我一直在試圖讓我的球衣客戶端使用我的Jersey/Grizzly Rest api做一個ssl客戶端驗證。其他客戶端與此服務器握手成功,但我在使用Jersey客戶端的Java客戶端時遇到問題。當我運行下面的代碼時,密鑰庫已成功加載,並且在調用SslConfigurator的createSSLContext()時,ssl調試輸出顯示正確訪問此密鑰庫並找到我的私鑰。jersey-client 2.22.2 - 如何正確設置SslConfigurator上的SunPKCS11密鑰庫?
但是,當使用客戶端的WebTarget時,ssl調試輸出顯示使用默認密鑰庫JKS發生握手。爲什麼ClientBuilder不使用SSLContext中的這個密鑰庫?
File tmpConfigFile = File.createTempFile("pkcs11-", "conf");
tmpConfigFile.deleteOnExit();
PrintWriter configWriter = new PrintWriter(new FileOutputStream(tmpConfigFile), true);
configWriter.println("name=ActiveClient");
configWriter.println("library=\"C:\\\\Program Files\\\\ActivIdentity\\\\ActivClient\\\\acpkcs211.dll\"");
configWriter.println("slotListIndex=0");
SunPKCS11 provider = new SunPKCS11(tmpConfigFile.getAbsolutePath());
Security.addProvider(provider);
// KeyStore keyStore = KeyStore.getInstance("PKCS11", provider);
KeyStore keyStore = KeyStore.getInstance("PKCS11");
keyStore.load(null, null);
ClientConfig config = new ClientConfig();
SslConfigurator sslConfig = SslConfigurator.newInstance()
.keyStore(keyStore)
.keyStorePassword("mypin")
.keyStoreType("PKCS11")
.trustStoreFile(TRUSTORE_CLIENT_FILE)
.trustStorePassword(TRUSTSTORE_CLIENT_PWD)
.securityProtocol("TLS");
final SSLContext sslContext = sslConfig.createSSLContext();
Client client = ClientBuilder
.newBuilder().hostnameVerifier(new MyHostnNameVerifier())
.sslContext(sslContext)
.build();
WebTarget target = client.target("https://localhost:8443/appname/resources/employees?qparam=something");
Response res = target.request().accept(MediaType.APPLICATION_JSON).get();