HttpClient 4.3 - https 免SSL认证

最新推荐文章于 2023-12-28 16:23:04 发布
最新推荐文章于 2023-12-28 16:23:04 发布
阅读量5.8k 收藏 2
点赞数
分类专栏: Java https ssl HttpClient 文章标签: ssl java https 免ssl认证
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/CL_YD/article/details/81005000
版权
Java 同时被 3 个专栏收录
70 篇文章 1 订阅
订阅专栏
HttpClient
2 篇文章 0 订阅
订阅专栏
https
1 篇文章 0 订阅
订阅专栏

HttpClient 4.3 - https 免SSL认证

问题出现

一般来说https开头的网站都有ssl认证,打开12306甚至都会弹出证书过期的信息,如果直接用HttpClient访问有ssl认证的网站,会报错,这时候就要为这些网站的证书默认添加信任不做鉴定。

使用DefaultHttpClient

package com.enmo.dbaas.utils;

import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;

/**
 * Create by IntelliJ IDEA
 *
 * @Author chenlei
 * @DateTime 2018/7/11 17:00
 * @Description DigestHttpClientUtil
 */
public class DigestHttpClientUtil {

    public static void main(String[] args) throws InterruptedException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {

        HttpClient defaultHttpClient = defaultHttpClient();
        HttpClient digestHttpClient = sslFreeDefaultHttpClient();

        HttpGet httpGet = new HttpGet("https://www.12306.cn");

        try {
            System.out.println("=============ssl auth=====================");
            System.out.println(EntityUtils.toString(defaultHttpClient.execute(httpGet).getEntity()));
            System.out.println();
        } catch (Exception e) {
            e.printStackTrace();
        }

        Thread.sleep(1000);

        try {
            System.out.println("=============ssl free=====================");
            System.out.println(EntityUtils.toString(digestHttpClient.execute(httpGet).getEntity(),"UTF-8"));
            System.out.println();
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

    public static HttpClient sslFreeDefaultHttpClient() throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
        SSLSocketFactory sf = new SSLSocketFactory(
                acceptingTrustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("https", 8443, sf));
        ClientConnectionManager ccm = new PoolingClientConnectionManager(registry);

        return new DefaultHttpClient(ccm);
    }

    public static HttpClient defaultHttpClient(){
        return new DefaultHttpClient();
    }

}

output:

