https请求需要加载秘钥文件pfx,另外平常所见的.pem.key 公私钥是可以用pfx文件转化的。进行秘钥确认中设置TLSv1.2协议是很重要的一步。
注意:类叫HttpUtils
发钱请求用到header和body内容是需要按个人去添加的
/**
*
* @param KEY_STORE_CLIENT_PATH 证书地址
* @param KEYSTORE_PASSWORD 证书密码
* @param httpsUrl
* @param param jsonparams map 形式
* @param headParam
* @return
*/
public static String sendHttpsPost(String KEY_STORE_CLIENT_PATH,String KEYSTORE_PASSWORD,String httpsUrl, Map<String, Object> param, Map<String, String> headParam) {
CloseableHttpResponse resp = null;
String result = "";
try {
HttpUtils httpUtils = new HttpUtils(KEY_STORE_CLIENT_PATH,KEYSTORE_PASSWORD);
HttpPost httpPost = new HttpPost(httpsUrl);
// 表示客户端发送给服务器端的数据格式
httpPost.setHeader("Content-Type", "application/json;charset=UTF-8");
httpPost.setHeader("Accept", "application/json");
// String json= "{\"originalText\":\"CF36008DAE5BDBB3AFAB65C160554E9ECDC33489A4E76D96F412C4CE9CB57D00\"}";
String json = String.valueOf(JSONUtil.parseObj(param));
StringEntity jsonparam = new StringEntity(json, ContentType.APPLICATION_JSON);
httpPost.setEntity(jsonparam);
if (headParam != null) {
for (Map.Entry<String, String> entry : headParam.entrySet()) {
httpPost.setHeader(entry.getKey(), entry.getValue());
}
}
resp = httpUtils.httpClient.execute(httpPost);
HttpEntity entity = resp.getEntity();
// 将实体装成字符串
result = EntityUtils.toString(entity, Charset.defaultCharset());
}catch (Exception e){
throw new ServiceException("https请求失败:"+e.getMessage());
}finally {
if(null!=resp){
try {
resp.close();
} catch (Exception e) {
throw new ServiceException("https请求失败:"+e.getMessage());
}
}
}
return result;
}
private static final String KEY_STORE_TYPE_JKS = "JKS";
private CloseableHttpClient httpClient;
/**
*
* @param KEY_STORE_CLIENT_PATH 客户端证书路径
* @param KEYSTORE_PASSWORD keystore密码
* @throws Exception
*/
public HttpUtils(String KEY_STORE_CLIENT_PATH,String KEYSTORE_PASSWORD) throws Exception {
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_JKS);
KeyStore trustKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
Resource resource = new ClassPathResource("keystore/SignTestClient.pfx");
InputStream instream = resource.getInputStream();
// InputStream instream = new FileInputStream(new File(KEY_STORE_CLIENT_PATH));
try {
//密钥库口令
keyStore.load(instream, KEYSTORE_PASSWORD.toCharArray());
} catch (Exception e) {
log.error("加载客户端端可信任证书出错了", e);
} finally {
try {
instream.close();
} catch (Exception ignore) {
}
}
SSLContext sslcontext = SSLContexts.custom()
//忽略掉对服务器端证书的校验
.loadTrustMaterial(new TrustStrategy() {
@Override
public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
})
.loadKeyMaterial(keyStore, KEYSTORE_PASSWORD.toCharArray())
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
sslcontext,
new String[]{"TLSv1.2"},
null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
this.httpClient = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.build();
}