httpclient-ssl+https校验+springboot ssl

最新推荐文章于 2024-08-16 11:38:54 发布
最新推荐文章于 2024-08-16 11:38:54 发布
阅读量908 收藏 1
点赞数
分类专栏: https 文章标签: ssl
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/zlfing/article/details/77869369
版权

HttpClientUtil


/**
 * HTTPClient工具类
 */
public class HttpClientUtil {
    private static final String EMPTY_STR = "";
    private static final String UTF_8 = "UTF-8";
    private static final int MAX_TIMEOUT = 100000;
    private static PoolingHttpClientConnectionManager cm;
    private static RequestConfig requestConfig;
    private static Logger logger = Logger.getLogger(HttpClientUtil.class);
    private static CloseableHttpClient httpClient;
    private static final String keyStorePath = "d:/keystore/xxx.keystore";
    private static final String keyStorePwd = "xxxx";

    public static void main(String[] args) {
        httpGetRequest("https://www.baidu.com");
    }

    private static CloseableHttpClient getHttpClient() {
        try {
            KeyStore trustStore = null;
//            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
//            FileInputStream inputStream = new FileInputStream(new File(keyStorePath));
//            trustStore.load(inputStream, keyStorePwd.toCharArray());
            // 相信自己的CA和所有自签名的证书
            SSLContext sslcontext = SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
            SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1"}, null,
                    SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
            // 设置协议http和https对应的处理socket链接工厂的对象
            Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                    .register("http", PlainConnectionSocketFactory.INSTANCE)
                    .register("https", sslConnectionSocketFactory)
                    .build();
            initHttpClientConnectionManager(socketFactoryRegistry);
            return HttpClients.custom().setConnectionManager(cm).setDefaultRequestConfig(requestConfig).build();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
        return null;
    }

    private static void initHttpClientConnectionManager(Registry<ConnectionSocketFactory> registry) {
        if (cm == null) {
            cm = new PoolingHttpClientConnectionManager(registry);
            cm.setMaxTotal(50);// 整个连接池最大连接数
            cm.setDefaultMaxPerRoute(5);// 每路由最大连接数,默认值是2
            RequestConfig.Builder configBuilder = RequestConfig.custom();
            // 设置连接超时
            configBuilder.setConnectTimeout(MAX_TIMEOUT);
            // 设置读取超时
            configBuilder.setSocketTimeout(MAX_TIMEOUT);
            // 设置从连接池获取连接实例的超时
            configBuilder.setConnectionRequestTimeout(MAX_TIMEOUT);
            // 在提交请求之前 测试连接是否可用
            configBuilder.setStaleConnectionCheckEnabled(true);
            requestConfig = configBuilder.build();
        }
    }


    /**
     * @param url
     * @return
     */
    public static String httpGetRequest(String url) {
        HttpGet httpGet = new HttpGet(url);
        if (StringUtils.isNotBlank(url)) {
            return getResult(httpGet);
        }
        return null;
    }

    public static String httpGetRequest(String url, Map<String, Object> params) throws URISyntaxException {
        URIBuilder ub = new URIBuilder();
        ub.setPath(url);

        List<NameValuePair> pairs = covertParams2NVPS(params);
        ub.setParameters(pairs);

        HttpGet httpGet = new HttpGet(ub.build());
        return getResult(httpGet);
    }

    public static String httpGetRequest(String url, Map<String, Object> headers, Map<String, Object> params)
            throws URISyntaxException {
        URIBuilder ub = new URIBuilder();
        ub.setPath(url);

        List<NameValuePair> pairs = covertParams2NVPS(params);
        ub.setParameters(pairs);

        HttpGet httpGet = new HttpGet(ub.build());
        for (Map.Entry<String, Object> param : headers.entrySet()) {
            httpGet.addHeader(param.getKey(), String.valueOf(param.getValue()));
        }
        return getResult(httpGet);
    }

    public static String httpPostRequest(String url) {
        HttpPost httpPost = new HttpPost(url);
        return getResult(httpPost);
    }

    public static String httpPostRequest(String url, Map<String, Object> params) throws UnsupportedEncodingException {
        HttpPost httpPost = new HttpPost(url);
        List<NameValuePair> pairs = covertParams2NVPS(params);
        httpPost.setEntity(new UrlEncodedFormEntity(pairs, UTF_8));
        return getResult(httpPost);
    }

    public static String httpPostRequest(String url, Map<String, Object> headers, Map<String, Object> params)
            throws UnsupportedEncodingException {
        HttpPost httpPost = new HttpPost(url);

        for (Map.Entry<String, Object> param : headers.entrySet()) {
            httpPost.addHeader(param.getKey(), String.valueOf(param.getValue()));
        }

