4种调用https服务的方式

最新推荐文章于 2023-12-19 11:15:59 发布

xindongyinfu

最新推荐文章于 2023-12-19 11:15:59 发布

阅读量747

点赞数

文章标签： java 操作系统

本文链接：https://blog.csdn.net/xindongyinfu/article/details/84611521

版权

以前在网厅的时候，请求计费的账单开始使用的是httpclient,后来因为性能问题，换成了使用socket 发送http请求的方式，由于计费服务器端使用了redirect ，因此还需要从响应报文中得到Location 中的url,再次发送一次http请求才能完成整个业务逻辑！

Https 资源在访问的时候会让你输入用户名和密码

1.使用linux 的curl命令

# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list
[code="java"]<Users>
<User>
<isAdmin>1</isAdmin>
<id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
<name>tcloudadmin</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
<name>gaoyang</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>2d393438-9c8f-4704-8dfd-9f00fb7d7d18</id>
<name>teststorage</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
</Users>
# [/code]
-k/--insecure Allow connections to SSL sites without certs (H)
--basic Use HTTP Basic Authentication (H)
-u/--user <user[:password]> Set server user and password
-d/--data <data> HTTP POST data (H)
-H/--header <line> Custom header to pass to server (H)

方式2: 使用socket发送http请求字符串到https 服务上

curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list -v

使用-v 选项可以看到http请求的过程和内容，可以作为我们拼 Http 请求字符串的依据

[code="java"]# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.196/api/account.list -v
* About to connect() to 123.124.189.xxx port 443
* Trying 123.124.189.xxx... connected
* Connected to 123.124.189.xxx (123.124.189.xxx) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
* start date: 2010-02-03 02:13:59 GMT
* expire date: 2020-02-01 02:13:59 GMT
* common name: CloudLego (does not match '123.124.189.xxx')
* issuer: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'tcloudadmin'
> POST /api/account.list HTTP/1.1
> Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 123.124.189.xxx
> Accept: */*
> Content-Type: application/xml
> Content-Length: 0
>
< HTTP/1.1 200 OK
< Date: Sun, 16 Jan 2011 11:40:25 GMT
< Server: Apache/2.2.15 (Fedora)
< Vary: Authorization
< Content-Type: text/xml; charset=utf-8
< Connection: close
< Transfer-Encoding: chunked
<Users>
<User>
<isAdmin>1</isAdmin>
<id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
<name>tcloudadmin</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
<name>gaoyang</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>2a228769-3b2d-4d26-b2c8-697c86f78b65</id>
<name>test1234</name>
<groupId>ce2666d0-6c95-47f3-a908-cadf333a214e</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>543ae799-df16-438d-9071-6618f5c09ba3</id>
<name>test123</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>3bbc0f32-4490-49fd-8944-751ae28c1073</id>
<name>elaster-demo</name>
<groupId>fb86fe86-210a-4242-b157-fce26ba41545</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>bd2636fa-b92e-47e8-b658-e540e9307839</id>
<name>test11</name>
<groupId>a2b2179a-8f96-420a-be59-1cc5d12394e3</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>4867561a-9566-4740-a3ce-4bf78289490c</id>
<name>gavin</name>
<groupId>237b3b70-5d13-4325-a5aa-83a28aabb693</groupId>
</User>
</Users>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
# [/code]

这种方式调用要求掌握Http协议的请求格式，如果请求协议的格式错误，则不能得到正确的返回结果！
必须要知道的：

a.
报文都由5个成员组成，其中请求报文的结构如下:
1、第1成员:请求行(Request-Line)或状态行(Status-line)
2、第2成员:通用头(General-Header)
3、第2成员:请求头(Request-Header)
4、第4成员:实体头(Entity-Header)
5、第5成员:实体主体(Entiry-Body)

b. 每个请求行都要以回车换行结尾
c. 协议结束的标志是 2个换行
c. 如果返回的响应有 location 字段，也就是重定向了需要我们根据location 字段重新发起请求

下面是一个socket 拼接 http请求字符串的例子

import java.io.BufferedReader;  
import java.io.BufferedWriter;  
import java.io.InputStreamReader;  
import java.io.OutputStreamWriter;  
import java.io.PrintWriter;  
import java.net.Socket;  

import javax.net.ssl.SSLSocketFactory;  


public class SocketHttpsClient  
{  
    public static void main(String[] args)  throws Exception  
    {  
        String url="https://123.124.189.xxx:443/api/vm.list";  
        SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();  
        String reqMsg=getFirestRequestMsg(url);  
        Socket socket=null;  
        try {  
            System.out.println("请求消息："+reqMsg);  
             socket = ssf.createSocket("123.124.189.xxx", 443);     

            PrintWriter tOut = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream())));  
              tOut.write(reqMsg);  
              tOut.println();  
              tOut.flush();  
              System.out.println("消息发送成功!等待返回结果。。。");  

              BufferedReader tIn = new BufferedReader(new InputStreamReader(socket.getInputStream()));  
              String tLine = null;  
              StringBuilder sb=new StringBuilder();  
              while ((tLine = tIn.readLine()) != null) {  
                sb.append(tLine).append("\n");  
              }  
              System.out.println("返回内容："+sb.toString());  

