Java代码访问基于https安全协议的网站或服务器, 一般分为有证书和无证书两种,无证书的大部分都很简单,说一下我遇到的有证书的:
证书类型:pfx,(个人证书带密码)
服务器配置:基于SSL加密模式(我这边是基于nginx配置的https安全验证)
-
- 首先要有jks格式文件的证书秘钥文件,如果没有可以向提供方索要pfx证书,带密码,然后把pfx证书转换为jks格式的密钥文件,因为用程序访问的话必须要密钥类型的文件才行,首先进入你的jdk,进入:
%JAVA_HOME%/jre/bin目录下,执行如下命令:
keytool -importkeystore -v -srckeystore client.pfx -srcstoretype pkcs12 -srcstorepass 111111 -destkeystore client.jks -deststoretype jks
命令说明:一般命令从字面意思都能看懂,就不在说明
kytool是jdk自带的一个密钥工具,源文件时客户端证书client.pfx,类型未pkcs12,密码是111111,目标密钥文件是client.jks,目标类型是jks
- 首先要有jks格式文件的证书秘钥文件,如果没有可以向提供方索要pfx证书,带密码,然后把pfx证书转换为jks格式的密钥文件,因为用程序访问的话必须要密钥类型的文件才行,首先进入你的jdk,进入:
- 现在有了密钥文件和密码,就可以用java代码来访问了,把下面这段代码直接拷贝到你的
package mr; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class MarketReplyTest { public static String HTTPSURL = "https://196.123.131.7/DSFA/MarketReply/GetReplayRecords?opType=get3DESStr&str=111111"; public static void main(String[] args){ testHttpsPost(); } public static void testHttpsPost() { String keystorefile = "c:\\\\cafakeystore_client1.jks";// 个人pfx证书转换为jks密钥文件,该密钥文件可以用程序进行访问 String keystorepw = "111111";// 证书密码 KeyStore keystore = null; try { keystore = KeyStore.getInstance("JKS");//密钥类型为jks keystore.load(new FileInputStream(keystorefile), keystorepw.toCharArray());// 加载密钥文件 KeyManagerFactory keymanagerfactory = KeyManagerFactory.getInstance("SunX509");// 获取密钥管理类的工厂类 keymanagerfactory.init(keystore, keystorepw.toCharArray());// 工厂类初始化密钥文件,这里依然需要密码 KeyManager[] akeymanager = keymanagerfactory.getKeyManagers();// 获取密钥管理类 TrustManager[] atrustmanager = { new TrustAnyTrustManager() };// 获取受信任的证书 SSLContext ssl = SSLContext.getInstance("TLS");// 获取安全协议上下文 ssl.init(akeymanager, atrustmanager, null);// 初始化安全协议 SSLSocketFactory sslsocketfactory = ssl.getSocketFactory();// 获取协议通信 URL url = new URL(HTTPSURL); HttpsURLConnection https = (HttpsURLConnection) url.openConnection(); https.setSSLSocketFactory(sslsocketfactory); https.setHostnameVerifier(new TrustAnyHostnameVerifier()); https.setDoInput(true); https.setDoOutput(true); https.setUseCaches(false); https.setRequestMethod("POST"); https.connect(); InputStream in = https.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); String result = ""; String line = ""; while ((line = reader.readLine()) != null) { result += line + "\\r"; } System.out.println(result);// 输出结果值, reader.close(); https.disconnect(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } } /** *信任所有证书(个人证书本来就不受信任,所以在此做处理) **/ private static class TrustAnyTrustManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[] {}; } } /** * 验证IP **/ private static class TrustAnyHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { return hostname.equals(session.getPeerHost()); } } }