CXF客戶端調用https Webservice

1.生成服務器端所需證書文件

#設置變量
set OPENSSL_CONF=openssl.cfg
# 生成一個RSA密鑰 
openssl genrsa -des3 -out server.key 1024
# 生成一個證書請求
openssl req -new -key server.key -out server.csr
# 拷貝一個不須要輸入密碼的密鑰文件
openssl rsa -in server.key -out server_nopwd.key
# 本身簽發證書
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt

2.生成cxf調用https webservice 所用的證書文件

#從key和crt生成pkcs12格式的keystore
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name tomcat -CAfile server.crt -caname root -chain
#生成須要的keystore
keytool -importkeystore -v -srckeystore mycert.p12 -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore tomcat.keystore -deststoretype jks -deststorepass 123456

3.客戶端代碼

package cn.net.sunge.gdms.util;

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Map;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;

public class WsClientUtil {

	public static <T> T getInterface(Class<T> clazz, String address) {
		return getInterface(clazz, address, null);
	}

	@SuppressWarnings("unchecked")
	public static <T> T getInterface(Class<T> clazz, String address, Map<String, Object> properties) {
		JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
		factory.setAddress(address);
		factory.setServiceClass(clazz);
		if (null != properties) {
			factory.setProperties(properties);
		}
		return (T) factory.create();
	}

	public static <T> T getHttpsInterface(Class<T> clazz, String address, String jksPath, String jksPwd) {
		return getHttpsInterface(clazz, address, jksPath, jksPwd, null);
	}

	@SuppressWarnings("unchecked")
	public static <T> T getHttpsInterface(Class<T> clazz, String address, String jksPath, String jksPwd, Map<String, Object> properties) {
		JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
		factory.setAddress(address);
		factory.setServiceClass(clazz);
		if (null != properties) {
			factory.setProperties(properties);
		}
		T t = (T) factory.create();
		configureSSLOnTheClient(t, jksPath, jksPwd);
		return t;
	}

	private static void configureSSLOnTheClient(Object obj, String jksPath, String jksPwd) {
		File file = new File(jksPath);

		Client client = ClientProxy.getClient(obj);
		HTTPConduit httpConduit = (HTTPConduit) client.getConduit();

		try {
			TLSClientParameters tlsParams = new TLSClientParameters();
			tlsParams.setDisableCNCheck(true);

			KeyStore keyStore = KeyStore.getInstance("JKS");
			String password = jksPwd;
			String storePassword = jksPwd;

			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			trustFactory.init(keyStore);
			TrustManager[] trustManagers = trustFactory.getTrustManagers();
			tlsParams.setTrustManagers(trustManagers);

			keyStore.load(new FileInputStream(file), storePassword.toCharArray());
			KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
			keyFactory.init(keyStore, password.toCharArray());
			KeyManager[] keyManagers = keyFactory.getKeyManagers();
			tlsParams.setKeyManagers(keyManagers);

			// FiltersType filtersTypes = new FiltersType();
			// filtersTypes.getInclude().add(".*_EXPORT_.*");
			// filtersTypes.getInclude().add(".*_EXPORT1024_.*");
			// filtersTypes.getInclude().add(".*_WITH_DES_.*");
			// filtersTypes.getInclude().add(".*_WITH_NULL_.*");
			// filtersTypes.getExclude().add(".*_DH_anon_.*");
			// tlsParams.setCipherSuitesFilter(filtersTypes);

			tlsParams.setDisableCNCheck(true);

			httpConduit.setTlsClientParameters(tlsParams);
		} catch (Exception e) {
			e.printStackTrace();
		}
	}
}

參考資料：

http://bbs.csdn.net/topics/350150090
http://www.educity.cn/wenda/130283.html
http://blog.csdn.net/kongxx/article/details/7534035
http://bbs.csdn.net/topics/350150090
http://aruld.info/programming-ssl-for-jetty-based-cxf-services/
http://blog.csdn.net/zhangliang605/article/details/24101051
http://zhidao.baidu.com/link?url=YCxDHHSJWpuin3OdnmN9QUj7lauIEAHi2RE6BT0cwk22G3eqbX30Dr-OXcJt0hYCHZcp27e3iAx0xIG8IyInOqzq2YUCDbON78D3rOJ1y_7