        List<NameValuePair> pairs = covertParams2NVPS(params);
        httpPost.setEntity(new UrlEncodedFormEntity(pairs, UTF_8));

        return getResult(httpPost);
    }

    private static List<NameValuePair> covertParams2NVPS(Map<String, Object> params) {
        ArrayList<NameValuePair> pairs = new ArrayList<NameValuePair>();
        for (Map.Entry<String, Object> param : params.entrySet()) {
            pairs.add(new BasicNameValuePair(param.getKey(), String.valueOf(param.getValue())));
        }

        return pairs;
    }

    private static String getResult(HttpRequestBase request) {
        if (httpClient == null) {
            httpClient = getHttpClient();
        }
        try {
            CloseableHttpResponse response = httpClient.execute(request);
            HttpEntity entity = response.getEntity();
            if (entity != null) {
                // long len = entity.getContentLength();// -1 表示长度未知
                String result = EntityUtils.toString(entity);
                response.close();
                return result;
            }
        } catch (ClientProtocolException e) {
            logger.error(e.getMessage(), e);
        } catch (IOException e) {
            logger.error(e.getMessage(), e);
        }
        return EMPTY_STR;
    }
}

https校验类

MyX509Test


import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import java.io.InputStreamReader;
import java.net.URL;


public class MyX509Test {
    public static void main(String[] args) {
        try {
            httpGetRequest("https://localhost:8443/user/1");
        } catch (Exception e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

    public static void httpGetRequest(String url) throws Exception {

        // 创建SSLContext对象,并使用我们指定的信任管理器初始化
        TrustManager[] tm = {new MyX509TrustManager()};

        SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
        sslContext.init(null, tm, new java.security.SecureRandom());

        // 从上述SSLContext对象中得到SSLSocketFactory对象
        SSLSocketFactory ssf = sslContext.getSocketFactory();
        // 创建URL对象
        URL myURL = new URL(url);
        // 创建HttpsURLConnection对象,并设置其SSLSocketFactory对象
        HttpsURLConnection httpsConn = (HttpsURLConnection) myURL.openConnection();
        httpsConn.setSSLSocketFactory(ssf);
        // 取得该连接的输入流,以读取响应内容
        InputStreamReader insr = new InputStreamReader(httpsConn.getInputStream(), "UTF-8");
        // 读取服务器的响应内容并显示
        int respInt = insr.read();
        while (respInt != -1) {
            System.out.print((char) respInt);
            respInt = insr.read();
        }
    }
}

MyX509TrustManager


/**
 * 自定义信任管理器
 * <p>
 * https加密
 */

public class MyX509TrustManager implements X509TrustManager {
    X509TrustManager sunJSSEX509TrustManager;
    private static final String TRUST_MANAGER_ALGORITHM = "SunX509";
    private static final String TRUEST_PROVIDER = "SunJSSE";
    private static final String CERTS_PWD = "123123";
    private static final String FILE_PATH = "D:\\keystore/kyo.keystore";


    // 构造方法初始化证书信息
    public MyX509TrustManager() throws Exception {
        // 获得keystore实例
        KeyStore ks = KeyStore.getInstance("jks");
        // keystore文件流、密码
        ks.load(new FileInputStream(FILE_PATH), CERTS_PWD.toCharArray());
        // algorithm:加密方式
        // provider:提供者
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(TRUST_MANAGER_ALGORITHM, TRUEST_PROVIDER);
        // 信任管理器初始化证书
        tmf.init(ks);
        TrustManager[] tms = tmf.getTrustManagers();
        for (TrustManager tm : tms) {
            if (tm instanceof X509TrustManager) {
                sunJSSEX509TrustManager = (X509TrustManager) tm;
                return;
            }
        }

        // 如果都没有发现,抛出异常
        throw new Exception("Couldn'tinitialize!");
    }


    // 检测客户端是否信任程序

    public void checkClientTrusted(X509Certificate[] chain, String authType) {
        try {
            sunJSSEX509TrustManager.checkClientTrusted(chain, authType);
        } catch (CertificateException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }


