Learn and share.
1、在一个高效的团队,
团队成员首先需要有良好的专业技能和高度的自觉性,缺一不可。
成员之间沟通是提高效率的关键,
高层领导的重要性,战略眼光及决策能力
中层领导的重要型,有较好的领袖才干,对技术的发展方向要有良好的把握,可以服众
产品经理的重要性,专业技能过硬,执行力要强,对项目工期把握要好,对下属能力要有良好了解,要有良好的沟通能力和抗压能力,知道自己的职责不推卸责任,知道自己的职权范围不轻易许诺。
2、为了激发员工的积极性,
需要建立一套行之有效的赏罚制度。要赏罚分明,罚要有理,赏要有力。
同时要有一套良好的晋升制度,让每个人知道自己努力的方向
最终建立的仍应该是金子塔型的
3、人才储备
人才储备十分重要,
挖人和防治被挖
4、保密制度
对核心人员,
对产品经理
对程序员
5、良好的招聘及培训机制
可用之人,骑马,牵牛,赶猪,打狗
1、导出
set PATH=D:\Oracle11g\product\11.2.0\dbhome_1\BIN;%PATH% expdp USERID/PWD schemas=XXX VERSION=10.2 DIRECTORY=data_pump_dir DUMPFILE=XXX.dmp LOGFILE=exp.log pause
2、导入
set PATH=D:\Oracle11g\product\11.2.0\dbhome_1\BIN;%PATH% impdp USERID/PWD schemas=XXX DIRECTORY=data_pump_dir DUMPFILE=XXX.dmp LOGFILE=imp.log pause
package com.neohope.utils;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
public class NDigest
{
/**
* Bytes to Hex String
*
* @param hexBytes
*
* @return hex string
*/
private static String bytesToHexString(byte[] hexBytes)
{
StringBuffer buf = new StringBuffer();
for (int i = 0; i < hexBytes.length; i++)
{
if ((hexBytes[i] & 0xff) < 0x10)
{
buf.append("0");
}
buf.append(Long.toString(hexBytes[i] & 0xff, 16));
}
return buf.toString();
}
/**
* calc MD5 for string
*
* @param textIn
*
* @return md5 digest string
* @throws NoSuchAlgorithmException
*/
public static String MD5Digest(String textIn)
throws NoSuchAlgorithmException
{
byte[] textData = textIn.getBytes();
MessageDigest md = null;
md = MessageDigest.getInstance("MD5");
md.reset();
md.update(textData);
byte[] encodedData = md.digest();
return bytesToHexString(encodedData);
}
/**
* calc SHA1 for string
*
* @param textIn
*
* @return sha1 digest string
* @throws NoSuchAlgorithmException
*/
public static String SHA1Digest(String textIn)
throws NoSuchAlgorithmException
{
byte[] textData = textIn.getBytes();
MessageDigest md = null;
md = MessageDigest.getInstance("SHA1");
md.reset();
md.update(textData);
byte[] encodedData = md.digest();
return bytesToHexString(encodedData);
}
/**
* Encode a string using Base64 encoding.
*
* @param textIn
* @return String
*/
public static String base64Encode(String textIn)
{
sun.misc.BASE64Encoder encoder = new sun.misc.BASE64Encoder();
return encoder.encodeBuffer(textIn.getBytes()).trim();
}
/**
* Decode a string using Base64 encoding.
