HTTPS由于安全性,在目前的应用中越来越广泛
有很多APP存在安全性问题,对服务器证书验证不重视,使用默认证书跳过等
使用openssl可以很方便获取要访问网站的证书,如百度
openssl s_client -connect www.baidu.com:443
拷贝出里面的数组,就可以在程序中使用。如下
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
public class HttpsTest {
/**
*
* @return SSLSocketFactory
* @throws CertificateException
* @throws IOException
* @throws KeyStoreException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLSocketFactory initSSLHttps() throws CertificateException,
IOException, KeyStoreException, NoSuchAlgorithmException,
KeyManagementException {
// openssl s_client -connect www.baidu.com:443
String baidu = "-----BEGIN CERTIFICATE-----\n"
+ "MIIIdDCCB1ygAwIBAgIQRgvtzGxo+wBn8JgNuE2/gjANBgkqhkiG9w0BAQsFADB+\n"
+ "MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd\n"
+ "BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj\n"
+ "IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE3MDYyOTAwMDAwMFoX\n"
+ "DTE4MDgxNzIzNTk1OVowgagxCzAJBgNVBAYTAkNOMRAwDgYDVQQIDAdiZWlqaW5n\n"
+ "MRAwDgYDVQQHDAdiZWlqaW5nMTkwNwYDVQQKDDBCZWlKaW5nIEJhaWR1IE5ldGNv\n"
+ "bSBTY2llbmNlIFRlY2hub2xvZ3kgQ28uLCBMdGQxJjAkBgNVBAsMHXNlcnZpY2Ug\n"
+ "b3BlcmF0aW9uIGRlcGFydG1lbnQuMRIwEAYDVQQDDAliYWlkdS5jb20wggEiMA0G\n"
+ "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDImQ8LQt6/ovSyE1jc5M7knA7yDHOb\n"
+ "ZUA8OgG8ciml3aPKDbuVQ0JLcuFkRBb74nVxe9EAwgN7NMrSL0dSTl2pYonMfklj\n"
+ "7ymfr+LKUigoO8So1XKUsntq6KU7/qXRI4Tpd9zoWoTXUSMgM3BvjN9tyows9GSm\n"
+ "v2foMURsnO00az4YITnM2bVuklui6j4TfkRuA/uypcLPRrZM6XnxRvHrznsMCZ5N\n"
+ "wqpOQeDQuQCGaFqkKPFlbi8Rb+LPFAICUmmqFplit6ac7gvQeLBN3BeJx1Pu4Jmg\n"
+ "oSTPKU0OtRtQtuXaY6+oqpGGP9gqvE5eWYy2YPA2AeojmiNsSPrzf8bDAgMBAAGj\n"
+ "ggTBMIIEvTCCAm8GA1UdEQSCAmYwggJiggsqLmJhaWR1LmNvbYIOKi5iYWlmdWJh\n"
+ "by5jb22CEiouYmFpZHVjb250ZW50LmNvbYIRKi5iYWlkdXN0YXRpYy5jb22CDiou\n"
+ "YmRzdGF0aWMuY29tggsqLmJkaW1nLmNvbYIMKi5iYWlmYWUuY29tggwqLmhhbzEy\n"
+ "My5jb22CCyoubnVvbWkuY29tgg0qLmNodWFua2UuY29tgg0qLnRydXN0Z28uY29t\n"
+ "gg4qLmJhaWR1YmNlLmNvbYIMKi5taXBjZG4uY29tgg4qLmJhaWR1cGNzLmNvbYIN\n"
+ "Ki5iY2Vob3N0LmNvbYIMKi5haXBhZ2UuY29tggsqLmFpcGFnZS5jboILKi5kbG5l\n"
+ "bC5jb22CDyouYmNlLmJhaWR1LmNvbYIQKi5leXVuLmJhaWR1LmNvbYIPKi5tYXAu\n"
+ "YmFpZHUuY29tgg8qLm1iZC5iYWlkdS5jb22CECoubmV3cy5iYWlkdS5jb22CESou\n"
+ "ZmFueWkuYmFpZHUuY29tgg4qLmltLmJhaWR1LmNvbYIQKi5zYWZlLmJhaWR1LmNv\n"
+ "bYIRKi5zc2wyLmR1YXBwcy5jb22CCWJhaWR1LmNvbYIMYmFpZnViYW8uY29tggpi\n"
+ "YWlmYWUuY29tggx3d3cuYmFpZHUuY26CEHd3dy5iYWlkdS5jb20uY26CEmNsaWNr\n"
