https 通过Fiddler代理访问 (三)

完整的代理访问测试程序如下

static class MyX509TrustManager implements X509TrustManager {
		/*
		 * The default X509TrustManager returned by IbmX509. We'll delegate decisions to it, and fall back to the logic in this class if the default X509TrustManager doesn't trust it.
		 */
		private X509TrustManager pkixTrustManager;

		public MyX509TrustManager() throws Exception {
			// create a "default" JSSE X509TrustManager.
			// KeyStore用于存放证书，创建对象时 指定交换数字证书的加密标准
			KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
			// 加载证书库keystore文件
			keyStore.load(new FileInputStream("C:/Users/coffee/Desktop/coffee-100.keystore"), "coffee".toCharArray());
			// keyStore.load(new FileInputStream("‪‪F:/Java/jdk1.7.0_79/jre/lib/security/Fiddler.Keystore"), "changeit".toCharArray());
			// TrustManager决定是否信任对方的证书
			TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
			tmf.init(keyStore);

			TrustManager tms[] = tmf.getTrustManagers();

			/*
			 * Iterate over the returned trustmanagers, look for an instance of X509TrustManager. If found, use that as our "default" trust manager.
			 */
			for (int i = 0; i < tms.length; i++) {
				if (tms[i] instanceof X509TrustManager) {
					pkixTrustManager = (X509TrustManager) tms[i];
					return;
				}
			}

			/*
			 * Find some other way to initialize, or else we have to fail the constructor.
			 */
			throw new Exception("Couldn't initialize");
		}

		/*
		 * Delegate to the default trust manager.
		 */
		public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			try {
				pkixTrustManager.checkClientTrusted(chain, authType);
			} catch (CertificateException e) {
				// do any special handling here, or rethrow exception.
				e.printStackTrace();
			}
		}

		/*
		 * Delegate to the default trust manager.
		 */
		public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
			try {
				pkixTrustManager.checkServerTrusted(chain, authType);
			} catch (CertificateException e) {
				e.printStackTrace();
			}
		}

		/*
		 * Merely pass this through. 返回可接受的发行人
		 */
		public X509Certificate[] getAcceptedIssuers() {
			return pkixTrustManager.getAcceptedIssuers();
		}
	}

	public static void main(String[] args) throws Exception {
		// System.setProperty("javax.net.ssl.trustStore", "‪F:/Java/jdk1.7.0_79/jre/lib/security/Fiddler.Keystore");
		// System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
		
		System.setProperty("https.proxyHost", "127.0.0.1");
		System.setProperty("https.proxyPort", "8888");
		// Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888));

		String url12036 = "https://192.168.1.100:18443";
		// Create a trust manager that does not validate certificate chains
		SSLContext sslContext = SSLContext.getInstance("SSL");
		sslContext.init(null, new TrustManager[] { new MyX509TrustManager() }, new java.security.SecureRandom());

		SSLSocketFactory ssf = sslContext.getSocketFactory();

		URL myURL = new URL(url12036);
		HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
		httpsConn.setSSLSocketFactory(ssf);

		HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
			public boolean verify(String arg0, SSLSession arg1) {
				System.out.println("hostnameVerifier =============");
				return true;
			}
		});

		httpsConn.connect();
		Certificate[] certs = httpsConn.getServerCertificates();
		for (Certificate cert : certs) {
			System.out.println("Certificate is: " + cert);
			if (cert instanceof X509Certificate) {
				X509Certificate x = (X509Certificate) cert;
				System.out.println(x.getIssuerDN());
			}
		}

		// getInputStream的时候 会调用 MyX509TrustManager#checkServerTrusted
		InputStreamReader ins = new InputStreamReader(httpsConn.getInputStream());
		int respInt = ins.read();
		while (respInt != -1) {
			System.out.print((char) respInt);
			respInt = ins.read();
		}
		ins.close();
	}

通过Fiddler基本上可以看到报文信息了