SSLSocketFactory有多个构造函数。该示例使用的构造函数仅采用一个自定义的trustStore。您需要使用采用自定义keyStore(包含客户端证书)的构造函数之一。
如果目标服务器使用的是自签名证书,则仅需要自定义trustStore。
此示例使用自定义trustStore和keyStore初始化SSLContext:
public static void main(String[] args) throws Exception { DefaultHttpClient httpClient = new DefaultHttpClient(); try { SSLContext ctx = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = getTrustManagers("jks", new FileInputStream(new File("cacerts")), "changeit"); KeyManager[] keyManagers = getKeyManagers("pkcs12", new FileInputStream(new File("clientCert.pfx")), "password"); ctx.init(keyManagers, trustManagers, new SecureRandom()); SSLSocketFactory factory = new SSLSocketFactory(ctx, new StrictHostnameVerifier()); ClientConnectionManager manager = httpClient.getConnectionManager(); manager.getSchemeRegistry().register(new Scheme("https", 443, factory)); //as before }}protected static KeyManager[] getKeyManagers(String keyStoreType, InputStream keyStoreFile, String keyStorePassword) throws Exception { KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(keyStoreFile, keyStorePassword.toCharArray()); KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); kmf.init(keyStore, keyStorePassword.toCharArray()); return kmf.getKeyManagers();}protected static TrustManager[] getTrustManagers(String trustStoreType, InputStream trustStoreFile, String trustStorePassword) throws Exception { KeyStore trustStore = KeyStore.getInstance(trustStoreType); trustStore.load(trustStoreFile, trustStorePassword.toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(trustStore); return tmf.getTrustManagers();}
