Java的HttpClient如何去支持无证书访问https

最新推荐文章于 2023-09-15 10:46:04 发布
最新推荐文章于 2023-09-15 10:46:04 发布
阅读量727 收藏 1
点赞数
文章标签: Java Socket .net Security Apache
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/fs20041242/article/details/83764343
版权
项目里需要访问其他接口,通过http/https协议。我们一般是用HttpClient类来实现具体的http/https协议接口的调用。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=http://www.xxx.com/xxx;

// Init a HttpMethod
HttpMethod get = new GetMethod(url);
get.setDoAuthentication(true);
get.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(1, false));

// Call http interface
try {
client.executeMethod(get);

// Handle the response from http interface
InputStream in = get.getResponseBodyAsStream();
SAXReader reader = new SAXReader();
Document doc = reader.read(in);
} finally {
// Release the http connection
get.releaseConnection();
}

以上代码在通过普通的http协议是没有问题的,但如果是https协议的话,就会有证书文件的要求了。一般情况下,是这样去做的。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=https://www.xxx.com/xxx;

if (url.startsWith("https:")) {
System.setProperty("javax.net.ssl.trustStore", "/.sis.cer");
System.setProperty("javax.net.ssl.trustStorePassword", "public");
}

......

于是,这里就需要事先生成一个.sis.cer的文件,生成这个文件的方法一般是先通过浏览器访问https://,导出证书文件,再用JAVA keytool command 生成证书

# $JAVA_HOME/bin/keytool -import -file sis.cer -keystore .sis.cer

但这样做,一比较麻烦,二来证书也有有效期,过了有效期之后,又需要重新生成一次证书。如果能够避开生成证书文件的方式来使用https的话,就比较好了。

还好,在最近的项目里,我们终于找到了方法。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=https://www.xxx.com/xxx;

if (url.startsWith("https:")) {
this.supportSSL(url, client);
}

......

这里用到了supportSSL(url, client)这个方法,看看这个方法是如何实现的。

private void supportSSL(String url, HttpClient client) {
if(StringUtils.isBlank(url)) {
return;
}
String siteUrl = StringUtils.lowerCase(url);
if (!(siteUrl.startsWith("https"))) {
return;
}

try {
setSSLProtocol(siteUrl, client);
} catch (Exception e) {
logger.error("setProtocol error ", e);
}
Security.setProperty( "ssl.SocketFactory.provider",
"com.tool.util.DummySSLSocketFactory");
}

private static void setSSLProtocol(String strUrl, HttpClient client) throws Exception {

URL url = new URL(strUrl);
String host = url.getHost();
int port = url.getPort();

if (port <= 0) {
port = 443;
}
ProtocolSocketFactory factory = new SSLSocketFactory();
Protocol authhttps = new Protocol("https", factory, port);
Protocol.registerProtocol("https", authhttps);
// set https protocol
client.getHostConfiguration().setHost(host, port, authhttps);
}

在supportSSL方法里,调用了Security.setProperty( "ssl.SocketFactory.provider",
"com.tool.util.DummySSLSocketFactory");

那么这个com.tool.util.DummySSLSocketFactory是这样的:


访问https 资源时,让httpclient接受所有ssl证书,在weblogic等容器中很有用
代码如下:


Java代码

1. import java.io.IOException;
2. import java.net.InetAddress;
3. import java.net.InetSocketAddress;
4. import java.net.Socket;
5. import java.net.SocketAddress;
6. import java.net.UnknownHostException;
7. import java.security.KeyManagementException;
8. import java.security.NoSuchAlgorithmException;
9. import java.security.cert.CertificateException;
10. import java.security.cert.X509Certificate;
11.
12. import javax.net.SocketFactory;
13. import javax.net.ssl.SSLContext;
14. import javax.net.ssl.TrustManager;
15. import javax.net.ssl.X509TrustManager;
16.
17. import org.apache.commons.httpclient.ConnectTimeoutException;
18. import org.apache.commons.httpclient.params.HttpConnectionParams;
19. import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
20.
21. public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {
22. static{
23. System.out.println(">>>>in MySecureProtocolSocketFactory>>");
24. }
25. private SSLContext sslcontext = null;
26.
27. private SSLContext createSSLContext() {
28. SSLContext sslcontext=null;
29. try {
30. sslcontext = SSLContext.getInstance("SSL");
31. sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
32. } catch (NoSuchAlgorithmException e) {
33. e.printStackTrace();
34. } catch (KeyManagementException e) {
35. e.printStackTrace();
36. }
37. return sslcontext;
38. }
39.
40. private SSLContext getSSLContext() {
41. if (this.sslcontext == null) {
42. this.sslcontext = createSSLContext();
43. }
44. return this.sslcontext;
45. }
46.
47. public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
48. throws IOException, UnknownHostException {
49. return getSSLContext().getSocketFactory().createSocket(
50. socket,
51. host,
52. port,
53. autoClose
54. );
55. }
56.
57. public Socket createSocket(String host, int port) throws IOException,
58. UnknownHostException {
59. return getSSLContext().getSocketFactory().createSocket(
60. host,
61. port
62. );
63. }
64.
65.
66. public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
67. throws IOException, UnknownHostException {
68. return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
69. }
70.
71. public Socket createSocket(String host, int port, InetAddress localAddress,
72. int localPort, HttpConnectionParams params) throws IOException,
73. UnknownHostException, ConnectTimeoutException {
74. if (params == null) {
75. throw new IllegalArgumentException("Parameters may not be null");
76. }
77. int timeout = params.getConnectionTimeout();
78. SocketFactory socketfactory = getSSLContext().getSocketFactory();
79. if (timeout == 0) {
80. return socketfactory.createSocket(host, port, localAddress, localPort);
81. } else {
82. Socket socket = socketfactory.createSocket();
83. SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
84. SocketAddress remoteaddr = new InetSocketAddress(host, port);
85. socket.bind(localaddr);
86. socket.connect(remoteaddr, timeout);
87. return socket;
88. }
89. }
90.
91. //自定义私有类
92. private static class TrustAnyTrustManager implements X509TrustManager {
93.
94. public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
95. }
96.
97. public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
98. }
99.
100. public X509Certificate[] getAcceptedIssuers() {
101. return new X509Certificate[]{};
102. }
103. }
104.
105. }

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.SocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;

public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {
static{
System.out.println(">>>>in MySecureProtocolSocketFactory>>");
}
private SSLContext sslcontext = null;

private SSLContext createSSLContext() {
SSLContext sslcontext=null;
try {
sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return sslcontext;
}

private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createSSLContext();
}
return this.sslcontext;
}

public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
}

public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port
);
}


public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
}

public Socket createSocket(String host, int port, InetAddress localAddress,
int localPort, HttpConnectionParams params) throws IOException,
UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
SocketFactory socketfactory = getSSLContext().getSocketFactory();
if (timeout == 0) {
return socketfactory.createSocket(host, port, localAddress, localPort);
} else {
Socket socket = socketfactory.createSocket();
SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
SocketAddress remoteaddr = new InetSocketAddress(host, port);
socket.bind(localaddr);
socket.connect(remoteaddr, timeout);
return socket;
}
}