*
* @param textIn
* @return String
* @throws IOException
*/
public static String decodeString(String textIn) throws IOException
{
sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
return new String(dec.decodeBuffer(textIn));
}
/**
* 使用 HMAC-SHA-1 签名方法对对textIn进行摘要
*
* @param textIn
* @param keyIn
* @return
* @throws Exception
*/
public static String HmacSHA1Digest(String textIn, String keyIn)
throws Exception
{
final String MAC_NAME = "HmacSHA1";
final String ENCODING = "UTF-8";
byte[] keyData = keyIn.getBytes(ENCODING);
SecretKey secretKey = new SecretKeySpec(keyData, MAC_NAME);
Mac mac = Mac.getInstance(MAC_NAME);
mac.init(secretKey);
byte[] textData = textIn.getBytes(ENCODING);
byte[] encodedData = mac.doFinal(textData);
return bytesToHexString(encodedData);
}
// 我就是那个测试函数。。。
public static void main(String args[]) throws Exception
{
String key = "Y9zTQxRvxwrHOi45OoKNnIoxboerNqt3";
String text = "Good good study, day day up.";
String hmacSHA1 = HmacSHA1Digest(text, key );
String base64 = base64Encode(hmacSHA1);
System.out.println(hmacSHA1 );
System.out.println(cbase64);
}
}
一、证书相关文件类型说明
KEY
通常用来存放私钥(或公钥),可能是PEM或DER格式。私钥可以对证书/程序进行签名,也可以用解密公钥加密郭的HTTP消息,是一定要妥善保管的,是不能交给别人的。比如下面是一个典型的私钥:
-----BEGIN RSA PRIVATE KEY----- MIICXgIBAAKBgQC0oavm8KvMLbXqIPheGjeKJ5yCQ2DUBFjmcDuQzpZgHO+NC50f 9sMFZo/MO2HCvejIWHCzbxzFeGgNN/1IEH2oSbJdeAlXTpwNqBqwQBDj/5neM98E a6dvi+FF3loGhhodb0FvSC+TLldfGJodm+kveu3kkp6txeYjaIpcKBr2bwIDAQAB AoGBAJYs//WeTMcRjfgc90GNfHWRX07x49QB1UOpNey7xUwdYpCagkTr7NJVpeI/ 0JSPPbUrym90RrBq3d93mE3M4BqeODGoh2vy1/sArlwFut9SrNA/i7e7wikCQsLa eQRaiNRbDlooxb6J0LLS6M0bb8p/YivFBYIN5G2hs7bgJwCpAkEA63clQ7IQfhGw YuHSaW29GR4YV4MsAcqTQBpjIpQxtrCKCWJElE5Si0wyb48buMZlrhNRpc5Dz+FW HitDUwu2fQJBAMRiVreK4GX48O/f4+dSW8q/lbXQQp4vLB6KxjL+lqEgvzOMhEzJ 6z8BP52J2C3AS/Qen9cH+y0iD5atEYNI+FsCQQDjIUXX2/6erQ95Ap3Fxu4+OVJ/ r+8WN0L89bck1tBxii9Mx/ahHD/xUGniRKgX/4B7fvUmPCYbcyBv74l8pPK9AkAw PDsyb8D4KvH66RIQQjFblj0OYC3Mrqd2hP1zjwauYt2zqqLgPYQzgHoAltfrPN0r A86cwVAXYNNVXgL8LRMbAkEAm5kTm8CsNF4fAcAFFLZMHbz3vkidsnCvHiqXd9vq GCrms/STzQq3LVQqHll1g2SJAYy80SXPSoZVbCxA9pBgzw== -----END RSA PRIVATE KEY-----
查看私钥信息:
openssl rsa -in test.key -text -noout openssl rsa -in test.key -text -noout -inform der
CSR
证书签名请求,即Certificate Signing Request,可能是PEM或DER格式,是向权威证书颁发机构获得签名证书的申请,是一个用私钥签名的,包括了公钥+证书申请者信息的文件。比如下面是一个典型的CSR文件:
-----BEGIN CERTIFICATE REQUEST----- MIIBrzCCARgCAQAwbzELMAkGA1UEBhMCQ04xETAPBgNVBAgMCFNoYW5nSGFpMREw DwYDVQQHDAhTaGFuZ0hhaTEQMA4GA1UECgwHTkVPSE9QRTEUMBIGA1UECwwLRGV2 ZWxvcG1lbnQxEjAQBgNVBAMMCU5NeUNBMTAyNDCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEAtKGr5vCrzC216iD4Xho3iiecgkNg1ARY5nA7kM6WYBzvjQudH/bD BWaPzDthwr3oyFhws28cxXhoDTf9SBB9qEmyXXgJV06cDagasEAQ4/+Z3jPfBGun b4vhRd5aBoYaHW9Bb0gvky5XXxiaHZvpL3rt5JKercXmI2iKXCga9m8CAwEAAaAA MA0GCSqGSIb3DQEBBQUAA4GBAA5BUPQcmpUVliu1DHqflVTXR7zOfhtd6UX1uU90 TEGAYlzaggU+dZRtXC86ha+MoiCX2598w4OaM/7vErSOUbwU3Nou9/ooyh+eLt8U ozwHAC6Xpw2phm9d/RkbTpGXCoCRFykV7K8OfS2BYgdQstOJWRti08VD/03NjESd wMIf -----END CERTIFICATE REQUEST-----
