java 根据keystore和truststore创建SSLContext

package com.lz.util;

import com.lz.client.model.MyClientConfig;

import javax.net.ssl.*;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;

public class SSLContextUtil {

    private static SSLContext configureSsl(String keystorePath,
                                           String keystorePass,
                                           String truststorePath,
                                           String truststorePass) throws Exception {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustManagers = null;
        if (truststorePath == null || truststorePass == null) {
            trustManagers = new TrustManager[] {new X509TrustManager() {
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                public void checkClientTrusted(X509Certificate[] certs, String authType) {
                }

                public void checkServerTrusted(X509Certificate[] certs, String authType) {
                }
            }};
        } else {
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            File ts = new File(truststorePath);
            System.out.println("Reading trust store at " + ts.getAbsolutePath());

            FileInputStream fin = new FileInputStream(ts);
            ks.load(fin, truststorePass.toCharArray());
            fin.close();
            TrustManagerFactory kmf = TrustManagerFactory.getInstance(
                    TrustManagerFactory.getDefaultAlgorithm());

            kmf.init(ks);
            trustManagers = kmf.getTrustManagers();
            for (TrustManager trustManager : trustManagers) {
                System.out.println("CONFIGURED TRUST MANAGER:" + trustManager);
            }
        }
        KeyManager[] keyManagers = null;
        if (keystorePath != null && keystorePass != null) {
            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
            File keys = new File(keystorePath);
            System.out.println("Reading key store at " + keys.getAbsolutePath());
            FileInputStream fin = new FileInputStream(keys);
            ks.load(fin, keystorePass.toCharArray());
            fin.close();
            KeyManagerFactory kmf = KeyManagerFactory.getInstance(
                    KeyManagerFactory.getDefaultAlgorithm());

            kmf.init(ks, keystorePass.toCharArray());
            keyManagers = kmf.getKeyManagers();
            for (KeyManager keyManager : keyManagers) {
                System.out.println("CONFIGURED KEY MANAGER:" + keyManager);
            }
        }
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(keyManagers, trustManagers, new java.security.SecureRandom());
        return sc;
    }

    public static SSLContext createSslContext(MyClientConfig config) throws Exception {

        return configureSsl(config.getKeystorePath(), config.getKeystorePass(),
                config.getTruststorePath(), config.getTruststorePass());

    }
}

 

你可能感兴趣的:(java 根据keystore和truststore创建SSLContext)