleiguo" sslProtocol="TLS" />
注：(x��)
�Ҏ(gu��)��中的keystore的密码，��是刚才我们讄��?#8220;123456”.

�~�辑完成后关闭�ƈ保存sever.xml

8、Tomcat启动成功后，使用https://127.0.0.1:8443 讉K��面

��面成功打开即tomcat下的https配置成功�?

9、应用程序HTTP自动跌��{到HTTPS

在应用程序中web.xml中加入：(x��)



              SSL

              /*







              CONFIDENTIAL



10、生成安全证书文�?/strong>

keytool -export -alias tomcat -file D:/file.cer -keystore d:/tomcat.keystore -validity 36500

然后输入d:/tomcat.keystore中的keystore密码

-file D:/file.cer 即�ؓ(f��)生成的cer文�g�Q�可直接点击安装

11、注意事��：(x��)

�Q?�Q?nbsp;   生成证书的时��_(d��)��如果IE客户端所在机器的旉��早于证书生效旉��Q�或者晚于有效时��_(d��)��IE�?x��)提�C?#8220;该安全证书已到期或还未生�?#8221;

�Q?�Q?nbsp;   如果IE提示“安全证书上的名称无效或者与站点名称不匹�?#8221;�Q�则是由生成证书时填写的服务器所在主机的域名“�(zh��n)�的名字与姓氏是什么？”/“What is your first and last name?”不正��引��L(f��ng)��

12、遗留问题：(x��)

�Q?�Q�如果AC��L��不能通过域名查找�Q�必��M��用IP�Q�但是这个IP只有在配�|�后才能��定�Q�这栯��书就必须在AC��定IP地址后才能生�?/div>
�Q?�Q�证书文件只能绑定一个IP地址�Q�假设有10.1.25.250 �?nbsp;192.168.1.250 两个IP地址�Q�在证书生成文�g�Ӟ��如��用了10.1.25.250�Q�通过IE��只能��?0.1.25.250 来访问AC-WEB�Q?92.168.1.250是无法访问AC-WEB的�?/div>

abin 2012-09-26 16:34 发表评论

abin — Sun, 23 Sep 2012 14:31:00 GMT

https一般来说有单项SSL和双向SSL�q�接之分�?/p>

单项SSL�q�接�Q�也��是只是客户端验证服务器证书。tomcat中clientAuth="false"的时候，HTTPS单向验证如下�Q?br />
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.net.URL;
import java.util.Date;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

public class ClientSendData {
    static Log log = LogFactory.getLog(ClientSendData.class);
    // 客户端信�ȝ��证书
    private String sslTrustStore;
    private String sslTrustStorePassword;
    private String Url;

    //初始化数�?/span>
    public ClientSendData() {
        sslTrustStore = "D:/ssl/clientTrust.jks";
        sslTrustStorePassword = "123456";
        Url = "https://test.yihaodian.com:8443/ims/feedbackToPingAn_getData.action";
    }

    public String sendData(String data) {
        String receivedData = null;
        try {
            //讄��pȝ��参数
            System.setProperty("javax.net.ssl.trustStore", sslTrustStore);
            System.setProperty("javax.net.ssl.trustStorePassword",
                    sslTrustStorePassword);
            receivedData = send(Url, data);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return receivedData;
    }

    public static String send(String sendurl, String sendData)
            throws Exception {
        URL url = new URL(sendurl);
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        System.setProperty("java.protocol.handler.pkgs","sun.net.www.protocol");
        HttpsURLConnection.setDefaultHostnameVerifier(hv);
        Date current = new Date(System.currentTimeMillis());
        log.info("begint to open connection at " + current);
        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
        Date end = new Date(System.currentTimeMillis());
        log.info("open connection ok at " + end + ",cost:"+ (end.getTime() - current.getTime()));
        connection.setRequestProperty("Content-Type", "text/xml");
        connection.setDoOutput(true);
        connection.setDoInput(true);
        connection.setRequestMethod("POST");
        connection.setUseCaches(false);
        connection.setReadTimeout(30000);
        byte data[] = sendData.getBytes();
        current = new Date(System.currentTimeMillis());
        log.info("[SSLIX]notifyEai,begint to write data at " + current);
        OutputStream out = connection.getOutputStream();
        out.write(data);
        end = new Date(System.currentTimeMillis());
        log.info("write data ok at " + end + ",cost:"
                + (end.getTime() - current.getTime()));
        StringBuffer receivedData = new StringBuffer();
        current = new Date(System.currentTimeMillis());
        log.info("begint to read data at " + current);
        InputStreamReader inReader = new InputStreamReader(connection
                .getInputStream(), "UTF-8");
        BufferedReader aReader = new BufferedReader(inReader);
        String aLine;
        while ((aLine = aReader.readLine()) != null) {
            receivedData.append(aLine);
        }
        end = new Date(System.currentTimeMillis());
        log.info("read data ok at " + end + ",cost:"
                + (end.getTime() - current.getTime()));

