中文亚洲精品无码_熟女乱子伦免费_人人超碰人人爱国产_亚洲熟妇女综合网

當(dāng)前位置: 首頁 > news >正文

新手學(xué)做網(wǎng)站書國際足聯(lián)世界排名

news 2025/7/13 19:02:14
新手學(xué)做網(wǎng)站書,國際足聯(lián)世界排名,網(wǎng)站建設(shè)人員春招計(jì)劃,攝像頭怎么做直播網(wǎng)站一、背景介紹 某個供應(yīng)商服務(wù)需要部署到海外,如果海外多個地區(qū)需要部署多個服務(wù),最好能實(shí)現(xiàn)統(tǒng)一登錄,這樣可以減輕用戶的使用負(fù)擔(dān)(不用記錄一堆密碼)。由于安全問題(可能會泄露用戶數(shù)據(jù))&#x…

一、背景介紹

? ? ? ? 某個供應(yīng)商服務(wù)需要部署到海外,如果海外多個地區(qū)需要部署多個服務(wù),最好能實(shí)現(xiàn)統(tǒng)一登錄,這樣可以減輕用戶的使用負(fù)擔(dān)(不用記錄一堆密碼)。由于安全問題(可能會泄露用戶數(shù)據(jù)),海外服務(wù)不能直連公司sso服務(wù)端,因此需要其他的方案解決安全問題。最終的安全方案中需要用到SSL雙向認(rèn)證進(jìn)行數(shù)據(jù)的傳輸和交互,并且只指定某些個別接口實(shí)現(xiàn)SSL雙向認(rèn)證。在此背景下,這篇文章介紹基于tomcat的SSL雙向認(rèn)證的簡單實(shí)現(xiàn)。

二、SSL簡單介紹

????????SSL(Secure Sockets Layer 安全套接層)就是一種協(xié)議(規(guī)范),用于保障客戶端和服務(wù)器端通信的安全,以免通信時傳輸?shù)男畔⒈桓`取或者修改。

????????1.怎樣保障數(shù)據(jù)傳輸安全?

????????客戶端和服務(wù)器端在進(jìn)行握手(客戶端和服務(wù)器建立連接和交換參數(shù)的過程稱之為握手)時會產(chǎn)生一個“對話密鑰”(session key),用來加密接下來的數(shù)據(jù)傳輸,解密時也是用的這個“對話密鑰”,而這個“對話密鑰”只有客戶端和服務(wù)器端知道。也就是說只要這個“對話密鑰”不被破解,就能保證安全。

  2. 客戶端證書和服務(wù)器端證書

????????客戶端證書和服務(wù)器端證書用于證明自己的身份,就好比每個人都有一張身份證,這種身份證是唯一的。一般來說,只要有服務(wù)器端的證書就可以了,但是有時需要客戶端提供自己的證書,已證明其身份。

三、生成自簽名的服務(wù)器端證書和導(dǎo)入服務(wù)器端信任證書庫

????????一般證書可以使用權(quán)威機(jī)構(gòu)頒發(fā)的證書,如:veri sign,百度使用的就是veri sign頒發(fā)的證書,這樣的權(quán)威證書機(jī)構(gòu)是受信任的,但是這些機(jī)構(gòu)頒發(fā)的證書往往是需要收費(fèi)的,這樣的證書也難得到。對于小型企業(yè)來說為了節(jié)約成本,常常使用自簽名的證書。 ??

????????接下來使用JDK?keytool工具來簽發(fā)證書,如果未安裝JDK,請先安裝JDK(本文使用的是JDK8)。本文所有的證書文件都放到/cert/test1(操作系統(tǒng)centos),您可以選擇一個目錄來存放。

????????1.制作服務(wù)端密鑰庫

keytool -genkey -v -alias server -keyalg RSA 
-keystore /cert/test1/server.keystore -validity 36500 
-ext SAN=dns:test-ssl,ip:10.1.x.x 
-dname "CN=test,OU=test,O=test,L=hz,ST=hz,C=cn"

?注意:SAN填寫的是域名,IP填寫是服務(wù)端IP。SAN和IP是解決谷歌瀏覽器證書無效的關(guān)鍵。

?

