科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>ssl - Java SSLMA implemenation (Apache httpClient 4.5 and BouncyCastle) - Stack Overflow

    ssl - Java SSLMA implemenation (Apache httpClient 4.5 and BouncyCastle) - Stack Overflow

    programmeradmin7浏览0评论

    I need to connect to a service that request SSLMA (SSL Mutual Authentication using Apache HttpClient 4.5 and BouncyCastle.

    I managed to prepare the SSLConnectionSocketFactory instance (see code) but I'm missing the part how to implement the SSLMA part.

    The supplier has given me the 'code': SSLMA = 'SSLMA_AzdXXXXX" and now is the question how to use this. Asking AI I it seems I need to extend org.bouncycastle.tls.extends AbstractTlsClient and pass the SSLMA_AzdXXXXX token somehow.

    Unfortunately nor CoPilot nor Gemini could generate an error free implementation of AbstractTlsClient. So if any one has an idea please let me know! Thx!

            // 1. Load Key Store (Client Certificate)
        String keyStorePassword = "123456";
        KeyStore keyStore = createInMemoryJKS(new File(MAINFOLDER, "mysite.be.pem"), keyStorePassword);

        // 2. Load Trust Store (Server Certificate - Optional, but Highly Recommended)
        KeyStore trustStore = createInMemoryJKS(new File(MAINFOLDER, "services.pem"), keyStorePassword);

        // 3. Create SSL Context
        SSLContextBuilder sslContextBuilder = new SSLContextBuilder();

        // Client certificate (required for SSLMA)
        // Mutual authentication (SSLMA/client certificate authentication) is activated 
        // by the presence of the client certificate in the SSLContext.  
        // It's not a separate "switch" that you turn on or off.  Here's how it works:
        sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword.toCharArray());

        // Server certificate (optional, but HIGHLY recommended for security)
        // Load if you have the server's cert or the CA cert that signed it.
        // Trust strategy to accept server certificates
        TrustStrategy trustStrategy = (cert, authType) -> true;
        sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy);

        // When the HttpClient attempts to connect to the server, the SSL/TLS handshake begins.  
        // Because the SSLContext was configured with a client certificate, the client 
        // (your code) will automatically present this certificate to the server during the handshake.
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build());

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论