HttpClient 使用證書和跳過證書

原創 qq5dc264c690eab 2020-02-20 14:22

引用
compile 'org.apache.httpcomponents:httpclient:4.5.10'
使用證書

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Arrays;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

public class ClientSSLPost {

    public static void main(String[] args) {
        CloseableHttpClient httpclient = null;
        try {
            HttpPost httpPost = new HttpPost("https://127.0.0.1:8080/hello?orderid=111");
            InputStream ca = new FileInputStream(new File("E:/temp/key/client.cer"));// 客戶端證書
            // 證書的別名,即:key。 注:cAalias只需要保證唯一即可,不過推薦使用生成keystore時使用的別名。
            String cAalias = System.currentTimeMillis()+""+new SecureRandom().nextInt(1000);

            KeyStore keyStore = ClientSSLTest.getKeyStore(ca, cAalias);
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1|| !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:"+ Arrays.toString(trustManagers));
            }
            X509TrustManager x509TrustManager = (X509TrustManager) trustManagers[0];
            // 這裏傳TLS或SSL其實都可以的
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new TrustManager[] { x509TrustManager },new SecureRandom());
            //有時因爲證書的域名和實現不一樣會報錯,解決方法 new SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE);
            SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext);

            httpclient = HttpClientBuilder.create().setSSLSocketFactory(sslSocketFactory).build();
            ResponseHandler<String> responseHandler = new ResponseHandler<String>() {
                public String handleResponse(final HttpResponse response)throws ClientProtocolException, IOException {
                    int status = response.getStatusLine().getStatusCode();
                    if (status >=200  && status < 300) {
                        HttpEntity entity = response.getEntity();
                        return entity != null ? EntityUtils.toString(entity): null;
                    } else {
                        throw new ClientProtocolException("Unexpected response status: " + status);
                    }
                }
            };
            String responseBody = httpclient.execute(httpPost, responseHandler);
            System.out.println(responseBody);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

跳過證書

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.ResponseHandler;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.util.EntityUtils;

public class ClientNoSSLPostTest {

    public static void main(String[] args) {
        HttpPost httpPost = new HttpPost("https://127.0.0.1:8080/hello?orderid=111");
        // 請求頭
        httpPost.addHeader("Accept", "application/json");
        httpPost.addHeader("Connection", "keep-alive");
        httpPost.addHeader("Content-Type", "application/json");

        RequestConfig config = RequestConfig.custom().setConnectTimeout(100).setSocketTimeout(80).build();

        // 這部分代碼是重點
        SSLContext sslContext = getSSLContext();
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder
                .<ConnectionSocketFactory> create()
                .register("http", PlainConnectionSocketFactory.INSTANCE)
                .register("https", new SSLConnectionSocketFactory(sslContext))
                .build();
        PoolingHttpClientConnectionManager mananger = new PoolingHttpClientConnectionManager(
                socketFactoryRegistry);
        mananger.setMaxTotal(100);
        mananger.setDefaultMaxPerRoute(20);

        CloseableHttpClient client = HttpClients.custom()
                .setDefaultRequestConfig(config).setConnectionManager(mananger).build();

        try {
            ResponseHandler<String> responseHandler = new ResponseHandler<String>() {
                public String handleResponse(final HttpResponse response)
                        throws ClientProtocolException, IOException {
                    int status = response.getStatusLine().getStatusCode();
                    if (status >= 200 && status < 300) {
                        HttpEntity entity = response.getEntity();
                        return entity != null ? EntityUtils.toString(entity): null;
                    } else {
                        HttpEntity entity = response.getEntity();
                        System.out.println(EntityUtils.toString(entity));
                        throw new ClientProtocolException("Unexpected response status: " + status);
                    }
                }
            };
            String responseBody = client.execute(httpPost, responseHandler);
            System.out.println(responseBody);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private static SSLContext getSSLContext() {
        try {
            // 這裏可以填兩種值 TLS和LLS , 具體差別可以自行搜索
            SSLContext sc = SSLContext.getInstance("TLS");
            // 構建新對象
            X509TrustManager manager = new X509TrustManager() {
                @Override
                public void checkClientTrusted(
                        X509Certificate[] x509Certificates, String s)throws CertificateException {
                }
                @Override
                public void checkServerTrusted(
                        X509Certificate[] x509Certificates, String s)throws CertificateException {
                }
                // 這裏返回Null
                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            sc.init(null, new TrustManager[] { manager }, null);
            return sc;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

