Java实现HTTPS双向认证的终极指南：从原理到实战

背景说明

在与某个外部系统进行API对接，比如银行支付网关或第三方服务，这些系统通常要求双向SSL认证来确保通信双方的身份
；前端端交互的时候或者进行HTTPS协议传输的时候，其实已经帮我实现了，就不需要通过代码层进行解决了，但是目前就有这个需求，在于第三方系统接口交互的时候需要进行双向认证，那么在实战之前，大家肯定需要对双向认证原理进行个熟悉的认知

HTTPS双向认证实践：Spring Boot RestTemplate的正确配置之道

@Data
@Configuration
@ConfigurationProperties("pki")
public class PkiConfig {

    private String brand;

    private Map<String,String> urlMap;

    private String alg;

    private String sha;

    private String certificateAddr;

    private String certificatePwd="";


    private String platformID;

    private String iWallAK;

    private String iWallSK;

    private String v23Uri;

    private String iWallUri;

    private String iWallKeyID;

    private String signAlg;

    private Integer iWallMode;

    private Integer mode;

}

@Configuration
@Slf4j
public class RestTemplateConfig {
    @Autowired
    private PkiConfig pkiConfig;

    @Bean
    public RestTemplate restTemplate() throws Exception {
        log.info("pkiConfig:{}",pkiConfig);
// PFX 文件路径
        String pfxPath = "src/main/resources/test-Lion.OTA.pfx";
        // PFX 文件密码
        String pfxPassword = pkiConfig.getCertificatePwd();

        Resource resource = new ClassPathResource("test-Lion.OTA.pfx");


        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(resource.getInputStream(), pfxPassword.toCharArray());

        // 创建一个信任所有证书的 TrustStrategy
        TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

        SSLContext sslContext = SSLContextBuilder.create()
                .loadKeyMaterial(keyStore, pfxPassword.toCharArray())
                .loadTrustMaterial(null, acceptingTrustStrategy)
                .build();

        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);

        CloseableHttpClient httpClient = HttpClients.custom(