????????2.制作客戶端密鑰庫

keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 
-keystore /cert/test1/client.p12 -dname "CN=test,OU=test,O=test,L=hz,ST=hz,C=cn"

?

????????3.客戶端證書導(dǎo)入服務(wù)端密鑰庫

????????由于不能直接將p12導(dǎo)入,需要先從客戶端密鑰庫導(dǎo)出證書,再將導(dǎo)出的證書導(dǎo)入服務(wù)端密鑰庫。? ?

keytool -export -alias client -keystore /cert/test1/client.p12 
-storetype PKCS12 -storepass 123456 -rfc -file /cert/test1/client.cer

?

keytool -import -v -file /cert/test1/client.cer -keystore /cert/test1/server.keystore

?

????????4.導(dǎo)出服務(wù)端密鑰庫證書?

keytool -keystore /cert/test1/server.keystore -export -alias server -file /cert/test1/server.cer

?

????????5.配置tomcat?

????????5.1配置server.xml

????????找到conf目錄下的server.xml文件,增加如下配置。

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"maxThreads="150" scheme="https" secure="true"clientAuth="true" sslProtocol="TLS"keystoreFile="/cert/test1/server.keystore" keystorePass="123456"truststoreFile ="/cert/test1/server.keystore" truststorePass="123456"
/>

?

????????說明:
  • clientAuth為true表示開啟SSL雙向認(rèn)證
  • keystoreFile指定服務(wù)器端的證書位置
  • ?truststoreFile指定服務(wù)器端信任證書庫
?????????5.2配置web.xml

????????找到conf目錄下的server.xml文件,增加如下配置。

<security-constraint><web-resource-collection><web-resource-name>SSL</web-resource-name><url-pattern>/ssl_test/*</url-pattern></web-resource-collection><user-data-constraint><description>SSL required</description><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>
</security-constraint>

?

????????說明:
  • 如果不加入這個配置,那么所有訪問的地址都必須要使用SSL才能訪問,有時我們可能只需要通過某個或者某些SSL地址獲取客戶端證書來認(rèn)證用戶身份,認(rèn)證成功后不需要使用SSL來進(jìn)行訪問(可以配置多個security-constraint)
  • url-pattern:指定需要SSL才能進(jìn)行訪問的地址(/ssl_test/*)
  • transport-guarantee:合法值為NONE、 INTEGRAL或CONFIDENTIAL,transport-guarantee為NONE值將對所用的通訊協(xié)議不加限制。INTEGRAL值表示數(shù)據(jù)必須以一種防止截取它的人閱讀它的方式傳送。雖然原理上(并且在未來的HTTP版本中),在 INTEGRAL和CONFIDENTIAL之間可能會有差別,但在當(dāng)前實(shí)踐中,他們都只是簡單地要求用SSL
  • 創(chuàng)建SSLServlet獲取客戶端證書