+ "LmhtLmJhaWR1LmNvbYIQbG9nLmhtLmJhaWR1LmNvbYIQY20ucG9zLmJhaWR1LmNv\n"
+ "bYIQd24ucG9zLmJhaWR1LmNvbYIUdXBkYXRlLnBhbi5iYWlkdS5jb22CD21jdC55\n"
+ "Lm51b21pLmNvbTAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAU\n"
+ "BggrBgEFBQcDAQYIKwYBBQUHAwIwYQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggr\n"
+ "BgEFBQcCARYXaHR0cHM6Ly9kLnN5bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGQwX\n"
+ "aHR0cHM6Ly9kLnN5bWNiLmNvbS9ycGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpg\n"
+ "KrL1evRDGO8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9z\n"
+ "cy5jcmwwVwYIKwYBBQUHAQEESzBJMB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3lt\n"
+ "Y2QuY29tMCYGCCsGAQUFBzAChhpodHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDCC\n"
+ "AQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AN3rHSt6DU+mIIuBrYFocH4ujp0B1VyI\n"
+ "jT0RxM227L7MAAABXPLl8Q4AAAQDAEYwRAIgYmI+Xnom5nr+k+p8RW/BdqobpmTN\n"
+ "ubZW8eM1DTueRfcCIAXdDURAie+w+eZMDfgxHlo/r9wZ8gpQVoTib5w3b/6+AHUA\n"
+ "pLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFc8uXxRAAABAMARjBE\n"
+ "AiA+PkSvZOvIBmxaBLXLceHH1NqW+Mcrz+xtXNmJOl2ElQIgfVeG4xeuWrb7bpoU\n"
+ "smR+LStIG1TPCwimn3JRE3we/fYwDQYJKoZIhvcNAQELBQADggEBADjrCz8a7cax\n"
+ "h7vpyuUFZ/fiKBHE7VLqfppgf3XYNBoqh21qM6gTGzdiSeZj+vx+KOUn38f080Rg\n"
+ "N2aEkag3n03cufIXR8Yn8haXcusz5PONSlMQnN5rZBwpZ8obItiO8KGOh5lgHQ+s\n"
+ "SloX/j8nDDCQgrNkcG2A78nUT+VxGGENxnPmqajP/O2h/kg02qjcnPoj6Elmm/At\n"
+ "5dWWANX374yS7c0fgLZZ1mfZoIqooaRxsSJl5RzyRNU3Bzv5CZCJCGYFqC3RS28Q\n"
+ "vTCjde7TMsAQiWkZ97IKlUMXdbHManm7K85aWcG4Wg8isr9d2GPUZYgcUSc8KfWY\n"
+ "aP5MzoeU6ug=\n"
+ "-----END CERTIFICATE-----\n";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(new ByteArrayInputStream(baidu
.getBytes()));
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null);
keystore.setCertificateEntry("baiducom", ca);
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keystore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
URL url = new URL("https://www.baidu.com");
HttpsURLConnection urlConnection = (HttpsURLConnection) url
.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream input = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input,
"UTF-8"));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = reader.readLine()) != null) {
result.append(line);
}
System.out.print(result.toString());
return context.getSocketFactory();
}
public static void main(String[] args) throws Exception {
initSSLHttps();
}
}