一、问题的出处
- 项目开发过程中,对前期使用的 华为云共享版 进行切换成 华为云专享版。
- 请求的URL地址中:传输协议从之前的 http 变成了现在的 https。
- 所以就涉及到SSL安全认证的问题:
- 在网络上有两种https,一种是安全的,一种是不安全的。
- 例如:
https://www.baidu.com
,这个地址虽说是https请求,但因为是安全的,所以不用绕过,可以直接httpclient访问。
- 还有一些网址是不安全的,我们访问的时候,会提示不安全的连接。
- 对于不安全的https,可以通过两种方式解决。
- 是通过认证需要的密钥配置httpclient。
- 是配置httpclient绕过https安全认证。
二、Httpclient绕过https安全认证
- 实际请求过程中,使用的是带参数的POST请求方式。
- 关键代码行数为:
12 ~ 26
、44
、90 ~ 124
。 - 通过以下的代码:亲测成功实现了、Httpclient绕过https安全认证。
- 以下代码仅供参考、具体问题具体分析。
public static List<Map<String,Object>> getTransferVipData(String method,String url,String body) throws Exception {
List<Map<String,Object>>result = new ArrayList<>();
Request request = new Request();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
SSLContexts.custom().loadTrustMaterial(null,new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", createIgnoreVerifySSL())
.build();
PoolingHttpClientConnectionManager pool = new PoolingHttpClientConnectionManager(registry);
HttpClientBuilder httpClientBuilder = HttpClients.custom().setConnectionManager(pool).setSSLSocketFactory(sslsf);
CloseableHttpClient closeableHttpClient = httpClientBuilder.build();
CloseableHttpResponse response = null;
try {
request.setKey("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
request.setSecret("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
request.setMethod(method);
request.setUrl(url);
request.setBody(body);
request.addHeader("Content-Type", "application/json");
request.addHeader("X-Dlm-Type","EXCLUSIVE");
HttpRequestBase signedRequest = Client.sign(request);
Header[] authorization = signedRequest.getHeaders("Authorization");
signedRequest.addHeader("x-Authorization",authorization[0].getValue());
response = closeableHttpClient.execute(signedRequest);
System.out.println(response.getStatusLine().toString());
Header[] resHeaders = response.getAllHeaders();
for (Header h : resHeaders) {
System.out.println(h.getName() + ":" + h.getValue());
}
HttpEntity resEntity = response.getEntity();
if (resEntity != null) {
String datas = EntityUtils.toString(resEntity, "UTF-8");
JSONObject obj = JSONObject.parseObject(datas);
JSONObject source = obj.getJSONObject("data");
JSONArray list = source.getJSONArray("data");
for (int i = 0; i < list.size(); i++) {
Map<String,Object> map = (Map<String, Object>) list.get(i);
result.add(map);
}
}
EntityUtils.consume(resEntity);
} catch (Exception e) {
log.info("POST请求失败");
e.printStackTrace();
} finally {
if (closeableHttpClient != null) {
try {
closeableHttpClient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (response != null) {
try {
response.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return result;
}
public static SSLConnectionSocketFactory createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLConnectionSocketFactory sslsf = null;
try {
SSLContext sc = SSLContext.getInstance("TLS");
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
sslsf = new SSLConnectionSocketFactory(sc, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
}catch (GeneralSecurityException e){
e.printStackTrace();
}
return sslsf;
}