????????6.編寫用來獲取客戶端證書的filter及測試接口類

????????客戶端證書驗(yàn)證攔截器(攔截路徑:/ssl_test/*)
package com.example.demo;import java.io.IOException;
import java.security.cert.X509Certificate;import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;/*** description:MyFilter** @author: lgq* @create: 2024-02-02 10:55*/@WebFilter(urlPatterns = "/ssl_test/*")
public class MyFilter implements Filter {private static final String REQUEST_ATTR_CERT = "javax.servlet.request.X509Certificate";private static final String SCHEME_HTTPS = "https";/*** web應(yīng)用啟動時,web服務(wù)器將創(chuàng)建Filter的實(shí)例對象,并調(diào)用init方法,讀取web.xml的配置,完成對象的初始化功能,* 從而為后續(xù)的用戶請求做好攔截的準(zhǔn)備工作(filter對象只會創(chuàng)建一次,init方法也只會執(zhí)行一次,開發(fā)人員通過init的參數(shù),* 可或得代表當(dāng)前filter配置信息的FilterConfig對象)* @param filterConfig* @throws ServletException*/@Overridepublic void init(FilterConfig filterConfig) throws ServletException {}/*** 這個方法完成實(shí)際的過濾操作,當(dāng)客戶請求訪問與過濾器相關(guān)聯(lián)的URL的時候,Servlet過濾器將先執(zhí)行doFilter方法,FilterChain參數(shù)用于訪問后續(xù)過濾器* @param request* @param response* @param filterChain* @throws IOException* @throws ServletException*/@Overridepublic void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)throws IOException, ServletException {X509Certificate[] certs = (X509Certificate[]) request.getAttribute(REQUEST_ATTR_CERT);if (certs != null) {int count = certs.length;System.out.println("共檢測到[" + count + "]個客戶端證書");for (int i = 0; i < count; i++) {X509Certificate cert = certs[i];System.out.println("客戶端證書 [" + cert.getSubjectDN() + "]: ");System.out.println("證書是否有效:" + (verifyCertificate(cert) ? "是" : "否"));System.out.println("證書詳細(xì)信息:\r" + cert.toString());}filterChain.doFilter(request, response);} else {if (SCHEME_HTTPS.equalsIgnoreCase(request.getScheme())) {System.out.println("這是一個HTTPS請求,但是沒有可用的客戶端證書");} else {System.out.println("這不是一個HTTPS請求,因此無法獲得客戶端證書列表 ");}}System.out.println("我是過濾器,我進(jìn)來了");}/*** filter創(chuàng)建后會保存在內(nèi)存中,當(dāng)web應(yīng)用移除或者服務(wù)器停止時才銷毀,該方法在Filter的生命周期中僅執(zhí)行一次,在這個方法中,可以釋放過濾器使用的資源*/@Overridepublic void destroy() {}/**** 校驗(yàn)證書是否過期*** @param certificate* @return*/private boolean verifyCertificate(X509Certificate certificate) {boolean valid = true;try {certificate.checkValidity();} catch (Exception e) {e.printStackTrace();valid = false;}return valid;}
}
?????????啟動類(服務(wù)部署到tomcat)
package com.example.demo;import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;@SpringBootApplication
@ServletComponentScan
public class DemoApplication extends SpringBootServletInitializer {public static void main(String[] args) {SpringApplication.run(DemoApplication.class, args);}@Overrideprotected SpringApplicationBuilder configure(SpringApplicationBuilder builder) {return builder.sources(DemoApplication.class);}}
????????pom依賴(打war包)
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><parent><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-parent</artifactId><version>2.4.3</version><relativePath/> <!-- lookup parent from repository --></parent><groupId>com.example</groupId><artifactId>demo</artifactId><version>0.0.1-SNAPSHOT</version><name>demo</name><description>Demo project for Spring Boot</description><packaging>war</packaging><properties><java.version>8</java.version></properties><dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId><exclusions><exclusion><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId></exclusion></exclusions></dependency><!--spring boot tomcat(默認(rèn)可以不用配置,但當(dāng)需要把當(dāng)前web應(yīng)用布置到外部servlet容器時就需要配置,并將scope配置為provided)--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-tomcat</artifactId><scope>provided</scope></dependency></dependencies><build><finalName>test</finalName><plugins><plugin><groupId>org.apache.maven.plugins</groupId><artifactId>maven-war-plugin</artifactId><version>2.1.1</version><configuration><failOnMissingWebXml>false</failOnMissingWebXml></configuration></plugin></plugins></build></project>
? ? ? ? tomcat下服務(wù)目錄(工程路徑/test)

????????啟動服務(wù)命令

????????客戶端ssl證書認(rèn)證接口
package com.example.demo;import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;/*** description:SSLTestController ** @author: lgq* @create: 2024-01-25 10:42*/
@RestController
@RequestMapping("/ssl_test")
public class SSLTestController {@GetMapping("/hello")public String auth() {return "Hello, I am the server! Your client's SSL certificate has been authenticated!";}
}
????????不需要認(rèn)證客戶端證書的接口
package com.example.demo;import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;/*** description:NoSSLTestController** @author: lgq* @create: 2024-01-25 10:42*/
@RestController
@RequestMapping("/no_ssl_test")
public class NoSSLTestController {@GetMapping("/hello")public String auth() {return "Hello, I am the server!";}
}

????????7.測試

? ? ? ? 7.1 瀏覽器訪問測試
? ? ? ? 7.1.1ssl雙向認(rèn)證測試

????????用瀏覽器訪問http://10.1.x.x:8080/test/ssl_test/hello????????

