質問編集履歴
1
修正
title
CHANGED
@@ -1,1 +1,1 @@
|
|
1
|
-
java tls1.3の
|
1
|
+
java tls1.3のRESTクライアントの実装
|
body
CHANGED
@@ -3,4 +3,101 @@
|
|
3
3
|
|
4
4
|
#やりたいこと
|
5
5
|
あるサーバでTLS1.3のREST APIを作成されています。
|
6
|
-
そのAPI
|
6
|
+
そのAPIをリクエストするクライアントをどのように作成したらよいでしょうか?
|
7
|
+
|
8
|
+
#ソース
|
9
|
+
String response = null;
|
10
|
+
InputStream inputStream = null;
|
11
|
+
OutputStream outputStream = null;
|
12
|
+
HttpURLConnection conn = null;
|
13
|
+
|
14
|
+
try {
|
15
|
+
URL url = new URL(urlStr);
|
16
|
+
|
17
|
+
// iaik.protocol.https.HttpsURLConnectionの場合は、ポート番号を指定する必要がある
|
18
|
+
if (url.getPort() == -1) {
|
19
|
+
String newUrlStr = StringUtils.replace(urlStr, url.getHost(), url.getHost() + ":19443");
|
20
|
+
url = new URL(newUrlStr);
|
21
|
+
}
|
22
|
+
conn = new HttpsURLConnection(url);
|
23
|
+
|
24
|
+
// SSLClientContextの設定
|
25
|
+
SSLClientContext sslContext = (SSLClientContext) ((HttpsURLConnection) conn).getSSLContext();
|
26
|
+
sslContext.setChainVerifier(new NonCheckChainVerifier()); // OpenTrustはチェック不要
|
27
|
+
sslContext.setSessionManager(new NonCacheSessionManager());
|
28
|
+
sslContext.setAllowLegacyRenegotiation(false);
|
29
|
+
|
30
|
+
※↓SSLClientContext.VERSION_TLS13の定数がない
|
31
|
+
sslContext.setAllowedProtocolVersions(SSLClientContext.VERSION_TLS10, SSLClientContext.VERSION_TLS12);
|
32
|
+
※↑SSLClientContext.VERSION_TLS13の定数がない
|
33
|
+
|
34
|
+
sslContext.setEnabledCipherSuiteList(SSLClientContextUtils.getDefaultCipherSuiteList());
|
35
|
+
// SNI設定
|
36
|
+
ServerNameList serverNameList = new ServerNameList(new ServerName[] {
|
37
|
+
new ServerName(APIサーバ)
|
38
|
+
});
|
39
|
+
serverNameList.setCritical(false);
|
40
|
+
ExtensionList extensions = new ExtensionList();
|
41
|
+
extensions.addExtension(serverNameList);
|
42
|
+
extensions.addExtension(new SupportedEllipticCurves());
|
43
|
+
extensions.addExtension(new SupportedPointFormats());
|
44
|
+
sslContext.setExtensions(extensions);
|
45
|
+
|
46
|
+
// タイムアウト設定:iSaSiLkはシステムプロパティ経由でしか設定できない
|
47
|
+
//String connTimeoutStr = String.valueOf(AppConfig.getConfig().getInt(CONNECT_TIMEOUT_KEY));
|
48
|
+
//String timeoutStr = String.valueOf(AppConfig.getConfig().getInt(READ_TIMEOUT_KEY));
|
49
|
+
//System.setProperty(HttpManager.CONN_TIMEOUT_P, connTimeoutStr);
|
50
|
+
//System.setProperty(HttpManager.TIMEOUT_P, timeoutStr);
|
51
|
+
|
52
|
+
// タイムアウト設定
|
53
|
+
conn.setConnectTimeout(AppConfig.getConfig().getInt(CONNECT_TIMEOUT_KEY));
|
54
|
+
conn.setReadTimeout(AppConfig.getConfig().getInt(READ_TIMEOUT_KEY));
|
55
|
+
|
56
|
+
// クライアント証明書の設定
|
57
|
+
CertificateFactory fac = CertificateFactory.getInstance("X509");
|
58
|
+
FileInputStream is = new FileInputStream(cerファイルのパス);
|
59
|
+
X509Certificate cert[] = new X509Certificate[1];
|
60
|
+
cert[0] = ((X509Certificate) fac.generateCertificate(is));
|
61
|
+
is.close();
|
62
|
+
|
63
|
+
InputStream keyInput = FileUtils.openInputStream(new File(p12ファイルのパス));
|
64
|
+
PKCS12 p12 = new PKCS12(keyInput);
|
65
|
+
p12.decrypt(パスワード);
|
66
|
+
KeyBag[] keybags = p12.getKeyBags();
|
67
|
+
PrivateKey key = (PrivateKey) keybags[0].getPrivateKey();
|
68
|
+
keyInput.close();
|
69
|
+
|
70
|
+
sslContext.clearPSKCredentials();
|
71
|
+
sslContext.clearClientCredentials();
|
72
|
+
sslContext.addClientCredentials(new KeyAndCert(cert, key));
|
73
|
+
|
74
|
+
// ヘッダ指定
|
75
|
+
conn.setRequestMethod("POST");
|
76
|
+
conn.setRequestProperty("Content-Type", "application/json;charset=utf-8");
|
77
|
+
conn.setRequestProperty("Content-Length", "98");
|
78
|
+
conn.setDoOutput(true);
|
79
|
+
conn.setDoInput(true);
|
80
|
+
outputStream = conn.getOutputStream();
|
81
|
+
|
82
|
+
// リクエストボディー書き込み
|
83
|
+
IOUtils.write(input, outputStream, AppConfig.getAppEncoding());
|
84
|
+
outputStream.flush();
|
85
|
+
IOUtils.closeQuietly(outputStream);
|
86
|
+
|
87
|
+
// レスポンスを文字列に変換する
|
88
|
+
inputStream = conn.getInputStream();
|
89
|
+
response = IOUtils.toString(inputStream, AppConfig.getAppEncoding());
|
90
|
+
}
|
91
|
+
catch (Throwable e) {
|
92
|
+
// 失敗したのでnullを返す
|
93
|
+
return null;
|
94
|
+
}
|
95
|
+
finally {
|
96
|
+
IOUtils.closeQuietly(outputStream);
|
97
|
+
IOUtils.closeQuietly(inputStream);
|
98
|
+
if (conn != null) {
|
99
|
+
conn.disconnect();
|
100
|
+
}
|
101
|
+
}
|
102
|
+
|
103
|
+
return response;
|