在一个应用中，如何针对不同的外部客户系统，使用不同的数字证书？

问题：

在项目中要向不同的外部应用通过https连接访问webservice，
但是Java中用System.setProperty("javax.net.ssl.keyStore",...), 多个证书无法同时设置，会有冲突，请问这个该怎么处理

解决：

使用 KeyStoreManager 和 TrustManager 就可以了

实际上就是通过 KeyStoreManager, TrustManager 创建 SSLContext 对象，再通过 SSLContext 对象创建 SSLSocketFactory 对象，并将 SSLSocketFactory 对象赋给 HttpsURLConnection 对象。
KeyStoreManager 管理着双向认证中的客户端证书库
TrustManager 管理着双向认证中服务端证书信任库，相当于浏览器中我知道该证书非 CA 签发，但我需要继续操作。 

import java.io.ByteArrayOutputStream;import java.io.InputStream;import java.net.URL;import javax.net.ssl.HttpsURLConnection;import javax.net.ssl.SSLSocketFactory;public class Test {    public static void main(String[] args) throws Exception {        // System.setProperty("javax.net.debug", "all");        URL url = new URL("https://www.xxxx.com");        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();        connection.setSSLSocketFactory(getSSLSocketFactory());        InputStream in = connection.getInputStream();        byte[] bys = new byte[8192];        ByteArrayOutputStream baos = new ByteArrayOutputStream();        for (int p = 0; (p = in.read(bys)) != -1;) {            baos.write(bys, 0, p);        }        String str = new String(baos.toByteArray());        System.out.println(str);    }    private static SSLSocketFactory getSSLSocketFactory() {        MyKeyManager keyManager = new MyKeyManager(KeyStoreType.PKCS12, "d:/key.p12", "123456".toCharArray());        MyTrustManager trustManager = new MyTrustManager("d:/trust.keystore", "123456".toCharArray());        MySSLContext context = new MySSLContext("TLS", keyManager, trustManager);        return context.getSSLContext().getSocketFactory();    }}

import javax.net.ssl.KeyManager;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;public class MySSLContext {    private String protocol;    private MyKeyManager keyManager;    private MyTrustManager trustManager;    public MySSLContext(String protocol, MyKeyManager keyManager, MyTrustManager trustManager) {        this.protocol = protocol;        this.keyManager = keyManager;        this.trustManager = trustManager;    }    public MySSLContext(String protocol, MyTrustManager trustManager) {        this(protocol, null, trustManager);    }    public MySSLContext(String protocol, MyKeyManager keyManager) {        this(protocol, keyManager, null);    }    public SSLContext getSSLContext() {        try {            SSLContext context = SSLContext.getInstance(protocol);            context.init(getKeyManagers(), getTrustManagers(), null);            return context;        } catch (Exception e) {            throw new IllegalStateException("error, protocol: " + protocol, e);        }    }    private KeyManager[] getKeyManagers() {        if (keyManager == null) {            return null;        }        return keyManager.getKeyManagers();    }    private TrustManager[] getTrustManagers() {        if (trustManager == null) {            return null;        }        return trustManager.getTrustManagers();    }}

import java.security.KeyStore;import javax.net.ssl.KeyManager;import javax.net.ssl.KeyManagerFactory;public class MyKeyManager {    private KeyStore ks;    private char[] password;    public MyKeyManager(String keyStore, char[] password) {        this(KeyStoreType.JKS, keyStore, password);    }    public MyKeyManager(KeyStoreType type, String keyStore, char[] password) {        this.password = password;        this.ks = MyKeyStoreUtil.loadKeyStore(type, keyStore, password);    }    public KeyManager[] getKeyManagers() {        try {            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");            kmf.init(ks, password);            return kmf.getKeyManagers();        } catch (Exception e) {            throw new KeyStoreRuntimeException("cannot get KeyManagers", e);        }    }}

import java.security.KeyStore;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net.ssl.TrustManager;import javax.net.ssl.TrustManagerFactory;import javax.net.ssl.X509TrustManager;public class MyTrustManager {    private KeyStore ks;    public MyTrustManager(String keyStore, char[] password) {        this(KeyStoreType.JKS, keyStore, password);    }    public MyTrustManager(KeyStoreType type, String keyStore, char[] password) {        this.ks = MyKeyStoreUtil.loadKeyStore(type, keyStore, password);    }    public TrustManager[] getTrustManagers() {        return new TrustManager[]{ new ClientTrustManager() };    }    private class ClientTrustManager implements X509TrustManager {        private X509TrustManager sunJSSEX509TrustManager;        public ClientTrustManager() {            loadTrust();        }        private void loadTrust() {            try {                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());                tmf.init(ks);                TrustManager tms[] = tmf.getTrustManagers();                for (int i = 0; i < tms.length; i++) {                    if (tms[i] instanceof X509TrustManager) {                        sunJSSEX509TrustManager = (X509TrustManager) tms[i];                        return;                    }                }            } catch (Exception e) {                throw new KeyStoreRuntimeException(e);            }        }        @Override        public void checkClientTrusted(X509Certificate[] chain, String authType)                throws CertificateException {            sunJSSEX509TrustManager.checkClientTrusted(chain, authType);        }        @Override        public void checkServerTrusted(X509Certificate[] chain, String authType)                throws CertificateException {            sunJSSEX509TrustManager.checkServerTrusted(chain, authType);        }        @Override        public X509Certificate[] getAcceptedIssuers() {            return sunJSSEX509TrustManager.getAcceptedIssuers();        }    }}

import java.io.FileInputStream;import java.io.InputStream;import java.security.KeyStore;import java.security.KeyStoreException;public class MyKeyStoreUtil {    private MyKeyStoreUtil() {    }    public static KeyStore loadKeyStore(KeyStoreType type, String keyStore, char[] password) {        if (type == null) {            type = KeyStoreType.JKS;        }        InputStream in = null;        try {            try {                KeyStore ks = type.getKeyStore();                in = new FileInputStream(keyStore);                ks.load(in, password);                return ks;            } finally {                if (in != null) {                    in.close();                }            }        } catch (Exception e) {            throw new KeyStoreRuntimeException("type: " + type +                    ", keyStore: " + keyStore, e);        }    }    public static enum KeyStoreType {        JKS {            @Override            public KeyStore getKeyStore() throws KeyStoreException {                return getKeyStore("JKS");            }        },        PKCS12 {            @Override            public KeyStore getKeyStore() throws KeyStoreException {                return getKeyStore("PKCS12");            }        };        public abstract KeyStore getKeyStore() throws KeyStoreException ;        private static KeyStore getKeyStore(String type) throws KeyStoreException {            return KeyStore.getInstance(type);        }    }    public static class KeyStoreRuntimeException extends RuntimeException {        private static final long serialVersionUID = 1L;        public KeyStoreRuntimeException(String message, Throwable cause) {            super(message, cause);        }        public KeyStoreRuntimeException(Throwable cause) {            super(cause);        }    }}