????????細(xì)心的讀者可能發(fā)現(xiàn)鏈接已經(jīng)跳轉(zhuǎn)到了??https://10.1.x.x:8443/test/ssl_test/hello,這是由于這個地址被設(shè)置為需要SSL才能訪問,所以跳轉(zhuǎn)到了這個地址。訪問時頁面提示如下:

????????為了不出現(xiàn)這樣的警告信息,我們可以導(dǎo)入服務(wù)器端證書到客戶端,雙擊服務(wù)端證書

????????選擇當(dāng)前用戶?

????????將證書放入可信任的根證書列表 ,隨后安裝成功

????????再次訪問:?http://10.1.x.x:8080/test/ssl_test/hello,出現(xiàn)如下錯誤

????????由于我們訪問的接口是雙向認(rèn)證,所以也需要客戶端的證書,我們接下來導(dǎo)入客戶端證書

????????自動選擇證書存儲?

????????輸入證書密鑰,隨即安裝成功?

????????第三次訪問:?http://10.1.x.x:8080/test/ssl_test/hello,結(jié)果如下所示

????????需要選擇客戶端證書

????????輸出結(jié)果如下?

????????tomcat 日志如下,(證書是否有效:是)表示客戶端證書已經(jīng)通過服務(wù)端驗(yàn)證

? ? ? ? 7.1.2 不驗(yàn)證客戶端證書

????????訪問地址http://10.1.x.x:8080/test/no_ssl_test/hello??????, 發(fā)現(xiàn)沒有跳轉(zhuǎn)到8443端口,正常返回內(nèi)容如下