查看CSR信息:
openssl req -noout -text -in test.csr openssl req -noout -text -in test.csr -inform der
PEM
PEM证书,即Privacy Enhanced Mail,多用于linux服务器,是Base64编码的文本文件,可以用文本编辑器打开直接查看。PEM证书是互联网中最常使用的证书格式,可用于保存服务器证书、中级证书、私钥等。一个PEM文件中可以保持多个证书及私钥(但一般大家会把证书及私钥放到不同的PEM文件中)。PEM文件的常用后缀有:.pem、.crt、.cer、.key等。 。比如下面是一个典型的PEM文件:
-----BEGIN CERTIFICATE----- MIICrDCCAhWgAwIBAgIJAMUPP9qD0sTlMA0GCSqGSIb3DQEBBQUAMG8xCzAJBgNV BAYTAkNOMREwDwYDVQQIDAhTaGFuZ0hhaTERMA8GA1UEBwwIU2hhbmdIYWkxEDAO BgNVBAoMB05FT0hPUEUxFDASBgNVBAsMC0RldmVsb3BtZW50MRIwEAYDVQQDDAlO TXlDQTEwMjQwHhcNMTYwMzI1MTM0MDI3WhcNMTkwMzI1MTM0MDI3WjBvMQswCQYD VQQGEwJDTjERMA8GA1UECAwIU2hhbmdIYWkxETAPBgNVBAcMCFNoYW5nSGFpMRAw DgYDVQQKDAdORU9IT1BFMRQwEgYDVQQLDAtEZXZlbG9wbWVudDESMBAGA1UEAwwJ Tk15Q0ExMDI0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0oavm8KvMLbXq IPheGjeKJ5yCQ2DUBFjmcDuQzpZgHO+NC50f9sMFZo/MO2HCvejIWHCzbxzFeGgN N/1IEH2oSbJdeAlXTpwNqBqwQBDj/5neM98Ea6dvi+FF3loGhhodb0FvSC+TLldf GJodm+kveu3kkp6txeYjaIpcKBr2bwIDAQABo1AwTjAdBgNVHQ4EFgQUMeG4c9MI Dl8jMTZ3w/V4fAYdNMgwHwYDVR0jBBgwFoAUMeG4c9MIDl8jMTZ3w/V4fAYdNMgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCG6ROpwc+j9GoMk02YnRwb VlgYkMjtH2vIb/+zDYmgjOQL0uYJ2xt7LHf2zrRP053rgIJskznNn6CLrM85Dwb0 DqkgwccHYd2439hTZhdZ5BMe7FxUCfeZvKgJ7VjOf1aaBrdUfy5RgikfO6CX6v1L eaV1orOAEma0muLIyE9igQ== -----END CERTIFICATE-----
查看PEM信息:
openssl x509 -in test.pem -text -noout
DER
DER证书,即Distinguished Encoding Rules,多用于Windows服务器及Java平台,为二进制格式,不可以用文本编辑器打开直接查看。DER文件的常用后缀有:.der、.cer等。 所以当您拿到一个证书文件时,可以用文本工具打开看一下,如果可读,一般是PEM格式,如果是二进制文件,一般是DER格式。
查看DER信息:
openssl x509 -in test.der -inform der -text -noout
PKCS#7/P7B
PKCS#7/P7B证书是是Base64编码的文本文件, 证书以”—–BEGIN PKCS7—–“开始,以”—–END PKCS7—–“结束。PKCS#7/P7B证书的常用后缀名有.p7b、.p7c。 PKCS#7/P7B文件中只有证书及证书链,不会包含私钥。Windows及Tomcat都支持这种证书。
openssl pkcs7 -in test.p7b -noout
PKCS#12/P12/PFX
PKCS#12/P12/PFX证书是经过加密的二进制格式,可用于保存服务器证书、中级证书、私钥等。PKCS#12/P12/PFX证书的常用后缀名有 .pfx、.p12。PKCS#12/P12/PFX证书通常用于Windows平台上的证书及私钥的导入及导出。导入及导出时,需要输入PKCS#12/P12/PFX文件的秘密。
openssl pkcs12 -in test.p12 -noout
JKS
JKS,即Java Key Storage,是JAVA程序最常用的证书存储方式。JKS按使用方式,一般会人为的区分为CASTORE,KEYSTORE和TRUSTSTORE,其中CASTORE是JDK/JRE环境自带的,用于存储JAVA信任的CA证书,通常是%JAVA_HOME%/lib/security/cacerts这个文件,相当于一个专门用于存储CA证书的全局TRUSTSTORE;KEYSTORE用于存储私钥,在通讯过程中进行解密,或则用于进行签名;TRUSTSTORE存放的是可以信任的证书,如果是自签名证书的话,建议CASTORE中也事先导入会好一些,会避免很多问题。
查看JKS文件:
keytool -list -v -keystore test.jks -storepass password
总结
其实,咱们总结一下:
1、KEY一般为私钥
2、CSR只是获取证书时用一下
3、常用的证书格式只有PEM和DER两种,区别为是否加密
4、P7B、P12、JKS,只是存放证书的小数据库而已
但有件事情,让这个问题变的复杂了一些,那就是后缀名并不能让你直接区分格式,比如CRT、CER这样的后缀名,只告诉你这是一个证书,但没有告诉你是什么格式。所以要么自己用文本工具及openssl查看一下,判断一下格式咯。
二、常用证书格式转换