=============ssl auth=====================
javax.net.ssl.SSLException: Certificate for <www.12306.cn> doesn't match any of the subject alternative names: [webssl.chinanetcenter.com, i.l.inmobicdn.net, *.fn-mart.com, www.1zhe.com, *.pinganfang.com, *.anhouse.com, dl.jphbpk.gxpan.cn, dl.givingtales.gxpan.cn, dl.toyblast.gxpan.cn, dl.sds.gxpan.cn, download.ctrip.com, mh.tiancity.com, app.4399.cn, i.4399.cn, m.4399.cn, a.4399.cn, cdn.hxjyios.iwan4399.com, ios.hxjy.iwan4399.com, gjzx.gjzq.com.cn, f.3000test.com, tj.img4399.com, *.zhe800.com, *.qiyipic.com, *.vxinyou.com, *.gdjh.vxinyou.com, *.3000.com, pay.game2.cn, static1.j.cn, static2.j.cn, static3.j.cn, static4.j.cn, video1.j.cn, video2.j.cn, video3.j.cn, online.j.cn, playback.live.j.cn, audio1.guang.j.cn, audio2.guang.j.cn, audio3.guang.j.cn, img1.guang.j.cn, img2.guang.j.cn, img3.guang.j.cn, img4.guang.j.cn, img5.guang.j.cn, img6.guang.j.cn, *.4399youpai.com, w.tancdn.com, *.3000api.com, static11.j.cn, *.kuyinyun.com, *.kuyin123.com, *.diyring.cc, 3000test.com, *.3000test.com, www.3387.com, bbs.4399.cn, *.cankaoxiaoxi.com, *.service.kugou.com, test.macauslot.com, testm.macauslot.com, testtran.macauslot.com, xiuxiu.huodong.meitu.com, *.meitu.com, *.meitudata.com, *.wheetalk.com, *.shanliaoapp.com, xiuxiu.web.meitu.com, api.account.meitu.com, open.web.meitu.com, id.api.meitu.com, api.makeup.meitu.com, im.live.meipai.com, *.meipai.com, m.macauslot.com, www.macauslot.com, web.macauslot.com, translation.macauslot.com, img1.homekoocdn.com, cdn.homekoocdn.com, cdn1.homekoocdn.com, cdn2.homekoocdn.com, cdn3.homekoocdn.com, cdn4.homekoocdn.com, img.homekoocdn.com, img2.homekoocdn.com, img3.homekoocdn.com, img4.homekoocdn.com, *.macauslot.com, *.samsungapps.com, auto.tancdn.com, *.winbo.top, static.bst.meitu.com, api.xiuxiu.meitu.com, api.photo.meituyun.com, h5.selfiecity.meitu.com, api.selfiecity.meitu.com, h5.beautymaster.meiyan.com, api.beautymaster.meiyan.com, www.yawenb.com, m.yawenb.com, www.biqugg.com, www.dawenxue.net, cpg.meitubase.com, www.qushuba.com, www.ranwena.com, www.u8xsw.com, *.4399sy.com, ms.awqsaged.cn, fanxing2.kugou.com, fanxing.kugou.com, sso.56.com, upload.qf.56.com, sso.qianfan.tv, cdn.danmu.56.com, www-ppd.hermes.cn, www-uat.hermes.cn, www-ts2.hermes.cn, www-tst.hermes.cn, *.syyx.com, img.wgeqr.cn, img.wgewa.cn, img.09mk.cn, img.85nh.cn, *.zhuoquapp.com, img.dtmpekda8.cn, img.etmpekda6.cn, *.5054399.com, *.aiwan4399.com, user.beevideo.bestv.com.cn, *.3839.com]
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:165)
    at org.apache.http.conn.ssl.BrowserCompatHostnameVerifier.verify(BrowserCompatHostnameVerifier.java:61)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:141)
    at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:114)
    at org.apache.http.conn.ssl.SSLSocketFactory.verifyHostname(SSLSocketFactory.java:580)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:554)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
    at com.enmo.dbaas.utils.DigestHttpClientUtil.main(DigestHttpClientUtil.java:67)
=============ssl free=====================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
中国铁路客户服务中心
</title>
...
...

HttpClient 4.3实现

package com.enmo.dbaas.utils;

import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.util.EntityUtils;

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;

/**
 * Create by IntelliJ IDEA
 *
 * @Author chenlei
 * @DateTime 2018/7/11 17:00
 * @Description DigestHttpClientUtil
 */
public class DigestHttpClientUtil {

    private static PoolingHttpClientConnectionManager connectionManager;
    static {
        SSLConnectionSocketFactory sslsf = null;
        SSLContextBuilder builder = null;
        try {
            builder = new SSLContextBuilder();
            //全部信任 不做身份鉴定
            builder.loadTrustMaterial(null, (TrustStrategy) (x509Certificates, s) -> true);
            sslsf = new SSLConnectionSocketFactory(builder.build(), new String[]{"SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.2"}, null, NoopHostnameVerifier.INSTANCE);

            Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create()
                    .register("https", sslsf)
                    .register("http", new PlainConnectionSocketFactory())
                    .build();

            connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public static void main(String[] args) throws InterruptedException, UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {

        HttpClient defaultHttpClient = httpClient();
        HttpClient digestHttpClient = sslFreeHttpClient();