        log.info("开始返回状态码");
        Integer statusCode = connection.getResponseCode();
        log.info("�q�回状态码:" + statusCode);
        aReader.close();
        connection.disconnect();
        return receivedData.toString();
    }

    public static void main(String[] args) {
        ClientSendData t = new ClientSendData();
        t.sendData("��试SSL单项�q�接�Q�向服务端发送数�?");
    }
}

单项认证�Ӟ��只需要设�|�客��L(f��ng)��信�Q的证书库��p��。但是当是双向认证时�Q�还需要设�|�客��L(f��ng)��密钥库密码�?/p>
HTTPS双向验证代码如下�Q?br />
public class ClientSendData {
    static Log log = LogFactory.getLog(EaiChannel.class);
    //客户端密钥库
    private String sslKeyStorePath;
    private String sslKeyStorePassword;
    private String sslKeyStoreType;
    // 客户端信�ȝ��证书
    private String sslTrustStore;
    private String sslTrustStorePassword;
    private String eaiUrl;

    //初始化数�?/span>
    public ClientSendData() {
        sslKeyStorePath = "D:/ssl/clientKeys.jks";
        sslKeyStorePassword     = "123456";
        sslKeyStoreType = "JKS"; //密钥库类型，有JKS PKCS12�{?/span>
        sslTrustStore = "D:/ssl/clientTrust.jks";
        sslTrustStorePassword = "123456";
        eaiUrl = "https://test.yihaodian.com:8443/ims/feedbackToPingAn_getData.action";
    }

    public String sendData(String data) {
        String receivedData = null;
        try {

             System.setProperty("javax.net.ssl.keyStore", sslKeyStorePath);
             System.setProperty("javax.net.ssl.keyStorePassword",sslKeyStorePassword);
             System.setProperty("javax.net.ssl.keyStoreType", sslKeyStoreType);
            //讄��pȝ��参数
            System.setProperty("javax.net.ssl.trustStore", sslTrustStore);
            System.setProperty("javax.net.ssl.trustStorePassword",
                    sslTrustStorePassword);
            receivedData = send(eaiUrl, data);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return receivedData;
    }

    public static String send(String sendurl, String sendData)
            throws Exception {
        //和上面一�?/span>
    }

    public static void main(String[] args) {
        ClientSendData t = new ClientSendData();
        t.sendData("��试SSL双项�q�接�Q�向服务端发送数�?");
    }
}

下面来说说可能会(x��)遇到的异常：(x��)
1. java.security.NoSuchAlgorithmException

一般来说是密钥库类型不对，如上面的sslKeyStoreType = "JKS" 却写成PKCS12�?/p>

也有可能是证书的问题�?/p>

2. java.net.UnknownHostException

服务端地址不对�?/p>

3.java.net.SocketException: Unexpected end of file from server

�q�个异常和客��L(f��ng)��没有关系�Q�说明已�l�发送成功。是服务端的问题。有可能是防火墙的原因，也可能是服务端没处理客户端的响应�?/p>
另外有�h说当URL�q�长时也�?x��)发生此错误�Q�当使用URL发送数据时�Q�可以参考此意见�?/p>

4.java.io.IOException:server returned HTTP response code :500

�q�个异常是服务端代码的问题。服务端相应代码执行时抛��Z��异常�?/p>

最�?如果�q�回的状态码�?00 �Q�表�C�成功�?/p>

abin 2012-09-23 22:31 发表评论

Https ssl java

abin — Thu, 23 Aug 2012 05:54:00 GMT
http://www.iteye.com/topic/1125183
http://blog.sina.com.cn/s/blog_5f64eccd0100p0pc.html
http://www.iteye.com/topic/1125183
http://hi.baidu.com/zhouqiugang/blog/item/65c9e160177db3cc8cb10d86.html
http://blog.csdn.net/zrbin153/article/details/6026840
HttpClient讉K��https站点证书加蝲问题
http://237451446.blog.51cto.com/2307663/759338