#PEM to DER openssl x509 -outform der -in certificate.pem -out certificate.der #PEM to P7B openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b -certfile CACert.cer #PEM to PFX/P12 openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.crt -certfile CACert.crt #DER to PEM openssl x509 -inform der -in certificate.cer -out certificate.pem #P7B to PEM openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer #P7B to PFX/P12 openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out certificate.p12 -certfile CACert.cer #PFX/P12 to PEM openssl pkcs12 -in certificate.p12 -out certificate.cer -nodes #JKS to P12 keytool -importkeystore -srckeystore keystore.jks -srcstoretype JKS -deststoretype PKCS12 -destkeystore keystore.p12 #P12 to JKS keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore keystore.jks
6、Heap sort 堆排序
# Heap sort 堆排序
# 使用堆进行排序,每次重建堆后,将堆顶元素放到堆数组最后,
# 堆数组长度减一
# Time Complexity: О(nlogn) average and worst-case
# Space Complexity: О(n) total, O(1) auxiliary
# Stable: Yes
def heapsort(container)
return container if container.size <= 1
buildheap(container)
size = container.size
while size > 0
container[0], container[size-1] = container[size-1], container[0]
size = size - 1
heapify(container, 0, size)
end
return container
end
private
# 重建堆
# 某节点及其所有子节点,符合最大堆的特性
def heapify(container, idx, size)
left_idx = 2 * idx + 1
right_idx = 2 * idx + 2
bigger_idx = idx
bigger_idx = left_idx if left_idx < size && container[left_idx] > container[idx]
bigger_idx = right_idx if right_idx < size && container[right_idx] > container[bigger_idx]
if bigger_idx != idx
container[idx], container[bigger_idx] = container[bigger_idx], container[idx]
heapify(container, bigger_idx, size)
end
return container
end
# 初始化最大堆,堆顶元素为container[0]
# 元素i的左节点为2*i+1,元素i的右节点为2*i+2
def buildheap(container)
last_parent_idx = container.length / 2 - 1
i = last_parent_idx
while i >= 0
heapify(container, i, container.size)
i = i - 1
end
end
7、Quicksort 快速排序
# Quicksort 快速排序
# 用分治法进行排序,充分利用了每次比较的结果,
# 每次排序都将排序对象分成了两组,分别进行排序
# Time Complexity: О(n log n) average, O(n^2) worst-case
# Space Complexity: О(n) auxiliary
# Stable: No
def quicksort(container)
return container if container.size<2
i=0
j=container.size-1
key=container[i]
while(i<j) do
while(i<j and container[j]>key) do
j=j-1
end
if(i<j)
container[i]=container[j]
i=i+1
end
while(i<j and container[i]<key) do
i=i+1
end
if(i<j)
container[j]=container[i]
j=j-1
end
end
container[i]=key
f= 0<=i ? quicksort(container[0,i+1]): nil
t= i<=container.size-1 ? quicksort(container[i+1,container.size-1]): nil
return t if(f==nil)
return f if(t==nil)
return f+t
end
8、Counting Sort 计数排序
# Counting Sort 计数排序
# 计算最小值和最大值,利用标志位来标记元素出现次数
# Time Complexity: О(n+k) for best, average and worst-case
# Space Complexity: О(n+k) auxiliary
# Stable: Yes
def countingsort(container)
min = container.min
max = container.max
counts = Array.new(max-min+1, 0)
container.each do |n|
counts[n-min] += 1
end
j=0
for i in 0..counts.size-1 do
if(counts[i]!=0)
while(counts[i]>0) do
container[j] = min+i
counts[i]-=1
j+=1
end
end
i+=1
end
return container
end
9、Radix Sort 基数排序
