完整的代理访问测试程序如下
static class MyX509TrustManager implements X509TrustManager {
/*
* The default X509TrustManager returned by IbmX509. We'll delegate decisions to it, and fall back to the logic in this class if the default X509TrustManager doesn't trust it.
*/
private X509TrustManager pkixTrustManager;
public MyX509TrustManager() throws Exception {
// create a "default" JSSE X509TrustManager.
// KeyStore用于存放证书,创建对象时 指定交换数字证书的加密标准
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
// 加载证书库keystore文件
keyStore.load(new FileInputStream("C:/Users/coffee/Desktop/coffee-100.keystore"), "coffee".toCharArray());
// keyStore.load(new FileInputStream("F:/Java/jdk1.7.0_79/jre/lib/security/Fiddler.Keystore"), "changeit".toCharArray());
// TrustManager决定是否信任对方的证书
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
TrustManager tms[] = tmf.getTrustManagers();
/*
* Iterate over the returned trustmanagers, look for an instance of X509TrustManager. If found, use that as our "default" trust manager.
*/
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
pkixTrustManager = (X509TrustManager) tms[i];
return;
}
}
/*
* Find some other way to initialize, or else we have to fail the constructor.
*/
throw new Exception("Couldn't initialize");
}
/*
* Delegate to the default trust manager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
pkixTrustManager.checkClientTrusted(chain, authType);
} catch (CertificateException e) {
// do any special handling here, or rethrow exception.
e.printStackTrace();
}
}
/*
* Delegate to the default trust manager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
pkixTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException e) {
e.printStackTrace();
}
}
/*
* Merely pass this through. 返回可接受的发行人
*/
public X509Certificate[] getAcceptedIssuers() {
return pkixTrustManager.getAcceptedIssuers();
}
}
public static void main(String[] args) throws Exception {
// System.setProperty("javax.net.ssl.trustStore", "F:/Java/jdk1.7.0_79/jre/lib/security/Fiddler.Keystore");
// System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("https.proxyHost", "127.0.0.1");
System.setProperty("https.proxyPort", "8888");
// Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("127.0.0.1", 8888));
String url12036 = "https://192.168.1.100:18443";
// Create a trust manager that does not validate certificate chains
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new MyX509TrustManager() }, new java.security.SecureRandom());
SSLSocketFactory ssf = sslContext.getSocketFactory();
URL myURL = new URL(url12036);
HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
httpsConn.setSSLSocketFactory(ssf);
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
System.out.println("hostnameVerifier =============");
return true;
}
});
httpsConn.connect();
Certificate[] certs = httpsConn.getServerCertificates();
for (Certificate cert : certs) {
System.out.println("Certificate is: " + cert);
if (cert instanceof X509Certificate) {
X509Certificate x = (X509Certificate) cert;
System.out.println(x.getIssuerDN());
}
}
// getInputStream的时候 会调用 MyX509TrustManager#checkServerTrusted
InputStreamReader ins = new InputStreamReader(httpsConn.getInputStream());
int respInt = ins.read();
while (respInt != -1) {
System.out.print((char) respInt);
respInt = ins.read();
}
ins.close();
}
通过Fiddler基本上可以看到报文信息了