HttpClient��h��Https协议
http://www.aygfsteel.com/sxyx2008/archive/2011/07/08/353940.html

abin 2012-08-23 13:54 发表评论

keytool+tomcat配置HTTPS双向证书认证

abin — Wed, 22 Aug 2012 01:52:00 GMT

�pȝ��需求：(x��)

1�?nbsp; Windows�pȝ��或Linux�pȝ��

2�?nbsp; 安装�q��|�JDK 1.6.0_13

3�?nbsp; 安装�q��|�Tomcat 6.0

�W�一步：(x��)为服务器生成证书

1�?nbsp; Windows�pȝ��

“�q�行”控制収ͼ��q�入%JAVA_HOME%/bin目录
使用keytool为Tomcat生成证书�Q�假定目标机器的域名�?#8220;localhost”�Q�keystore文�g存放�?#8220;D:\home\tomcat.keystore”�Q�口令�ؓ(f��)“password”�Q��用如下命令生成：(x��)

keytool -genkey -v -alias tomcat -keyalg RSA -keystore D:\home\tomcat.keystore -validity 36500

(参数��要说明：(x��)“D:\home\tomcat.keystore”含义是将证书文�g的保存�\径，证书文�g名称是tomcat.keystore �Q?#8220;-validity 36500”含义是证书有效期�Q?6500表示100�q�_(d��)��默认值是90�?

在命令行填写必要参数�Q?/span>

A、输入keystore密码�Q�此处需要输入大�?个字�W�的字符�?/span>

B�?#8220;�(zh��n)�的名字与姓氏是什么？”�q�是必填��，�q�且必须是TOMCAT部��v��L��的域名或者IP[如：(x��)gbcom.com 或�?10.1.25.251]�Q�就是你��来要在��览器中输入的访问地址�Q�，否则��览器会(x��)弹出警告�H�口�Q�提�C�用戯��书与所在域不匹配。在本地做开发测试时�Q�应填入“localhost”

C�?#8220;你的�l�织单位名称是什么？”�?#8220;�(zh��n)�的�l�织名称是什么？”�?#8220;�(zh��n)�所在城市或区域名称是什么？”�?#8220;�(zh��n)�所在的州或者省份名�U�是什么？”�?#8220;该单位的两字母国家代码是什么？”可以按照需要填写也可以不填写直接回车，在系�l�询�?#8220;正确吗？”�Ӟ��对照输入信息�Q�如果符合要求则使用键盘输入字母“y”�Q�否则输�?#8220;n”重新填写上面的信�?/span>

D、输�?lt;tomcat>的主密码�Q�这��较为重要，�?x��)在tomcat配置文�g中��用，��输入与keystore的密码一��_(d��)��讄��其它密码也可�?/span>

完成上述输入后，直接回�R则在你在�W�二步中定义的位�|�找到生成的文�g

2�?nbsp; Linux�pȝ��

“�q�行”控制収ͼ��q�入%JAVA_HOME%/bin目录
使用如下命��o(h��)生成�Q?/span>

./keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/ac/web/tomcat.keystore -validity 36500

(参数��要说明：(x��)“/etc/tomcat.keystore”含义是将证书文�g保存在�\�?usr/local/ac/web/下，证书文�g名称是tomcat.keystore �Q?#8220;-validity 36500”含义是证书有效期�Q?6500表示100�q�_(d��)��默认值是90�?

在命令行填写必要参数�Q?/span>

A、Enter keystore password�Q�此处需要输入大�?个字�W�的字符�?/span>

B�?#8220;What is your first and last name?”�q�是必填��，�q�且必须是TOMCAT部��v��L��的域名或者IP[如：(x��)gbcom.com 或�?10.1.25.251]�Q�就是你��来要在��览器中输入的访问地址

C�?#8220;What is the name of your organizational unit?”�?#8220;What is the name of your organization?”�?#8220;What is the name of your City or Locality?”�?#8220;What is the name of your State or Province?”�?#8220;What is the two-letter country code for this unit?”可以按照需要填写也可以不填写直接回车，在系�l�询�?#8220;correct?”�Ӟ��对照输入信息�Q�如果符合要求则使用键盘输入字母“y”�Q�否则输�?#8220;n”重新填写上面的信�?/span>