    // 检测服务器端是否信任程序
    public void checkServerTrusted(X509Certificate[] chain, String authType) {
        try {
            sunJSSEX509TrustManager.checkServerTrusted(chain, authType);
        } catch (CertificateException e) {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }

    // 获得信任的发型证书
    public X509Certificate[] getAcceptedIssuers() {
        return sunJSSEX509TrustManager.getAcceptedIssuers();
    }

}

spring boot SSL

application.yml

server:
  port: 8443
  tomcat:
    max-connections: 2000
    max-threads: 200
    uri-encoding: UTF-8
#  ssl:
#    key-alias: tomcat
#    key-password: tomcat
#    enabled: true
#    key-store: d:\tomcat.keystore
  ssl:
    key-alias: zlf
    key-password: 111111
    enabled: true
    key-store: classpath:zlf.keystore

Application


@SpringBootApplication
public class Application {
    @Bean
    public EmbeddedServletContainerFactory servletContainer() {
        TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory() {
            @Override
            protected void postProcessContext(Context context) {
                SecurityConstraint securityConstraint = new SecurityConstraint();
                securityConstraint.setUserConstraint("CONFIDENTIAL");
                SecurityCollection collection = new SecurityCollection();
                collection.addPattern("/*");
                securityConstraint.addCollection(collection);
                context.addConstraint(securityConstraint);
            }
        };
        tomcat.addAdditionalTomcatConnectors(initiateHttpConnector());
        return tomcat;
    }

    private Connector initiateHttpConnector() {
        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
        connector.setScheme("http");
        connector.setPort(8000);
        connector.setSecure(false);
        connector.setRedirectPort(8443);
        return connector;
    }

    public static void main(String[] args) {
        SpringApplication.run(Application.class, args);
    }
}

keytool命令

//生成keystore
keytool -genkeypair -alias "zlf" -keyalg "RSA" -keystore "zlf.keystore"  

keytool -genkeypair -alias "kyo" -keyalg "RSA" -keystore "kyo.keystore"  

//查看keystore
keytool -list -keystore test.keystore  
//详细
keytool -list -keystore test.keystore -v

//导出证书
keytool -export -alias zlf -keystore zlf.keystore -storepass 111111 -rfc -file zlf.cer