爲什麼要⽤ Foundry

Foundry  爲什麼要⽤ Foundry  快 - 加速開發  Solidity - 減少上下⽂切換  功能豐富  ⾜夠輕量  Foundry 的組件  forge  cast  anvil  安裝  https://getfoundr

西紅柿愛喫馬鈴薯 2024-04-26 14:31:45

【筆記】動手學深度學習-預備知識

預備知識 2.1 數據操作 import torch x = torch.arange(12) print(x.shape) print(torch.Size(x)) print(x.numel()) X = x.reshape(

everfight 2024-04-26 14:29:04

https://stackoverflow.com/questions/419163/what-does-if-name-main-do

https://stackoverflow.com/questions/419163/what-does-if-name-main-do

everfight 2024-04-26 14:29:04

py發送帶附件email

import smtplib from email.mime.multipart import MIMEMultipart from email.mime.text import MIMEText from email.mime.base

hiningrise 2024-04-26 14:25:24

docker nginx-proxy 添加自定義https網站

nginx-proxy配置 nginx-proxy: image: jwilder/nginx-proxy container_name: nginx-proxy restart: always por

hiningrise 2024-04-26 14:25:24

Avalonia UI 中 Styles 與 ControlTheme 的區別

目錄 目錄 介紹 使用方式 全局主題 (Global Theme) 局部主題 (Local Theme) 控件主題 (ControlTheme) 問題描述 問題分析 問題1 區別 問題2 重寫Template用 Styles

JinsYang 2024-04-26 14:25:24

py發送email

import smtplib from email.mime.text import MIMEText # SMTP服務器設置 smtp_server = 'smtp.qq.com' smtp_port = 587 secure_con

hiningrise 2024-04-26 14:25:24

Kubernetes (k8s) 基礎入門

下面的內容是基於你已經瞭解了 Docker 容器的前提下的,如果還不瞭解什麼是容器,可以先看看之前的文章 https://www.ryanzoe.top/category/docker/ k8s 是什麼 Kubernetes 也稱爲 K8

Ryan_zheng 2024-04-26 14:25:14

PostMan接口測試實用小點

PostMan接口測試實用小點 1. 接口測試變量存取操作 在Postman中有很多地方可以存儲一些變量,這裏只介紹經常使用的環境變量.變量設置後,在UI界面可以通過{{變量名}}獲取到對應值. 在環境變量中配置變量url = https:

herbert 2024-04-26 14:25:14

使用 k8s 快速部署應用服務

以下是一個完整的例子,展示瞭如何使用Kubernetes部署一個簡單的Web應用程序。這個例子包括一個Deployment和一個Service。 首先,創建一個名爲webapp-deployment.yaml的Deployment配置文件:

Ryan_zheng 2024-04-26 14:25:14

windows 新建一個一個後臺服務

Winsw是一個開源工具,用於將命令行應用程序包裝成Windows服務 1. https://github.com/winsw/winsw/releases/tag/v2.12.0  下載  2. 下載完把兩個文件改名字: myservi

東城以東 2024-04-26 14:23:43

嘗試使用kimi解析體能表格

因爲涉及到體能訓練成績,所以接觸到了很多表格,觸發了對錶格數據的思考:圖表也是重要的數據來源,應該如何來進行處理?圖表的數據不僅關係它本身,而且也和表格形式相關,此外還和背景材料相關。首先從一個比較乾淨的表格開始,它本身是可以編輯的pdf.

jsxyhelu 2024-04-26 14:23:33

Springboot版本升級

簡介 此次升級是爲了解決舊版本的各種漏洞問題。 開發軟件:IDEA2019 項目環境:java 8,springboot2.0.5 目標版本:java 8,springboot2.5.5 本文檔前後變化對比,舊代碼使用、// 等表示。 依賴

心存善念 2024-04-26 14:22:43

條款47:請使用 traits classes 表現類型信息

    *_*

htj10 2024-04-26 14:22:03

條款48:認識 template 元編程

    **

htj10 2024-04-26 14:22:03