//自定义私有类
private static class TrustAnyTrustManager implements X509TrustManager {

public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}

public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}

}



然后按如下方式使用HttpClient

Protocol myhttps = new Protocol("https", new MySecureProtocolSocketFactory (), 443);
Protocol.registerProtocol("https", myhttps);
HttpClient httpclient=new HttpClient();
之后就是照常使用了,不知道怎样用的话,参考我的其它文章
fs20041242
关注
HttpClient 使用证书访问https站点
oscar999的专栏
02-19 4128
使用HttpClient访问https 站点时,如果JRE或者JDK没有导入某个站点的证书,则会报如下错误: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification
java https pfx_使用HttpClient携带pfx证书调用HTTPS协议的WebService
weixin_30310209的博客
02-16 868
调用第三方服务时,厂商提供了一个WSDL文件、调用的地址和一个后缀为pfx的证书文件,通过SOUPUI记载证书是可以正常调用WebService服务,那么如何将该服务转换为代码呢?咨询了厂商的支持,厂商说直接发送报文即可。观察SOUPUI的调用发现直接发送的SOUP报文,那么决定使用HttpClient进行服务调用,调用HTTPS好说、发送报文也好说,关键问题卡在了pfx证书上面。百度了很多例子,...
java访问https网络,无需证书
07-11
使用java写的访问https网络协议的网址,绕过了证书的验证
java httpclient证书访问 https
pdw2009的专栏
02-21 4523
package httpclient; import java.io.IOException; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Socket; import java.net.SocketAddress; import java.net.UnknownHostExcep
JAVA HttpClient可以直接请求https
qq_34533703的博客
06-30 574
【代码】JAVA HttpClient可以直接请求https
java证书调用https
flyer0428的博客
09-30 601
1.信任所有证书类 package com.asiainfo.frame.utils.https;   import java.security.cert.CertificateException; import java.security.cert.X509Certificate;   import javax.net.ssl.X509TrustManager;   publ...
java 访问https 证书_javaHttpClient如何去支持证书访问https
weixin_34450092的博客
02-13 248
之前做调用华为认证接口时,没有证书,使用此方法,实测可用;调用自定义类:if (url.startsWith("https")) {Protocol myhttps = new Protocol("https",new MySecureProtocolSocketFactory(), 8445);Protocol.registerProtocol("https", myhttps);}String...
使用httpclient无需证书调用https的示例(java调用https)
09-04
以下是一个使用HttpClient进行无证书验证调用HTTPS的示例。 首先,我们需要创建一个自定义的`SSLSocketFactory`,该工厂会忽略证书验证。这通常不推荐用于生产环境,因为它可能导致安全漏洞,但在测试或调试时非常...
java实现读取证书访问https接口
07-26
本篇文章将深入探讨如何在Java中实现读取不同格式(如cer、der、crt)的证书,以及如何使用这些证书访问HTTPS接口并获取返回数据。 首先,我们需要了解证书的基本概念。证书通常包含了公钥和一些身份信息,由受信任...
JAVA利用HttpClient进行HTTPS接口调用的方法
08-29
Java中使用HttpClient进行HTTPS接口调用的方法是通过继承DefaultHttpClient类,忽略证书校验过程。首先,创建一个SSLClient类,继承DefaultHttpClient类,并在构造函数中初始化SSLContext和TrustManager。然后,使用...
https无需生成证书直接访问
08-09
NULL 博文链接:https://xiaour.iteye.com/blog/2190614
Java跳过证书访问HTTPS
最新发布
lmchhh的博客
09-15 3858
java直接发送请求访问https地址的时候,若没有导入证书,会出现各种问题,如307。以下会以是否SpringBoot来解决这个问题,做法一致,都是绕过证书进行处理的。
https与SSL协议详解及Java实现免证书访问https服务代码
wonking666的博客
11-28 9076
https与SSL协议详解及Java实现免证书访问https服务代码 tomcat提供https服务接口方法
HttpClient 忽略证书直接访问https站点
oscar999的专栏
02-20 6091
使用HttpClient 访问https 站点,可以通过以下两种方式忽略证书的检查。 方式1. 信任所有的站点 方式2. 忽略证书认证
java请求https地址如何绕过证书验证?
爱老婆、爱生活、爱工作、爱编程
04-13 3046
第一种方法,适用于httpclient4.X 里边有get和post两种方法供你发送请求使用。 import java.io.BufferedReader; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.io.Unsupport
java发送http和https请求(忽略证书)
热门推荐
MC的博客
05-08 1万+
通过java发送http请求和https请求(忽略证书
调用不需要证书认证的HTTPS接口,兼容http接口
qq_34769161的博客
10-26 1789
不使用证书调用HTTPs接口,支持HTTP package com.xysd.oauthSSO.service; import java.io.IOException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.ArrayL...
httpClient发送https请求,忽略证书详解(亲测有效)
m0_53917137的博客
09-24 1万+
httpClient发送https请求,忽略证书详解(亲测有效)问题原因解决 问题 在项目上线前期。第三方接口的生产地址改用为 ip地址加端口号的形式(测试环境使用的是域名进行访问),导致项目上线后接口不能访问。 报错:doesn't match any of the subject alternative names: [...] 原因 https请求是需要对应的证书才能够进行访问,前面测试通过是因为解析的域名服务器上安装了证书,所以不需要客户端重新安装,而直接访问ip+端口号(直接目标机器)地址,
httpclient越过ssl证书访问https协议接口
qq_35460161的博客
10-09 527
httpclient越过ssl证书访问https协议接口 在https协议下,如果使用httpclient进行访问其他项目时,就会显示无线证书报错,此时如果需要进行访问,就需要越过ssl证书,达到访问的目的。 可以用创建一个SecureProtocolSocketFactory 方法去实现SecureProtocolSocketFactory 方法 import java.io.IOE...
使用HttpClient进行HTTPS安全访问指南
"使用httpclient进行https访问涉及到网络安全和证书管理。" 在Java开发中,当需要通过HTTP客户端(httpclient)进行HTTPS(安全超文本传输协议)访问时,需要处理SSL(Secure Socket Layer)和TLS(Transport Layer...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值