//导入证书
keytool -import -keystore d:/keystore/kyo.keystore -file d:/keystore/zlf.cer
老猿说说
关注
专栏目录
httpclient4.5发送https请求(验证证书)
07-03
不会的可以在评论区留言哈,这是我自己做项目用到的。所以绝对可用!同时共享出来给到大家
使用HttpClient连接池进行https单双向验证
weixin_33924220的博客
04-11 172
https单双向验证环境的搭建参见:http://www.cnblogs.com/YDDMAX/p/5368404.html 一、单向握手 示例程序: package com.ydd.study.hello.httpclient; import java.io.File; import java.io.IOException; import java.security.KeyM...
SpringBoot 集成HttpClientUtil 实现http/https请求
最新发布
qq_45399948的博客
08-16 288
【代码】SpringBoot 集成HttpClientUtil 实现http/https请求。
httpclient跳过https请求的验证
weixin_34326429的博客
07-12 211
一、因为在使用https发送请求的时候会涉及,验证方式。但是这种方式在使用的时候很不方便。特别是在请求外部接口的时候,所以这我写了一个跳过验证的方式。(供参考) 二、加入包,这里用的是commons-httpclient 3.1 的包。一般请求采用最新的httpclient4.5就可以了 <dependency> <groupId...
SpringBoot 集成HttpClientUtil 实现http/https请求
qq_27661035的博客
03-19 4328
使用HttpClient发起请求引入jar包代码测试 引入jar包 <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <ve...
SpringBoot 自签名证书使用 及 HttpClient调用自签名服务器Https接口报错
u010359099的博客
08-19 1717
openssl keytool 钥匙串(mac) 都可以生成自签名证书,这里不多描述。由于服务端使用自签名证书,导致客户端HttpClient调用的时候报错。参考 > JDK导入自签名证书且启用信任证书>这种问题是证书有问题,需要重新生成具有。功能读取受信任的证书,代码请参考。可以通过定义配置来设置相关属性。将需要添加信任的证书导入到。可以参考命令提示使用。从另一个存储库导入到。设置存储库的访问密码。
http远程接口调用-httpClient+跳过SSL证书校验
08-04
通过创建自定义的SSLContext和HostnameVerifier,我们可以轻松地绕过SSL校验,从而简化接口调用流程。然而,这必须谨慎使用,避免在生产环境中引入安全风险。在apitest文件中,你可以找到包含HttpClient工具类代码,...
HttpClient4.5 实现https忽略SSL证书验证
09-22
使用HttpClient4.5实现https请求忽略SSL证书验证工具类
httpClient实例httpClient调用 http/https实例 忽略SSL验证
03-30
这个实例主要涉及如何配置HttpClient来忽略SSL(Secure Socket Layer)验证,这对于在开发和测试环境中处理自签名证书或未认证的服务器非常有用。以下将详细介绍HttpClient的使用以及如何进行SSL验证的忽略。 首先...
详解.NET Core 使用HttpClient SSL请求出错的解决办法
10-17
在.NET Core中使用HttpClient进行SSL请求时,开发者可能会遇到一个常见的问题:SSL证书验证失败。这通常发生在尝试连接到使用自签名证书或未被信任证书颁发机构(CA)签名的HTTPS服务时。当.NET Core的HttpClient...
HttpClient访问https,设置忽略SSL证书验证
授人以渔的博客
11-15 6716
报错:sun.security.validator.ValidatorException:PKIXpathbuildingfailed:sun.security.provider.certpath.SunCertPathBuilderException:unabletofindvalidcertificationpathtorequestedtarget import java.security.cert.CertificateException; import java...
httpclient 绕开HTTPS证书校验
07-05
httplient向https发送请求会因为证书校验而报错,该工具类提供绕开HTTPS证书校验方法,以实现访问https网站的功能
springboot使用httpclient(PostMethod,RequestEntity等)使用笔记
enthan809882的博客
12-19 7978
所需jar包如下: commons-codec-1.7.jar commons-logging-1.1.1.jar commons-httpclient.jar httpclient-4.2.2.jar httpcore-4.2.2.jar 如果有spring-boot-starter-parent ,下面2个默认会带: commons-codec-1.7.jar commons-loggin...
springboot加载使用证书的ssl然后HttpClient请求
老专家的博客
03-04 1314
import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; import org.apache.http.client.meth...
SpringBootSSL双向认证
xinglin45的博客
10-25 5882
SpringBootSSL双向认证SpringBootSSL双向认证1. 生成证书文件(cer文件和pfx)2. 添加SpringBootSSL配置信息插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLowchar...
[基础原理-计算机网络]https证书校验SSL加密、三次握手四次挥手
xxx
11-12 492
https证书校验(以httpclient为例) 1 构造httpclient时,httpclient会加载jdk里面cacerts文件,cacerts文件包含上百个根证书,httpclient就是根据这些根证书校验服务端的证书。 2 根证书如何校验服务端证书:根证书和服务端证书的关系相当于,一个服务器的服务端证书和客户端证书的关系。根证书相当于私钥,服务端证书相当于公钥。 二 SSL加密 ssl握手过程分为5步: 1 客户端生成随机数clientRandom,以及支持的加密算法.
Android Httpclient设置单证书校验
u013100713的博客
02-09 341
Android Httpclient设置单证书校验 由于项目架构较为古老,使用的还是DefaultHttpClient。因安全监测要求使用单证书验证,在网上找了一圈发现基本都是okhttp或者httpURLconnection的设置方法也不能直接套用,中间牵扯到好几个类名一样但是方法完全不一样的情况,这里做个记录mark一下。 public static DefaultHttpClient getNewHttpClient() { try { Certificate
HttpClient如何访问需要提交客户端证书的SSL服务
toilerchen的博客
02-13 2507
@TOC测试页面 欢迎使用Markdown编辑器 你好! 这是你第一次使用 Markdown编辑器 所展示的欢迎页。如果你想学习如何使用Markdown编辑器, 可以仔细阅读这篇文章,了解一下Markdown的基本语法知识。 新的改变 我们对Markdown编辑器进行了一些功能拓展与语法支持,除了标准的Markdown编辑器功能,我们增加了如下几点新功能,帮助你用它写博客: 全新的界面设计 ,将...
使用Httpclient实现SSL双向认证
热门推荐
摩羯座
01-09 1万+
转载自:http://www.blogjava.net/itvincent/articles/330988.html  1、生成服务器端证书 Java代码 keytool -genkey -keyalg RSA -dname "cn=localhost,ou=sango,o=none,l=china,st=beijing,c=cn" -alias server -keypass pass
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值