        HttpGet httpGet = new HttpGet("https://www.12306.cn");

        try {
            System.out.println("=============ssl auth=====================");
            System.out.println(EntityUtils.toString(defaultHttpClient.execute(httpGet).getEntity()));
            System.out.println();
        } catch (Exception e) {
            e.printStackTrace();
        }

        Thread.sleep(1000);

        try {
            System.out.println("=============ssl free=====================");
            System.out.println(EntityUtils.toString(digestHttpClient.execute(httpGet).getEntity(),"UTF-8"));
            System.out.println();
        } catch (Exception e) {
            e.printStackTrace();
        }

    }

    public static HttpClient sslFreeHttpClient(){
        return HttpClients.custom().setConnectionManager(connectionManager).build();
    }

    public static HttpClient httpClient(){
        return HttpClients.custom().build();
    }

}

output:

=============ssl auth=====================
javax.net.ssl.SSLPeerUnverifiedException: Host name 'www.12306.cn' does not match the certificate subject provided by the peer (CN=webssl.chinanetcenter.com, OU=IT, O=Wangsu Science & Technology Co. Ltd, L=Shang Hai Shi, C=CN)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:465)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:395)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
    at com.enmo.dbaas.utils.DigestHttpClientUtil.main(DigestHttpClientUtil.java:69)
=============ssl free=====================
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
中国铁路客户服务中心
</title>
...
...

Spring RestTemplate实现

public RestTemplate restTemplate() throws ClientProtocolException, IOException {
    CloseableHttpClient httpClient
      = HttpClients.custom()
        .setSSLHostnameVerifier(new NoopHostnameVerifier())
        .build();
    HttpComponentsClientHttpRequestFactory requestFactory 
      = new HttpComponentsClientHttpRequestFactory();
    requestFactory.setHttpClient(httpClient);