# Radix Sort 基数排序
# 从个位数进行进行排序,一直到最高位
# Time Complexity: О(k*n) for worst-case
# Space Complexity: О(k+n) for worst-case
# Stable: Yes
def radixsort(container)
max = container.max
d = Math.log10(max).floor + 1
(1..d).each do |i|
radix = []
(0..9).each do |j|
radix[j] = []
end
container.each do |n|
kth = calckth(n, i)
radix[kth] << n
end
container = radix.flatten
end
return container
end
private
def calckth(n, i)
while(i > 1)
n = n / 10
i = i - 1
end
n % 10
end
10、Bucket sort 桶排序
# Bucket sort 桶排序
# 将数组分到有限数量的桶里,每个桶再进行排序
# Time Complexity: О(n) for best, О(n+k) for average, O(n^2) for worst-case
# Space Complexity: О(n*k) for worst-case
# Stable: Yes
def bucketsort(container)
bucket = []
(0..9).each do |j|
bucket[j] = []
end
container.each do |n|
k = getfirstnumber(n)
bucket[k] << n
end
(0..9).each do |j|
bucket[j] = quicksortB(bucket[j])
end
bucket.flatten
end
private
#假设都是两位正整数
def getfirstnumber(n)
m = n/10
m=0 if m<0
m=9 if m>9
return m
end
def quicksortB(container)
(x=container.pop) ? quicksortB(container.select{|i| i <= x}) + [x] + quicksortB(container.select{|i| i > x}) : []
end
1、Bubble sort 冒泡排序
# Bubble sort 冒泡排序
# 每次扫描,比较和交换相邻元素,保证一次扫描后,最大元素在最后一个
# 每次扫描后,扫描队列长度减一
# Time Complexity: О(n^2)
# Space Complexity: О(n) total, O(1) auxiliary
# Stable: Yes
def bubble_sort(container)
swap=true
while(swap)
swap=false
for i in 0..(container.size-1) do
for j in 0..i do
if(container[i]<container[j])
r=container[j]
container[j]=container[i]
container[i]=r
swap=true
end
end
end
end
return container
end
2、Selection sort 选择排序
# Selection sort 选择排序
# 从头扫描到尾,每次将最小元素放到第一个
# 每次扫描后,队列长度减一
# Time Complexity: О(n^2)
# Space Complexity: О(n) total, O(1) auxiliary
# Stable: Yes
def selection_sort(container)
for i in 0..container.size-1 do
min = i
for j in i..container.size-1 do
if(container[min]>container[j])
min=j
end
end
r=container[i]
container[i]=container[min]
container[min]=r
end
return container
end
3、Insertion sort 插入排序
# Insertion sort 插入排序
# 起始队列长度为1,每次向队列增加1个数字
# 通过元素移动,将队列调整为有序状态
# Time Complexity: О(n^2)
# Space Complexity: О(n) total, O(1) auxiliary
# Stable: Yes
def insertion_sort(container)
if container.size <2
return container
end
for i in 1..container.size-1 do
val = container[i]
j=i-1
while(j>=0 and container[j]>val) do
container[j+1]=container[j]
j=j-1
end
container[j+1] = val
end
return container
end
4、Shell Sort 希尔排序
# Shell Sort 希尔排序
# 指定一个步长,将需要排序的数字,按序号%步长分组
# 对每组进行插入排序,然后减小步长,再次分组,排序
# 直到步长为1结束
# Time Complexity: О(n^2)
# Space Complexity: О(n) total, O(1) auxiliary
# Stable: Yes
def shell_sort(container)
step = container.size/2
while step>0 do
for i in step..container.size-1 do
val= container[i]
j=i-step
while(j>=0 and container[j]>val) do
container[j+step] = container[j]
j=j-step
end
container[j+step]=val
end
#puts(">>")
#puts(container)
step = step/2
end
return container
end
5、Merge sort 归并排序