        } catch (Exception e) {  
            System.out.println(e);  
            throw e;  
        }finally{  
            if(socket!=null){  
                socket.close();  
            }  
        }  
    }  
    private static String getFirestRequestMsg(String url){  
        StringBuilder reqMsg = new StringBuilder("")  
        .append("POST ").append("/api/vm.list").append(" HTTP/1.1").append("\r\n")  
        .append("Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz").append("\r\n")  
        .append("User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5").append("\r\n")  
        .append("Host: ").append("123.124.189.xxx").append("\r\n")  
        .append("Accept: */*").append("\r\n")  
        .append("Content-Type: application/xml").append("\r\n")  
        .append("Content-Length: 0").append("\r\n")  
        .append("\r\n")  
        .append("\r\n");  
        return reqMsg.toString();  
    }  

}

3. 使用HttpClient,首先直接访问 https://123.124.189.xxx/api/account.list ，使用firefox 的firebug插件拦截http请求和响应
[img]http://dl.iteye.com/upload/picture/pic/79109/8e519bda-6137-3557-a6cb-b12970c32fb3.g[/img]

package cn.com.xinli.test.httpclient;  
import java.io.InputStream;  

import org.apache.commons.httpclient.HttpClient;  
import org.apache.commons.httpclient.NameValuePair;  
import org.apache.commons.httpclient.methods.PostMethod;  



public class TestHttps {  


/** 
 * 参考 
 * http://wanglei0119.iteye.com/blog/607046 
 */  
    /** 

     * @param args 

     */  

    public static void main(String[] args) {  

        HttpClient httpclient = new HttpClient();      
        PostMethod postMethod = new PostMethod("https://123.124.189.xxx:443/api/vm.list");  
        NameValuePair[] data = {};  

       try {  

           postMethod.addRequestHeader("Content-Type","application/xml");  

           postMethod.addRequestHeader("Authorization", "basic dGNsb3VkYWRtaW46dGNsb3VkMTIz");  

           postMethod.setRequestBody(data);  

           httpclient.executeMethod(postMethod);  
           InputStream insr = postMethod.getResponseBodyAsStream();  
           int respInt = insr.read();  

            while (respInt != -1) {  

                 System.out.print((char) respInt);  

                 respInt = insr.read();  
            }  

       } catch (Exception e) {  

           System.out.println(e.getLocalizedMessage());  

       } finally {  

           postMethod.releaseConnection();  

       }  
    }  
}

运行这段代码会报一个错误 unable to find valid certification path to requested target

这个文章有解决方案：

http://wanglei0119.iteye.com/blog/607046

当使用正确生成的cert 后 httpclient 可以调用到https的服务了

方式4 ：还是使用httpclient ,使用 httpclient的 X509TrustManager 类，这种调用方式不需要客户端制作证书，很方便！

package com.platform.vmo.elasterAgent.elaster;  
import java.io.InputStreamReader;  
import java.security.cert.CertificateException;  
import java.security.cert.X509Certificate;  
import javax.net.ssl.SSLContext;  
import javax.net.ssl.TrustManager;  
import javax.net.ssl.X509TrustManager;  
import org.apache.http.HttpEntity;  
import org.apache.http.HttpResponse;  
import org.apache.http.client.methods.HttpPost;  
import org.apache.http.conn.scheme.Scheme;  
import org.apache.http.conn.ssl.SSLSocketFactory;  
import org.apache.http.entity.StringEntity;  
import org.apache.http.impl.client.DefaultHttpClient;  

public class HttpClinetTest {  
    public static void main(String[] args) throws Exception{  
        // First create a trust manager that won't care.  
        X509TrustManager trustManager = new X509TrustManager() {  
            public void checkClientTrusted(X509Certificate[] chain,  
                    String authType) throws CertificateException {  
                // Don't do anything.  
            }  

            public void checkServerTrusted(X509Certificate[] chain,  
                    String authType) throws CertificateException {  
                // Don't do anything.  
            }  

            public X509Certificate[] getAcceptedIssuers() {  
                // Don't do anything.  
                return null;  
            }  

        };  
        // Now put the trust manager into an SSLContext.  
        SSLContext sslcontext = SSLContext.getInstance("SSL");  
        sslcontext.init(null, new TrustManager[] { trustManager }, null);  

        // Use the above SSLContext to create your socket factory  
        // (I found trying to extend the factory a bit difficult due to a  
        // call to createSocket with no arguments, a method which doesn't  
        // exist anywhere I can find, but hey-ho).  
        SSLSocketFactory sf = new SSLSocketFactory(sslcontext);  
        sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  

        DefaultHttpClient httpclient = new DefaultHttpClient();  
        httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", sf, 443));  


        String requset ="https://180.168.35.140/api/vm.list";  
        HttpPost httpPost = new HttpPost(requset);  
        String result = "";  
        // Execute HTTP request  
        httpPost.setHeader("Authorization", "basic " + "dGNsb3VkYWRtaW46dGNsb3VkMTIz");   
        httpPost.setHeader("Content-type", "application/xml");  

            StringEntity reqEntity;  

            reqEntity = new StringEntity("");  
            httpPost.setEntity(reqEntity);  
            HttpResponse response = httpclient.execute(httpPost);  
            HttpEntity resEntity = response.getEntity();  
            InputStreamReader reader = new InputStreamReader(resEntity.getContent());  

            char[] buff = new char[1024];  
            int length = 0;  
            while ((length = reader.read(buff)) != -1) {  
                result += new String(buff, 0, length);  
            }  
            httpclient.getConnectionManager().shutdown();  

            System.out.println(">>>:"+result);  




    }  
}