????????7.2 測試java通過httpclient調(diào)用雙向認(rèn)證接口?
????????1.增加apache httpclient依賴
 <!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore -->
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpcore</artifactId><version>4.4.10</version>
</dependency><!-- https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient -->
<dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.6</version>
</dependency>
????????2.構(gòu)建http請求類
package com.example.demo;/*** description:HttpsRequest** @author: lgq* @create: 2024-02-04 18:17*/import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;import javax.net.ssl.SSLContext;import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;public class HttpsRequest {//.p12文件路徑private String filePath;//密碼private String passWord;//外呼urlprivate String url;// 請求體private String body;//請求頭private Map<String, String> header;//代理IPprivate String proxyIP;//代理端口private int proxyPort;private HttpsRequest(Builder builder) {this.filePath = builder.filePath;this.passWord = builder.passWord;this.url = builder.url;this.body = builder.body;this.header = builder.header;this.proxyIP = builder.proxyIP;this.proxyPort = builder.proxyPort;}public static class Builder {//.p12文件路徑private String filePath;//密碼private String passWord;//外呼urlprivate String url;// 請求體private String body;//請求頭private Map<String, String> header = new HashMap<>();//代理IPprivate String proxyIP;//代理端口private int proxyPort;public Builder filePath(String filePath) {this.filePath = filePath;return this;}public Builder passWord(String passWord) {this.passWord = passWord;return this;}public Builder url(String url) {this.url = url;return this;}public Builder body(String body) {this.body = body;return this;}public Builder header(String key, String value) {this.header.put(key, value);return this;}public Builder proxy(String ip, int port) {this.proxyPort = port;this.proxyIP = ip;return this;}public HttpsRequest build() {return new HttpsRequest(this);}}public String doPost() {String rep = "";SSLContext sslcontext;try {KeyStore keyStore = KeyStore.getInstance("PKCS12");try (FileInputStream fileInputStream = new FileInputStream(filePath)) {keyStore.load(fileInputStream, passWord.toCharArray());sslcontext = SSLContexts.custom()//忽略掉對服務(wù)器端證書的校驗(yàn)//.loadTrustMaterial((TrustStrategy) (chain, authType) -> true)//加載服務(wù)端提供的truststore(如果服務(wù)器提供truststore的話就不用忽略對服務(wù)器端證書的校驗(yàn)了).loadTrustMaterial(new File("E:\\abc\\def\\server.jks"), "123456".toCharArray(),new TrustSelfSignedStrategy()).loadKeyMaterial(keyStore, passWord.toCharArray()).build();}SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext,new String[]{"TLSv1"},null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());try (CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build()) {HttpPost httpPost = new HttpPost(url);StringEntity req = new StringEntity(body, "UTF-8");httpPost.setEntity(req);if (header != null) {header.entrySet().stream().forEach((h) -> {httpPost.addHeader(h.getKey(), h.getValue());});}RequestConfig config;if (!StringUtils.isEmpty(proxyIP) && !StringUtils.isEmpty(proxyPort)) {HttpHost proxy = new HttpHost(proxyIP, proxyPort);config = RequestConfig.custom().setProxy(proxy).setConnectionRequestTimeout(5000).setSocketTimeout(30000).setConnectTimeout(20000).build();} else {config = RequestConfig.custom().setConnectionRequestTimeout(5000).setSocketTimeout(30000).setConnectTimeout(20000).build();}//連接超時時間, 單位毫秒//requestConfigBuilder.setConnectTimeout(2000);//從池中獲取連接超時時間//requestConfigBuilder.setConnectionRequestTimeout(500);//讀超時時間(等待數(shù)據(jù)超時時間)//requestConfigBuilder.setSocketTimeout(2000);httpPost.setConfig(config);try (CloseableHttpResponse httpResponse = client.execute(httpPost)) {HttpEntity entity = httpResponse.getEntity();rep = EntityUtils.toString(entity);}}} catch (KeyStoreException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (KeyManagementException e) {e.printStackTrace();} catch (UnrecoverableKeyException e) {e.printStackTrace();}return rep;}public String doGet() {String rep = "";SSLContext sslcontext;try {KeyStore keyStore = KeyStore.getInstance("PKCS12");try (FileInputStream fileInputStream = new FileInputStream(filePath)) {keyStore.load(fileInputStream, passWord.toCharArray());sslcontext = SSLContexts.custom()//忽略掉對服務(wù)器端證書的校驗(yàn)//.loadTrustMaterial((TrustStrategy) (chain, authType) -> true)//加載服務(wù)端提供的truststore(如果服務(wù)器提供truststore的話就不用忽略對服務(wù)器端證書的校驗(yàn)了).loadTrustMaterial(new File("E:\\abc\\def\\server.jks"), "123456".toCharArray(),new TrustSelfSignedStrategy()).loadKeyMaterial(keyStore, passWord.toCharArray()).build();}SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext,new String[]{"TLSv1.2"},null,SSLConnectionSocketFactory.getDefaultHostnameVerifier());try (CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build()) {HttpGet httpGet = new HttpGet(url);if (!ObjectUtils.isEmpty(header)) {header.entrySet().stream().forEach((h) -> {httpGet.addHeader(h.getKey(), h.getValue());});}RequestConfig config;if (!ObjectUtils.isEmpty(proxyIP) && !ObjectUtils.isEmpty(proxyPort)) {HttpHost proxy = new HttpHost(proxyIP, proxyPort);config = RequestConfig.custom().setProxy(proxy).setConnectionRequestTimeout(5000).setSocketTimeout(30000).setConnectTimeout(20000).build();} else {config = RequestConfig.custom().setConnectionRequestTimeout(5000).setSocketTimeout(30000).setConnectTimeout(20000).build();}//連接超時時間, 單位毫秒//requestConfigBuilder.setConnectTimeout(2000);//從池中獲取連接超時時間//requestConfigBuilder.setConnectionRequestTimeout(500);//讀超時時間(等待數(shù)據(jù)超時時間)//requestConfigBuilder.setSocketTimeout(2000);httpGet.setConfig(config);try (CloseableHttpResponse httpResponse = client.execute(httpGet)) {HttpEntity entity = httpResponse.getEntity();rep = EntityUtils.toString(entity);}}} catch (KeyStoreException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (CertificateException e) {e.printStackTrace();} catch (KeyManagementException e) {e.printStackTrace();} catch (UnrecoverableKeyException e) {e.printStackTrace();}return rep;}}
3.將服務(wù)端證書由?cer格式轉(zhuǎn)為jks
keytool -import -alias server -file /cert/test1/server.cer -keystore /cert/test1/server.jks
?4.測試雙向認(rèn)證請求
package com.example.demo;/*** description:HttpsRequestTest** @author: lgq* @create: 2024-02-04 18:24*/
public class HttpsRequestTest {public static void main(String[] args) {String result = new HttpsRequest.Builder().filePath("E:\\abc\\def\\client.p12").passWord("123456").url("https://10.1.x.x:8443/test/ssl_test/hello").header("charset", "UTF-8")//頭信息,多個頭信息多次調(diào)用此方法即可.build().doGet();System.out.println(result);}
}

