携带java认证库请求接口时加上域名和证书的绑定关系会使调用更顺利
代码说明
public String httpsRequest(Map<String, String> headers,String requestBody,String url,String method) {
try {
HttpURLConnection connection = doHttpRequest(url, method, requestBody, headers);
String responseBody = getResponseBodyAsString(connection);
connection.disconnect();
return responseBody;
} catch (Exception e) {
e.printStackTrace();
return e.getMessage();
}
}
headers:请求头;requestBody:请求体;url:接口地址;method:接口类型
doHttpRequest方法
private HttpURLConnection doHttpRequest(String requestUrl, String method, String body, Map<String, String> header) throws Exception {
HttpURLConnection conn;
if (method == null || method.length() == 0) {
method = "GET";
}
URL url = new URL(requestUrl);
conn = (HttpURLConnection) url.openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.setInstanceFollowRedirects(true);
conn.setRequestMethod(method);
File file = new File(sslFileName);//证书文件名:test.pfx
if (!file.exists()) {
ClassPathResource resource = new ClassPathResource(sslFileName);
try {
FileUtil.writeFromStream(resource.getInputStream(), new File(sslFileName));
} catch (IOException e) {
e.printStackTrace();
}
}
String fileUrl = file.getAbsolutePath();
if (requestUrl.matches("^(https)://.*$")) {
((HttpsURLConnection) conn).setSSLSocketFactory(this.getSSLFactory(fileUrl, cerPassWord));//证书密码
}
if (header != null) {
for (String key : header.keySet()) {
conn.setRequestProperty(key, header.get(key));
}
}
if (!body.isEmpty()) {
if (!"GET".equals(method)) {
OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream());
wr.write(body);
wr.flush();
wr.close();
}
}
conn.connect();
return conn;
}
getSSLFactory方法
private synchronized SSLSocketFactory getSSLFactory(String certPath, String certPassword) throws Exception {
KeyStore clientKeyStore = KeyStore.getInstance("PKCS12");
try (FileInputStream fis = new FileInputStream(certPath)) {
clientKeyStore.load(fis, certPassword.toCharArray()); // 使用您设置的密钥库密码
}
String alias = clientKeyStore.aliases().nextElement();
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(clientKeyStore, certPassword.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLSv1.3");
X509TrustManager[] trustManagers = new X509TrustManager[1];
trustManagers[0] = new UnsafeTrustManager();
// 创建域名到证书别名的映射
Map<String, String> domainToAliasMap = new HashMap<>();
domainToAliasMap.put(testApiUrl, alias);//绑定域名
// 获取默认的KeyManager数组
KeyManager[] defaultKeyManagers = kmf.getKeyManagers();
// 创建自定义的KeyManager
X509KeyManager customKeyManager = new DomainX509KeyManager((X509KeyManager)defaultKeyManagers[0], clientKeyStore, domainToAliasMap);
// 创建自定义的KeyManager数组
KeyManager[] keyManagers = new KeyManager[defaultKeyManagers.length];
keyManagers[0] = customKeyManager;
for (int i = 1; i < defaultKeyManagers.length; i++) {
keyManagers[i] = defaultKeyManagers[i];
}
sslContext.init(keyManagers, trustManagers, new java.security.SecureRandom());
sslFactory = sslContext.getSocketFactory();
// }
return sslFactory;
}
把刚导入的证书和域名绑定,注意是域名不是接口地址
如接口:https://test.com.cn/test-service/api/test,域名:test.com.cn
该方法和postman证书请求接口调用方式类似