# Merge sort 归并排序
# 二路归并首先将归并长度定为2,在归并集内进行排序
# 然后归并长度×2,将有序集合进行归并
# Time Complexity: О(nlogn) average and worst-case
# Space Complexity: О(n) auxiliary
# Stable: Yes
def mergesort(container)
return container if container.size <= 1
mid = container.size / 2
left = container[0...mid]
right = container[mid...container.size]
merge(mergesort(left), mergesort(right))
end
private
def merge(left, right)
sorted = []
until left.empty? or right.empty?
left.first <= right.first ? sorted << left.shift : sorted << right.shift
end
sorted + left + right
end
1、Soap Https Soap Client
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Net;
using System.Security.Cryptography.X509Certificates;
using System.Net.Security;
namespace IISSoapClientTest
{
class Program
{
public static void HelloHttp(string url)
{
Hello h = new Hello(url);
string ans = h.HelloWorld("C# http client");
Console.WriteLine(ans);
Console.WriteLine();
}
//同样的证书,IIS可以过,Tomcat过不去
public static void HelloHttps(string url,String certPath)
{
X509CertificateCollection certs = new X509CertificateCollection();
X509Certificate cert = X509Certificate.CreateFromCertFile(certPath);
Hello h = new Hello(url);
h.ClientCertificates.Add(cert);
string ans = h.HelloWorld("C# https client");
Console.WriteLine(ans);
Console.WriteLine();
}
//绕过证书检查
public static void HelloHttpsWithRemoteCertificateValidationCallback(string url)
{
//ServicePointManager.ServerCertificateValidationCallback = delegate { return true; };
ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertificateValidationCallback);
Hello h = new Hello(url);
string ans = h.HelloWorld("C# https client");
Console.WriteLine(ans);
Console.WriteLine();
}
private static bool RemoteCertificateValidationCallback(object sender, X509Certificate certificate,
X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
return true;
}
static void Main(string[] args)
{
//HelloHttp("http://127.0.0.1:80/Hello.asmx");
//HelloHttps("https://127.0.0.1:443/Hello.asmx");
//HelloHttpsWithRemoteCertificateValidationCallback("https://127.0.0.1:443/Hello.asmx");
//HelloHttp("http://127.0.0.1:8080/SoapTest/services/HelloService");
HelloHttps("https://127.0.0.1:8443/SoapTest/services/HelloService", @"D:\DiskE\Projects\VS2010\TestProjects\SSLSocket\myKeyStore.cer");
//HelloHttpsWithRemoteCertificateValidationCallback("https://127.0.0.1:8443/SoapTest/services/HelloService");
}
}
}
1、%Tomcat%/server/server.xml
找到下面一段:
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
替换为:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" disableUploadTimeout="true" enableLookups="false" keystoreFile="D:/JavaContainer/apache-tomcat-6.0.35-x86/myKeyStore.jks" keystorePass="sslTestPwd" />
这样,就可以用https://127.0.0.1:8443访问Tomcat了。
2、在需要使用https项目的axis2.xml文件中,增加下面内容
<!--修改-->
<transportReceiver name="http"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8080</parameter>
</transportReceiver>
<!--新增-->
<transportReceiver name="https"
class="org.apache.axis2.transport.http.AxisServletListener">