????????輸出結(jié)果

"C:\Program Files\Java\jdk1.8.0_101\bin\java.exe" -Dvisualvm.id=375771477320700 "-javaagent:E:\software-tools\JetBrains\IntelliJ IDEA 2020.3.3\lib\idea_rt.jar=55001:E:\software-tools\JetBrains\IntelliJ IDEA 2020.3.3\bin" -Dfile.encoding=UTF-8 -classpath "C:\Program Files\Java\jdk1.8.0_101\jre\lib\charsets.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\deploy.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\access-bridge-64.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\cldrdata.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\dnsns.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\jaccess.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\jfxrt.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\localedata.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\nashorn.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\sunec.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\sunjce_provider.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\sunmscapi.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\sunpkcs11.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\ext\zipfs.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\javaws.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\jce.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\jfr.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\jfxswt.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\jsse.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\management-agent.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\plugin.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\resources.jar;C:\Program Files\Java\jdk1.8.0_101\jre\lib\rt.jar;D:\project\demo1\target\classes;D:\maven\repository\org\springframework\boot\spring-boot-starter-web\2.4.3\spring-boot-starter-web-2.4.3.jar;D:\maven\repository\org\springframework\boot\spring-boot-starter\2.4.3\spring-boot-starter-2.4.3.jar;D:\maven\repository\org\springframework\boot\spring-boot\2.4.3\spring-boot-2.4.3.jar;D:\maven\repository\org\springframework\boot\spring-boot-autoconfigure\2.4.3\spring-boot-autoconfigure-2.4.3.jar;D:\maven\repository\org\springframework\boot\spring-boot-starter-logging\2.4.3\spring-boot-starter-logging-2.4.3.jar;D:\maven\repository\ch\qos\logback\logback-classic\1.2.3\logback-classic-1.2.3.jar;D:\maven\repository\ch\qos\logback\logback-core\1.2.3\logback-core-1.2.3.jar;D:\maven\repository\org\slf4j\slf4j-api\1.7.30\slf4j-api-1.7.30.jar;D:\maven\repository\org\apache\logging\log4j\log4j-to-slf4j\2.13.3\log4j-to-slf4j-2.13.3.jar;D:\maven\repository\org\apache\logging\log4j\log4j-api\2.13.3\log4j-api-2.13.3.jar;D:\maven\repository\org\slf4j\jul-to-slf4j\1.7.30\jul-to-slf4j-1.7.30.jar;D:\maven\repository\org\springframework\spring-core\5.3.4\spring-core-5.3.4.jar;D:\maven\repository\org\springframework\spring-jcl\5.3.4\spring-jcl-5.3.4.jar;D:\maven\repository\org\yaml\snakeyaml\1.27\snakeyaml-1.27.jar;D:\maven\repository\org\springframework\boot\spring-boot-starter-json\2.4.3\spring-boot-starter-json-2.4.3.jar;D:\maven\repository\com\fasterxml\jackson\core\jackson-databind\2.11.4\jackson-databind-2.11.4.jar;D:\maven\repository\com\fasterxml\jackson\core\jackson-annotations\2.11.4\jackson-annotations-2.11.4.jar;D:\maven\repository\com\fasterxml\jackson\core\jackson-core\2.11.4\jackson-core-2.11.4.jar;D:\maven\repository\com\fasterxml\jackson\datatype\jackson-datatype-jdk8\2.11.4\jackson-datatype-jdk8-2.11.4.jar;D:\maven\repository\com\fasterxml\jackson\datatype\jackson-datatype-jsr310\2.11.4\jackson-datatype-jsr310-2.11.4.jar;D:\maven\repository\com\fasterxml\jackson\module\jackson-module-parameter-names\2.11.4\jackson-module-parameter-names-2.11.4.jar;D:\maven\repository\org\springframework\spring-web\5.3.4\spring-web-5.3.4.jar;D:\maven\repository\org\springframework\spring-beans\5.3.4\spring-beans-5.3.4.jar;D:\maven\repository\org\springframework\spring-webmvc\5.3.4\spring-webmvc-5.3.4.jar;D:\maven\repository\org\springframework\spring-aop\5.3.4\spring-aop-5.3.4.jar;D:\maven\repository\org\springframework\spring-context\5.3.4\spring-context-5.3.4.jar;D:\maven\repository\org\springframework\spring-expression\5.3.4\spring-expression-5.3.4.jar;D:\maven\repository\jakarta\annotation\jakarta.annotation-api\1.3.5\jakarta.annotation-api-1.3.5.jar;D:\maven\repository\org\apache\httpcomponents\httpcore\4.4.10\httpcore-4.4.10.jar;D:\maven\repository\org\apache\httpcomponents\httpclient\4.5.6\httpclient-4.5.6.jar;D:\maven\repository\commons-codec\commons-codec\1.15\commons-codec-1.15.jar" com.example.demo.HttpsRequestTest
