Мне нужно подключиться к службе, которая запрашивает SSLMA (SSL Mutual Authentication с использованием Apache Httpclient 4.5 и BouncyCastle. Отсутствует часть, как реализовать часть sslma. Похоже, мне нужно расширить org.bouncycastle.tls.extends reblecttlsclient и передать токен sslma_azdxxxxx. Идея, пожалуйста, дайте мне знать!
thx! < /p>
// 1. Load Key Store (Client Certificate)
String keyStorePassword = "123456";
KeyStore keyStore = createInMemoryJKS(new File(MAINFOLDER, "mysite.be.pem"), keyStorePassword);
// 2. Load Trust Store (Server Certificate - Optional, but Highly Recommended)
KeyStore trustStore = createInMemoryJKS(new File(MAINFOLDER, "services.pem"), keyStorePassword);
// 3. Create SSL Context
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
// Client certificate (required for SSLMA)
// Mutual authentication (SSLMA/client certificate authentication) is activated
// by the presence of the client certificate in the SSLContext.
// It's not a separate "switch" that you turn on or off. Here's how it works:
sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword.toCharArray());
// Server certificate (optional, but HIGHLY recommended for security)
// Load if you have the server's cert or the CA cert that signed it.
// Trust strategy to accept server certificates
TrustStrategy trustStrategy = (cert, authType) -> true;
sslContextBuilder.loadTrustMaterial(trustStore, trustStrategy);
// When the HttpClient attempts to connect to the server, the SSL/TLS handshake begins.
// Because the SSLContext was configured with a client certificate, the client
// (your code) will automatically present this certificate to the server during the handshake.
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContextBuilder.build());
Подробнее здесь: https://stackoverflow.com/questions/794 ... uncycastle
