package org.jiahao.weixin.util;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
/**
* 自定义信任管理器类
* @author Alvin
* 自定义信任管理器类的所有方法都是空的实现,表示信任任何服务器端、客户端的证书。
*/
public class MyX509TrustManager implements X509TrustManager {
// 检查客户端证书
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
// 检查服务器端证书
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
}
// 返回受信任的X509证书数组
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
一般这种方法是存在危险的,因为它能对任何https网站的证书信任,通常情况下,会在checkClientTrusted和checkServerTrusted两个方法下进行逻辑验证的处理。
/**
* 处理https GET/POST请求
*
* @param requestUrl
* 请求的地址
* @param requestMethod
* 请求的方法(GET/POST)
* @param inputString
* 请求体
* @return
*/
public static String httpsRequest(String requestUrl, String requestMethod,
String outputStr) {
StringBuffer buffer = null;
try {
// 创建SSLContext
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
TrustManager[] tm = { new MyX509TrustManager() };
// 初始化
sslContext.init(null, tm, new java.security.SecureRandom());
// 获取SSLSocketFacroty对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
URL url = new URL(requestUrl);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
conn.setRequestMethod(requestMethod);
// 设置当前实例使用的SSLSocketFactory对象
conn.setSSLSocketFactory(ssf);
conn.connect();
// 往服务器端写内容
if (null != outputStr) {
OutputStream os = conn.getOutputStream();
os.write(outputStr.getBytes("utf-8"));
}
// 读取服务器返回的内容
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is, "utf-8");
BufferedReader br = new BufferedReader(isr);
buffer = new StringBuffer();
String line = null;
while ((line = br.readLine()) != null) {
buffer.append(line);
}
// System.out.println(buffer.toString());
} catch (Exception e) {
e.printStackTrace();
}
return buffer.toString();
}