D、Enter key password for �Q�这��较为重要，�?x��)在tomcat配置文�g中��用，��输入与keystore的密码一��_(d��)��讄��其它密码也可�?/span>

完成上述输入后，直接回�R则在你在�W�二步中定义的位�|�找到生成的文�g

�W�二步：(x��)为客��L(f��ng)��生成证书

为浏览器生成证书�Q�以便让服务器来验证它。�ؓ(f��)了能��证书顺利导入至IE和Firefox�Q�证书格式应该是PKCS12�Q�因此，使用如下命��o(h��)生成�Q?/span>

keytool -genkey -v -alias mykey -keyalg RSA -storetype PKCS12 -keystore D:\home\mykey.p12

对应的证书库存放�?#8220;D:\home\mykey.p12”�Q�客��L(f��ng)��的CN可以是�Q意倹{��双击mykey.p12文�g�Q�即可将证书导入��x��览器�Q�客��L(f��ng)��Q��?/span>

�W�三步：(x��)让服务器信�Q客户端证�?/strong>

�׃��是双向SSL认证�Q�服务器必须要信��d��L(f��ng)��证书�Q�因此，必须把客��L(f��ng)��证书��d��为服务器的信任认证。由于不能直接将PKCS12格式的证书库导入�Q�必��d��把客��L(f��ng)��证书导出��Z��个单独的CER文�g�Q��用如下命令：(x��)

keytool -export -alias mykey -keystore D:\home\mykey.p12 -storetype PKCS12 -storepass password -rfc -file D:\home\mykey.cer

通过以上命��o(h��)�Q�客��L(f��ng)��证书��p��我们导出�?#8220;D:\home\mykey.cer”文�g了。下一步，是将该文件导入到服务器的证书库，��d��Z��个信任证书：(x��)

keytool -import -v -file D:\home\mykey.cer -keystore D:\home\tomcat.keystore

通过list命��o(h��)查看服务器的证书库，可以看到两个证书�Q�一个是服务器证书，一个是受信�ȝ��客户端证书：(x��)

keytool -list -keystore D:\home\tomcat.keystore

�W�四步：(x��)让客��L(f��ng)��信�Q服务器证�?/strong>

�׃��是双向SSL认证�Q�客��L(f��ng)��也要验证服务器证书，因此�Q�必��L��服务器证书添加到��览�?#8220;受信�ȝ��根证书颁发机�?#8221;。由于不能直接将keystore格式的证书库导入�Q�必��d��把服务器证书导出��Z��个单独的CER文�g�Q��用如下命令：(x��)

keytool -keystore D:\home\tomcat.keystore -export -alias tomcat -file D:\home\tomcat.cer

通过以上命��o(h��)�Q�服务器证书��p��我们导出�?#8220;D:\home\tomcat.cer”文�g了。双击tomcat.cer文�g�Q�按照提�C�安装证书，��证书填入到“受信�ȝ��根证书颁发机�?#8221;�?/span>

�W�四步：(x��)配置Tomcat服务�?/strong>

打开Tomcat根目录下�?conf/server.xml�Q�找到如下配�|�段�Q�修改如下：(x��)

SSLEnabled="true" maxThreads="150" scheme="https"
secure="true" clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\\home\\test.keystore" keystorePass="123456"
truststoreFile="D:\\home\\test.keystore" truststorePass="123456" />

属性说明：(x��)

clientAuth:讄��是否双向验证�Q�默认�ؓ(f��)false�Q�设�|��ؓ(f��)true代表双向验证
keystoreFile:服务器证书文件�\�?/span>
keystorePass:服务器证书密�?/span>
truststoreFile:用来验证客户端证书的根证书，此例中就是服务器证书
truststorePass:根证书密�?/span>

�W�五步：(x��)��试

在浏览器中输�?https://localhost:8443/�Q�会(x��)弹出选择客户端证书界面，点击“��定”�Q�会(x��)�q�入tomcat主页�Q�地址栏后�?x��)�?#8220;�?#8221;图标�Q�表�C�本�ơ会(x��)话已�l�通过HTTPS双向验证�Q�接下来的会(x��)话过�E�中所传输的信息都已经�q�SSL信息加密�?br />

注意事项�Q�貌似导入证书的时候，最好导入到“个�h”那一栏里面，貌似客户端的用户名不填写也是可以的，或者随便填写�?br />
http://licg1234.blog.163.com/blog/static/13908233320121165356868/

abin 2012-08-22 09:52 发表评论