18:55:06.389 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
18:55:06.411 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
18:55:06.413 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://10.1.x.x:8443][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
18:55:06.429 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://10.1.x.x:8443][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
18:55:06.431 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://10.1.x.x:8443
18:55:06.434 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to /10.1.x.x:8443
18:55:06.434 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to /10.1.x.x:8443 with timeout 20000
18:55:06.491 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1.2]
18:55:06.491 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
18:55:06.491 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
18:55:06.598 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
18:55:06.598 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
18:55:06.598 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
18:55:06.598 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=test, OU=test, O=test, L=hz, ST=hz, C=cn
18:55:06.599 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [test-ssl, 10.1.x.x]
18:55:06.599 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=test, OU=test, O=test, L=hz, ST=hz, C=cn
18:55:06.605 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 10.26.54.125:55008<->10.1.x.x:8443
18:55:06.605 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 30000
18:55:06.606 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request GET /test/ssl_test/hello HTTP/1.1
18:55:06.606 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
18:55:06.607 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
18:55:06.609 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> GET /test/ssl_test/hello HTTP/1.1
18:55:06.609 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> charset: UTF-8
18:55:06.609 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 10.1.x.x:8443
18:55:06.610 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
18:55:06.610 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_101)
18:55:06.610 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "GET /test/ssl_test/hello HTTP/1.1[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "charset: UTF-8[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: 10.1.x.x:8443[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.6 (Java/1.8.0_101)[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
18:55:06.610 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 [\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Cache-Control: private[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Type: text/plain;charset=UTF-8[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 77[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Sun, 04 Feb 2024 10:55:07 GMT[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Keep-Alive: timeout=60[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Connection: keep-alive[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
18:55:06.619 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Hello, I am the server! Your client's SSL certificate has been authenticated!"
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Cache-Control: private
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Type: text/plain;charset=UTF-8
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 77
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Sun, 04 Feb 2024 10:55:07 GMT
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Keep-Alive: timeout=60
18:55:06.624 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Connection: keep-alive
18:55:06.632 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 60000 MILLISECONDS
18:55:06.640 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://10.1.x.x:8443][state: CN=test, OU=test, O=test, L=hz, ST=hz, C=cn] can be kept alive for 60.0 seconds
18:55:06.640 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
18:55:06.640 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://10.1.x.x:8443][state: CN=test, OU=test, O=test, L=hz, ST=hz, C=cn][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
18:55:06.641 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager is shutting down
18:55:06.641 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: Close connection
18:55:06.642 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection manager shut down
Hello, I am the server! Your client's SSL certificate has been authenticated!Process finished with exit code 0