    return new RestTemplate(requestFactory);
}
CL有毒
关注
专栏目录
通过HttpClient调用接口时忽略SSL证书验证
aicaiwei3的专栏
07-07 3454
在项目过程中需要调用其他接口
使用HttpClient4.3.1模拟Http请求与无信任证书访问Https
wydhao123的专栏
10-02 3084
package com.paic.pmit.core.util; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.uti
httpClient实例httpClient调用 http/https实例 忽略SSL验证
03-30
以上自己测试是可行的,直接拿过去导入即可,直接用main
HttpClient 4.3 忽略SSL检查,防止出现 Robot Check
yong472727322的博客
10-25 744
public class HttpUtils { private static CloseableHttpClient ignoreSSLClient; /** * 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法 * @return */ private static SSLContext createIgnoreVerifySSL() { X509T...
Apache HttpClient 4.3-忽略证书问题
Coding Notes
12-05 792
在浏览器访问某些网站时提示证书有问题,则用Apache HttpClient 4.3访问时会出现SSL错误,无法访问网站。 解决方法如下,允许信任自签证书,即信任所有证书。   SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, new TrustSelfSig...
http工具类:调用http接口时绕过SSL证书验证
最新发布
weixin_52116015的博客
12-28 881
http工具类:调用http接口时绕过SSL证书验证
httpClient4.3
08-24
8. **SSL 支持**:HttpClient 4.3HTTPS 协议有良好的支持,可以配置 SSL 上下文,处理证书和密钥。 9. **Cookie 管理**:提供了 CookieStore 和 CookiePolicy 接口,方便处理服务器发送的 Cookie。 10. **异步...
httpclient4.3 封装工具类
09-16
3. **SSL问题**:在处理HTTPS请求时,HttpClient需要处理SSL证书和信任管理。封装工具类可能包含了SSLContext的配置,以处理自签名证书或者不信任的证书问题。此外,还可以配置SSL连接工厂,确保与各种SSL服务器的...
HttpClient4.3教程共51页.pdf.zip
10-30
6. **认证与安全**:HttpClient支持多种认证机制,如Basic Auth、Digest Auth等,并且可以配置SSL/TLS上下文,处理HTTPS请求。 7. **Cookie管理**:HttpClient提供了CookieSpec和CookieStore接口,用于处理服务器...
httpclient4.3 和 httpcore4.4
12-28
此外,它还加强了对身份验证和安全性的支持,包括支持多种认证机制和SSL/TLS的配置,确保了数据传输的安全性。 HttpCore 4.4作为HttpClient的基础,主要关注底层的网络通信和协议处理。这一版本的更新主要体现在...
httpclient-4.3.jar
04-22
1. 安全性增强:HttpClient 4.3支持SSL/TLS安全连接,可以配置SSL证书和信任管理器,提供更高级别的数据传输保护。 2. 自定义请求头:用户可以自定义HTTP请求头,实现更灵活的请求定制。 3. 支持Cookie策略:...
使用httpClient访问https远程服务器调用远程接口并且传递参数以及忽略SSL证书的问题
weixin_43691942的博客
04-16 2068
使用httpClient访问https远程服务器调用远程接口并且传递参数以及忽略SSL证书的问题 首先写一个httpClient主要调用远程API和参数传递 import com.hxsj.inspection.common.util.SSLClient; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse;...
Apache HttpClient4.3.x忽略证书验证
Francis Note
08-20 2699
今天需要忽略证书验证的时候,找了一圈没见靠谱的代码,无奈只能去官网看文档了,结果记录一下。官方文档看这里//此处跳过证书验证的方式适用于apache httpclient 4.3.x版本,并不一定适用于其他httpclient版本,请注意。 SSLContext sslContext = SSLContexts.custom().useTLS().loadTrustMaterial(
httpclient(4.3.3) https demo
chuosongjiang6936的博客
09-20 220
@Test public void testCardName() { String url = "https://127.0.0.1" param = new HashMap<String, String>(); param.put("cardnum", card);...
HttpClient4.3 关于httpsSSL证书请求问题
热门推荐
游龙YoooLong
01-11 1万+
废话不说 直接上代码 直接创建调用此方法即可信任所有https SSL证书,SSLConnectionSocketFactory 中设置允许所有主机名称就可以忽略主机名称验证 private static CloseableHttpClient buildSSLCloseableHttpClient() throws Exception { SSLContext sslContext =
https跳过SSL认证时是不是就是不加密的,相当于http?
这家伙很懒,什么都没有留下
09-26 1270
HTTPS,全称Hypertext Transfer Protocol Secure,是一种互联网协议,它使用SSL或TLS协议对传统的HTTP协议进行加密。因此,当您访问一个HTTPS网站时,您的浏览器和服务器之间的通信会被SSL/TLS加密。SSL和TLS是两种用于在互联网上建立安全连接的协议。它们的主要目的是在客户端(例如浏览器)和服务器之间建立一个加密的通信通道,以保护传输的数据受窃听和篡改。在SSL/TLS协议中,服务器需要向客户端出示证书,以证明其身份。
RestTemplate 发送https 忽略证书服务器报错解决办法 SSLException: Connection reset
愤怒的皮蛋瘦肉粥的博客
04-08 1万+
服务器报错信息 I/O error on POST request for "https://xxxxxx.xxxxx.com/elcs-server-audit/api/v2/": Connection reset; nested exception is javax.net.ssl.SSLException: Connection reset org.springframework.web.client.ResourceAccessException: I/O error on POST re.
记录一下访问https报doesn't contain CN or DNS sub错误
weixin_34297300的博客
09-06 616
版本说明 httpclinet:4.3.1jdk:1.6tomcat:6 异常信息 Caused by: javax.net.ssl.SSLException: Certificate for <**> doesn't contain CN or DNS subjectAlt at org.apache.http.conn.ssl.AbstractVerifier.ve...
使用HttpClient访问第三方api(绕过SSL证书验证访问https
A121212789的博客
03-15 1096
使用HttpClient访问第三方api(绕过SSL证书验证访问https
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值