2018/11/8 对接aep扣费接口,接口是用https协议
坑1:
httpclient忽略https证书
//错误代码
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] arg0,
String arg1) throws CertificateException {
// TODO Auto-generated method stub
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", sslsf).build();
HttpClientConnectionManager clientConnectionManager = new PoolingHttpClientConnectionManager(
registry);
CloseableHttpClient httpClient = HttpClients.custom()
.setConnectionManager(clientConnectionManager).build();
//正确代码
SSLContext sslcontext = SSLContexts.custom()
.loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(
X509Certificate[] x509Certificates, String s)
throws CertificateException {
return true;
}
}).build();
String sslProConfig = "";// AepConfig.getSslProtocol();
if (StringUtils.isEmpty(sslProConfig)) {
sslProConfig = "SSLv2Hello,SSLv3,TLSv1,TLSv1.2";
}
// 获取到协议列表数组
String[] sslProCfgArr = sslProConfig.split(",");
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, sslProCfgArr, null, NoopHostnameVerifier.INSTANCE);// NoopHostnameVerifier.INSTANCE就是不用校验服务端证书
Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf).build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(
registry);
// 最大连接
int maxConn = 20;// AepConfig.getMaxThreadsThreshold();
cm.setMaxTotal(maxConn);
// 每个路由的最大连接
cm.setDefaultMaxPerRoute(maxConn);
// 响应超时时间
int timeout = 50000;// AepConfig.getAepInvokeTimeout() *
// AepTool.MILLS_SECOND;
RequestConfig defaultRequestConfig = RequestConfig.custom()
.setSocketTimeout(timeout).setConnectTimeout(timeout)
.setConnectionRequestTimeout(timeout)
.setStaleConnectionCheckEnabled(true).build();
HttpHost proxy = new HttpHost("127.0.0.1",8888);
CloseableHttpClient httpClient = HttpClients.custom()
.setProxy(proxy)
.setConnectionManager(cm)
.setDefaultRequestConfig(defaultRequestConfig)
.setSSLSocketFactory(sslsf).build();
区别:协议支持不一样
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
String sslProConfig = "SSLv2Hello,SSLv3,TLSv1,TLSv1.2";
String[] sslProCfgArr = sslProConfig.split(",");
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslcontext, sslProCfgArr, null, NoopHostnameVerifier.INSTANCE);// NoopHostnameVerifier.INSTANCE就是不用校验服务端证书
坑2:ssl解决后返回500状态码
发送的包体不一样,不是一般的key-value的post包,而是json的body包,因为服务器设置了header不合格或者body不合格就直接抛500状态码。
坑3:
Fiddler 抓包不能抓https的header信息
由于坑2和坑3共同的原因,一直在找header的问题,结果换了多少种方法都不行,后来发了一个http的包,结果就有header的信息了。最终才定位到时body的不合法。后面的就跟服务器通讯起来了,异常也会有提示了
坑4:
时间格式化时候需要与UTC时区来格式化
感谢 https://blog.csdn.net/u012528092/article/details/79080650 ,他的示例代码然我看到了fiddler的header信息,从而判断了https不会有header信息的