JAVA访问HTTPS/SSL接口

解决思路：

1. 调用接口前加载导入服务器证书的truststore（启动命令引入或代码里加载），这样只信任这个服务器证书（证书更新后，也不会信任，不推荐）

2. 调用接口前加载导入服务器证书根证书的truststore，这样就会信任这个根证书签发的服务器证书，服务器证书更新也会信任（推荐）

3. 调用接口前忽略证书信任，也就是相当于信任所有证书（不推荐）

4. 调用接口前，获取到服务器证书，然后信任该证书（相当于第3条，但可以在过程中对证书的信息进行自定义验证）

 

1.2. 思路可使用以下方式：

1. 代码方式：

              

System.setProperty("javax.net.ssl.keyStore", "d:/client.jks"); 
            System.setProperty("javax.net.ssl.keyStorePassword", "123456"); 
            System.setProperty("javax.net.ssl.keyStoreType", "JKS"); 
            System.setProperty("javax.net.ssl.trustStore", "d:/trust.jks");  // 将服务器证书或服务器证书的根证书添加至trust.jks
            System.setProperty("javax.net.ssl.trustStorePassword", "123123"); 
            System.setProperty("javax.net.ssl.trustStoreType", "JKS");

 

       2. JAVA运行命令中配置：

java -Djavax.net.ssl.keyStore=clientKeys    -Djavax.net.ssl.keyStorePassword=password    -Djavax.net.ssl.trustStore=clientTrust  -Djavax.net.ssl.trustStorePassword=password 

 

3 思路解决方法：

1. Axis1.x使用方式

1.1 创建类MySocketFactory.java

import org.apache.axis.components.net.JSSESocketFactory;

import javax.net.ssl.*;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Hashtable;

public class MySocketFactory extends JSSESocketFactory {
    public MySocketFactory(Hashtable attributes) {
        super(attributes);
    }

    protected void initFactory() throws IOException {
        TrustManager[] myTrustManager = new TrustManager[]{
                new X509TrustManager() {
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }

                    public void checkClientTrusted(X509Certificate[] certs, String authType) {
                    }

                    public void checkServerTrusted(X509Certificate[] certs, String authType) {
                    }
                }
        };
        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("SSL");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        HostnameVerifier hv = new HostnameVerifier() {
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        };

        try {
            sc.init(null, myTrustManager, new SecureRandom());
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
        sslFactory = sc.getSocketFactory();
    }
}

 1.2 调用接口之前进行以下axis设置

AxisProperties.setProperty("axis.socketSecureFactory", "MySocketFactory"); //参数为类路径

 2. http方式

import javax.net.ssl.*;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class Test {

	public static void main(String[] args) {
		try {
			URL myURL = new URL("");
			TrustManager[] tm = {new MyX509TrustManager()};
			SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
			sslContext.init(null, tm, new java.security.SecureRandom());

			//从上述SSLContext对象中得到SSLSocketFactory对象
			SSLSocketFactory ssf = sslContext.getSocketFactory();

			//创建HttpsURLConnection对象，并设置其SSLSocketFactory对象
			HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
			httpsConn.setSSLSocketFactory(ssf);

			// 调用接口

		} catch (Exception e) {
			e.printStackTrace();
		}
	}
}

class MyX509TrustManager implements X509TrustManager {
	public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

	}

	public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

	}

	public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
		return null;
	}

	public boolean isClientTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
		return true;
	}

	public boolean isServerTrusted(X509Certificate[] arg0) {
// TODO Auto-generated method stub
		return true;
	}
}