无视Https证书是否正确的Java Http Client

最新推荐文章于 2023-11-01 10:27:33 发布

wechaha

最新推荐文章于 2023-11-01 10:27:33 发布

阅读量238

点赞数

文章标签：开发工具 java

本文链接：https://blog.csdn.net/wechaha/article/details/84405723

版权

需要保证通讯的端到端安全，大家一致认为Https方式最适合，但需要评估性能代价。

采取ajp connector貌似无法直接使用httpd2进行load balance了，而且proxy模式的性能实在是让人心寒；jk connector如果tomcat不配ssl，据说需要forward一下，还没有搞定。

为了测试性能，写了个可以无视Https证书是否正确都能连接的Java Http Client。以为很简单的一段代码，绕是迈过了两个小门槛，才搞定的。code可以拿出来晒一晒了。

运行环境jdk1.6，不需要其它类库。

package test;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
* 无视Https证书是否正确的Java Http Client
*
* <p>
* <a href="HttpsUtil.java.html"><i>View Source</i></a>
* </p>
*
* @author <a href="mailto:twotwo.li@gmail.com">LiYan</a>
*
* @create Sep 10, 2009 9:59:35 PM
* @version $Id$
*/
public class HttpsUtil {

/**
* 忽视证书HostName
*/
private static HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslsession) {
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
}
};

/**
* Ignore Certification
*/
private static TrustManager ignoreCertificationTrustManger = new X509TrustManager() {

private X509Certificate[] certificates;

@Override
public void checkClientTrusted(X509Certificate certificates[],
String authType) throws CertificateException {
if (this.certificates == null) {
this.certificates = certificates;
System.out.println("init at checkClientTrusted");
}

}

@Override
public void checkServerTrusted(X509Certificate[] ax509certificate,
String s) throws CertificateException {
if (this.certificates == null) {
this.certificates = ax509certificate;
System.out.println("init at checkServerTrusted");
}

// for (int c = 0; c < certificates.length; c++) {
// X509Certificate cert = certificates[c];
// System.out.println(" Server certificate " + (c + 1) + ":");
// System.out.println(" Subject DN: " + cert.getSubjectDN());
// System.out.println(" Signature Algorithm: "
// + cert.getSigAlgName());
// System.out.println(" Valid from: " + cert.getNotBefore());
// System.out.println(" Valid until: " + cert.getNotAfter());
// System.out.println(" Issuer: " + cert.getIssuerDN());
// }

}

@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}

};

public static byte[] doGet(String urlString) {

ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
try {

URL url = new URL(urlString);

/*
* use ignore host name verifier
*/
HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
HttpsURLConnection connection = (HttpsURLConnection) url
.openConnection();

// Prepare SSL Context
TrustManager[] tm = { ignoreCertificationTrustManger };
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(null, tm, new java.security.SecureRandom());

// 从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
connection.setSSLSocketFactory(ssf);

InputStream reader = connection.getInputStream();
byte[] bytes = new byte[512];
int length = reader.read(bytes);

do {
buffer.write(bytes, 0, length);
length = reader.read(bytes);
} while (length > 0);

// result.setResponseData(bytes);
System.out.println(buffer.toString());
reader.close();

connection.disconnect();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
}
return buffer.toByteArray();
}

public static void main(String[] args) {
String urlString = "https://www.google.com/adsense/";
String output = new String(HttpsUtil.getMethod(urlString));
System.out.println(output);
}
}