? ? ? ? 其中,輸出內(nèi)容:“Hello, I am the server! Your client's SSL certificate has been authenticated!”,表示客戶端證書認(rèn)證已經(jīng)通過。需要注意的是,上面方法中,客戶端證書使用的是p12格式,服務(wù)端證書使用jks格式。

http://www.risenshineclean.com/news/61912.html

相關(guān)文章:

  • 怎么做國際購物網(wǎng)站搜索引擎調(diào)詞工具哪個好
  • 珠寶網(wǎng)站開發(fā)免費(fèi)的網(wǎng)站域名查詢app
  • 現(xiàn)在網(wǎng)站建設(shè)用什么軟件如何接廣告賺錢
  • 易語言用電腦做網(wǎng)站服務(wù)器百度關(guān)鍵詞自然排名優(yōu)化公司
  • 平頂山車禍最新新聞事件百度seo什么意思
  • linux下用python做網(wǎng)站百度推廣代理怎么加盟
  • 用網(wǎng)站做自我介紹自己四川seo排名
  • 做流媒體視頻播放網(wǎng)站求助市場營銷考試題目及答案2022
  • 廈門網(wǎng)站設(shè)計(jì)公司seo sem論壇
  • html怎么添加背景圖片四川整站優(yōu)化關(guān)鍵詞排名
  • 網(wǎng)站開發(fā)在哪里接活網(wǎng)站查詢工具
  • 做論壇網(wǎng)站需要什么備案廈門seo代運(yùn)營
  • 做一個營銷型網(wǎng)站手機(jī)網(wǎng)站建設(shè)公司
  • 吉林省建設(shè)局網(wǎng)站軟文推廣什么意思
  • 衡水哪有做網(wǎng)站的網(wǎng)上宣傳廣告怎么做
  • 南京自助建站網(wǎng)站社群營銷策略有哪些
  • 怎么做外貿(mào)推廣網(wǎng)站搜索關(guān)鍵詞優(yōu)化
  • 怎樣做能直接上傳微信的視頻網(wǎng)站莆田網(wǎng)站建設(shè)優(yōu)化
  • 做社交網(wǎng)站開發(fā)怎么建網(wǎng)站免費(fèi)的
  • 網(wǎng)站開發(fā)代做外貿(mào)網(wǎng)站制作推廣
  • 沒網(wǎng)站域名可以做備案嗎百度熱度
  • 塘沽網(wǎng)站建設(shè)網(wǎng)站建設(shè)方案內(nèi)容
  • 域名怎么解析到網(wǎng)站網(wǎng)絡(luò)營銷策略的制定
  • 新民正規(guī)網(wǎng)站建設(shè)價格咨詢高級seo是什么職位
  • 高端網(wǎng)站設(shè)計(jì)建站找個免費(fèi)網(wǎng)站這么難嗎
  • 青海省建設(shè)網(wǎng)站多少錢今日頭條(官方版本)
  • b2b電子商務(wù)平臺選擇有哪些seo網(wǎng)站平臺
  • 格爾木市住房和城鄉(xiāng)建設(shè)局網(wǎng)站做專業(yè)搜索引擎優(yōu)化
  • 網(wǎng)站外鏈帶nofollow是什么意思網(wǎng)站快速優(yōu)化排名官網(wǎng)
  • 網(wǎng)絡(luò)技術(shù)與網(wǎng)站建設(shè)seo網(wǎng)站優(yōu)化課程