首先感谢http://www.infoq.com/cn/articles/keeping-your-secrets这篇文章解决了我的问题(即不能使用System.setProperty("https.protocols","TLSv1"); )
以下是两个https信任所有证书的实例:
package com.colotnet.util;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
public class HttpUtil {
public static String send(String url, List<BasicNameValuePair> nvps, String ecoding) throws Exception{
String respStr = null;
DefaultHttpClient httpClient = new SSLClient();
HttpPost postMethod = new HttpPost(url);
postMethod.setEntity(new UrlEncodedFormEntity(nvps, "UTF-8"));
try{
HttpResponse resp = httpClient.execute(postMethod);
int statusCode = resp.getStatusLine().getStatusCode();
if(statusCode == HttpStatus.SC_OK){
respStr = EntityUtils.toString(resp.getEntity(), "UTF-8");
}
}catch(Exception e){
throw e;
}finally{
postMethod.releaseConnection();
}
return respStr;
}
public static InputStream post(String submitUrl, String reqData, int connectTimeOut, int readTimeOut, String encoding) throws Exception {
// String path = "E:/Bill99QuickPay/81231015722198890.jks";
// File certFile = new File(path);
// KeyStore ks = KeyStore.getInstance("JKS");
// String password = "vpos123";
// ks.load(new FileInputStream(certFile), password.toCharArray());
// KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// kmf.init(ks, password.toCharArray());
TrustManager[] tm = { new MyX509TrustManager() };
//
SSLContext sslContext = SSLContext.getInstance("TLSv1");
// System.setProperty("https.protocols","TLSv1");
String protocol = sslContext.getProtocol();
System.out.println(protocol);
// sslContext.init(kmf.getKeyManagers(),tm, null);
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory factory = sslContext.getSocketFactory();
SSLSocketFactoryWrapper wrapper = new SSLSocketFactoryWrapper(factory, new String[] { "TLSv1" }, null);
URL url = new URL(submitUrl);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setSSLSocketFactory(wrapper);
urlc.setHostnameVerifier(new TrustAnyHostnameVerifier());
urlc.setDoOutput(true);
urlc.setDoInput(true);
urlc.setReadTimeout(readTimeOut);
urlc.setConnectTimeout(connectTimeOut);
OutputStream out = urlc.getOutputStream();
out.write(reqData.getBytes(encoding));
out.flush();
out.close();
return urlc.getInputStream();
}
// public static String send(String url, String param,int readTimeout, int connTimeOut, String readecoding,String txtType, String sendecoding) throws Exception{
// String respStr = null;
// HttpClient httpClient = new HttpClient();
// PostMethod postmethod = new PostMethod(url);
// // 链接超时
// httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(connTimeOut);
// // 读取超时
// httpClient.getHttpConnectionManager().getParams().setSoTimeout(readTimeout);
// try{
// postmethod.setRequestEntity(new StringRequestEntity(param, txtType,sendecoding));
// int statusCode = httpClient.executeMethod(postmethod);
// if (statusCode == HttpStatus.SC_OK) {
// BufferedInputStream bis = new BufferedInputStream(postmethod.getResponseBodyAsStream());
// byte[] bytes = new byte[1024];
// ByteArrayOutputStream bos = new ByteArrayOutputStream();
// int count = 0;
// while ((count = bis.read(bytes)) != -1) {
// bos.write(bytes, 0, count);
// }
// byte[] strByte = bos.toByteArray();
// respStr = new String(strByte, 0, strByte.length, readecoding);
// }
// }catch(Exception e){
// throw e;
// }finally{
// postmethod.releaseConnection();
// }
// return respStr;
// }
}
package com.colotnet.util;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
public class SSLClient extends DefaultHttpClient {
public SSLClient() throws Exception {
super();
SSLContext ctx = SSLContext.getInstance("TLSv1");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
package com.colotnet.util;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class MyX509TrustManager implements X509TrustManager {
public MyX509TrustManager() throws Exception {
}
/*
* Delegate to the default trust manager.
*/
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
* Delegate to the default trust manager.
*/
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
/*
* Merely pass this through.
*/
public X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[0];
}
}
package com.colotnet.util;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class TrustAnyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
}
package com.colotnet.util;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class SSLSocketFactoryWrapper extends SSLSocketFactory {
private final SSLSocketFactory wrappedFactory;
private final String[] enabledProtocols;
private final String[] enabledSuites;
public SSLSocketFactoryWrapper(SSLSocketFactory factory, String[] protocols, String[] suites) {
wrappedFactory = factory;
enabledProtocols = protocols;
enabledSuites = suites;
}
/**
* @param host
* @param port
* @return
* @throws IOException
* @throws UnknownHostException
* @see javax.net.SocketFactory#createSocket(java.lang.String, int)
*/
public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port);
setParameters(socket);
return socket;
}
/**
* @param host
* @param port
* @param localHost
* @param localPort
* @return
* @throws IOException
* @throws UnknownHostException
* @see javax.net.SocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int)
*/
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException,
UnknownHostException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port, localHost, localPort);
setParameters(socket);
return socket;
}
/**
* @param host
* @param port
* @return
* @throws IOException
* @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int)
*/
public Socket createSocket(InetAddress host, int port) throws IOException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port);
setParameters(socket);
return socket;
}
/**
* @param address
* @param port
* @param localAddress
* @param localPort
* @return
* @throws IOException
* @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int, java.net.InetAddress, int)
*/
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort)
throws IOException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(address, port, localAddress, localPort);
setParameters(socket);
return socket;
}
/**
* @return
* @throws IOException
* @see javax.net.SocketFactory#createSocket()
*/
public Socket createSocket() throws IOException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket();
setParameters(socket);
return socket;
}
/**
* @return
* @see javax.net.ssl.SSLSocketFactory#getDefaultCipherSuites()
*/
public String[] getDefaultCipherSuites() {
return wrappedFactory.getDefaultCipherSuites();
}
/**
* @return
* @see javax.net.ssl.SSLSocketFactory#getSupportedCipherSuites()
*/
public String[] getSupportedCipherSuites() {
return enabledSuites == null ? wrappedFactory.getSupportedCipherSuites() : enabledSuites;
}
/**
* @param s
* @param host
* @param port
* @param autoClose
* @return
* @throws IOException
* @see javax.net.ssl.SSLSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean)
*/
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(s, host, port, autoClose);
setParameters(socket);
return socket;
}
/**
* Override the configured parameters on the socket.
*
* @param socket
*/
private void setParameters(SSLSocket socket) {
if (enabledProtocols != null) {
socket.setEnabledProtocols(enabledProtocols);
}
if (enabledSuites != null) {
socket.setEnabledCipherSuites(enabledSuites);
}
}
}
注意的是SSLClient中信任所有证书的方式对jdk6不适用,HTTPUtil中的第二个方法可以用于jdk6,需指定System.setProperty("https.protocols","TLSv1"); 如果由于环境问题不能使用System,(System针对整个环境所有的https设置),可使用SSLSocketFactory的包装类 SSLSocketFactoryWrapper来指定一条http连接使用的协议。
566
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
