如何使用 ApacheConnector 在 Jersey 2 中选择密码套件？

Question

我使用 Jersey 2 作为客户端来使用 TLS 访问 Web 服务。我想选择 TLS 使用的密码，但我不知道如何。我的代码：

ClientConfig clientConfig = new ClientConfig(); 
clientConfig.connectorProvider(new ApacheConnectorProvider()); 
SslConfigurator sslConfig = SslConfigurator.newInstance()
    .trustStoreFile("truststore.jks")
    .trustStorePassword("asdfgh")
    .keyStoreFile("keystore.jks")
    .keyPassword("asdfgh")
    .securityProtocol("TLS"); // there is no method to select cipher suites for SslConfigurator
clientConfig.property(ApacheClientProperties.SSL_CONFIG, sslContext);

Client client = ClientBuilder.newBuilder()
    .withConfig(clientConfig)
    .build();

Answer 1

我找到了解决办法：

HttpClientConnectionManager connectionManager = createConnectionManager(clientConfig, sslContext, getHostnameVerifier(), true);
clientConfig.property(ApacheClientProperties.CONNECTION_MANAGER, connectionManager);

我从 ApacheConnector 中大致复制了以下方法来创建 ConnectionManager：

private HttpClientConnectionManager createConnectionManager(
        final Configuration config,
        SSLContext sslContext,
        X509HostnameVerifier hostnameVerifier,
        boolean useSystemProperties) {

    final String[] supportedProtocols = useSystemProperties ? StringUtils.split(
            System.getProperty("https.protocols")) : null;
    final String[] supportedCipherSuites = useSystemProperties ? StringUtils.split(
            System.getProperty("https.cipherSuites")) : null;

    if (hostnameVerifier == null) {
        hostnameVerifier = SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER;
    }

    LayeredConnectionSocketFactory sslSocketFactory;
    if (sslContext != null) {
        sslSocketFactory = new SSLConnectionSocketFactory(
                sslContext, supportedProtocols, supportedCipherSuites, hostnameVerifier);
    } else {
        if (useSystemProperties) {
            sslSocketFactory = new SSLConnectionSocketFactory(
                    (SSLSocketFactory) SSLSocketFactory.getDefault(),
                    supportedProtocols, supportedCipherSuites, hostnameVerifier);
        } else {
            sslSocketFactory = new SSLConnectionSocketFactory(
                    SSLContexts.createDefault(),
                    hostnameVerifier);
        }
    }

    final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
         .register("http", PlainConnectionSocketFactory.getSocketFactory())
         .register("https", sslSocketFactory)
         .build();

    final PoolingHttpClientConnectionManager connectionManager =
            new PoolingHttpClientConnectionManager(registry);

    if (useSystemProperties) {
        String s = System.getProperty("http.keepAlive", "true");
        if ("true".equalsIgnoreCase(s)) {
            s = System.getProperty("http.maxConnections", "5");
            final int max = Integer.parseInt(s);
            connectionManager.setDefaultMaxPerRoute(max);
            connectionManager.setMaxTotal(2 * max);
        }
    }

    return connectionManager;
}