<parameter name="port">8443</parameter>
</transportReceiver>
这样,该WebService就可以使用https进行访问了:)
1、首先准备一个p12格式的服务端证书
无论是购买,还是用openssl或java keytool生成自签名证书都可以
2、在IIS7的根目录,选中“安全性->根目录证书”,选择“导入”即可
3、如果显示证书链有问题,则在IE中导入CA证书就好了
4、在需要HTTPS的网站上,选择“绑定”,绑定类型为https,选择需要的证书
5、在客户端的IE中,导入CA证书就好了
1、SoapClient
package com.neohope;
import java.net.URL;
import java.rmi.RemoteException;
public class SoapClientTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws RemoteException
{
URL jksurl = SoapClientTest.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = jksurl.getFile();
System.setProperty("javax.net.ssl.trustStore", jks);
System.setProperty("javax.net.ssl.trustStorePassword", trustStorePwd);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void main(String[] args) throws RemoteException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}
2、SoapClientWithContextTest
package com.neohope;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
public class SoapClientWithContextTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
URL jksurl = SoapClientTest.class.getClassLoader().getResource(
"myTrustStore.jks");
String jks = jksurl.getFile();
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream(jks), trustStorePwd.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509");
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLSv1");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], trustManagerFactory.getTrustManagers(), null);
SSLContext.setDefault(sslContext);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}
3、SoapClientWithTrustManagerTest
可以绕过证书检查
package com.neohope;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.rmi.RemoteException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SoapClientWithTrustManagerTest {
public static void HelloHttp(String url) throws RemoteException
{
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java http client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
public static void HelloHttps(String url,String trustStorePath,String trustStorePwd) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
SSLContext sslContext = SSLContext.getInstance("TLSv1");
//SSLContext sslContext = SSLContext.getInstance("SSLv3");
sslContext.init(new KeyManager[0], new TrustManager[] { new DefaultTrustManager() }, new SecureRandom());
SSLContext.setDefault(sslContext);
HelloStub h = new HelloStub(url);
com.neohope.HelloStub.HelloWorld hello = new com.neohope.HelloStub.HelloWorld();
hello.setName("Java https client");
com.neohope.HelloStub.HelloWorldResponse rsp = h.helloWorld(hello);
System.out.println(rsp.getHelloWorldResult());
}
private static class DefaultTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
public static void main(String[] args) throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
//HelloHttp("http://localhost:80/Hello.asmx");
HelloHttps("https://localhost:443/Hello.asmx","myTrustStore.jks","sslTestPwd");
}
}