2. 程式人生 > >[譯]HttpClient請求HTTPS URL

[譯]HttpClient請求HTTPS URL

阿新 發佈:2018-03-02
.exe med end set cookie ger true rate cti

1.概覽

本文將演示如何配置Apache HttpClient 4 添加ssl支持.目的很簡單----無需有效證書即可成功請求 HTTPS URLs.

如果你想深入挖掘和學習其他和HttpClient相關的酷知識,請點擊httpclient-guide

延伸閱讀:

httpclient-connection-management

httpclient-advanced-config

httpclient-4-cookies

2. SSLPeerUnverifiedException異常

使用httpclient若未配置SSL,下面的測試----請求一個HTTPS URL----將會失敗:

 1
 
 public class HttpLiveTest {
 2  
 3     @Test(expected = SSLPeerUnverifiedException.class)
 4     public void whenHttpsUrlIsConsumed_thenException() 
 5       throws ClientProtocolException, IOException {
 6   
 7         DefaultHttpClient httpClient = new DefaultHttpClient();
 8         String urlOverHttps

 
 9           = "https://localhost:8080/spring-security-rest-basic-auth";
10         HttpGet getMethod = new HttpGet(urlOverHttps);
11          
12         HttpResponse response = httpClient.execute(getMethod);
13         assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
14     }
15 }

具體的異常是:

1 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
2     at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
3     at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
4     ...

不管何時,URL不能建立一個信任的有效鏈時,都會出現javax.net.ssl.SSLPeerUnverifiedException exception異常.

3.配置SSL--Accept All(HttpClient的版本小於4.3)

下面通過配置HTTP client信任所有鏈(譯者註:chains)無論他們是否有效.

 1 @Test
 2 public void givenAcceptingAllCertificates_whenHttpsUrlIsConsumed_thenException() 
 3   throws IOException, GeneralSecurityException {
 4     TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
 5     SSLSocketFactory sf = new SSLSocketFactory(
 6       acceptingTrustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
 7     SchemeRegistry registry = new SchemeRegistry();
 8     registry.register(new Scheme("https", 8443, sf));
 9     ClientConnectionManager ccm = new PoolingClientConnectionManager(registry);
10  
11     DefaultHttpClient httpClient = new DefaultHttpClient(ccm);
12  
13     String urlOverHttps 
14       = "https://localhost:8443/spring-security-rest-basic-auth/api/bars/1";
15     HttpGet getMethod = new HttpGet(urlOverHttps);
16      
17     HttpResponse response = httpClient.execute(getMethod);
18     assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
19 }

在新的信任策略下,覆蓋了原有的標準證書驗證過程(原本需要咨詢一個配置好的信任管理器)----上面的測試通過則表明現在的client可以請求HTTPS URL了.

4.spring的RestTemplate配置SSL(HttpClient的版本小於4.3)

我們已經知曉如何給原生的HttpClient配置添加SSL支持,再看看一下更高級的client----the Spring RestTemplate.

沒有配置SSL的情況下,如預期一致,下面的測試將不會通過:

1 @Test(expected = ResourceAccessException.class)
2 public void whenHttpsUrlIsConsumed_thenException() {
3     String urlOverHttps 
4       = "https://localhost:8443/spring-security-rest-basic-auth/api/bars/1";
5     ResponseEntity<String> response 
6       = new RestTemplate().exchange(urlOverHttps, HttpMethod.GET, null, String.class);
7     assertThat(response.getStatusCode().value(), equalTo(200));
8 }

下面配置SSL:

 1 import static org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
 2 import java.security.GeneralSecurityException;
 3 import java.security.cert.X509Certificate;
 4 import org.apache.http.auth.AuthScope;
 5 import org.apache.http.auth.UsernamePasswordCredentials;
 6 import org.apache.http.conn.scheme.Scheme;
 7 import org.apache.http.conn.ssl.SSLSocketFactory;
 8 import org.apache.http.conn.ssl.TrustStrategy;
 9 import org.apache.http.impl.client.DefaultHttpClient;
10 import org.springframework.http.HttpMethod;
11 import org.springframework.http.ResponseEntity;
12 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
13 import org.springframework.web.client.ResourceAccessException;
14 import org.springframework.web.client.RestTemplate;
15  
16 ...
17 @Test
18 public void givenAcceptingAllCertificates_whenHttpsUrlIsConsumed_thenException() 
19   throws GeneralSecurityException {
20     HttpComponentsClientHttpRequestFactory requestFactory 
21       = new HttpComponentsClientHttpRequestFactory();
22     DefaultHttpClient httpClient
23       = (DefaultHttpClient) requestFactory.getHttpClient();
24     TrustStrategy acceptingTrustStrategy = (cert, authType) -> true
25     SSLSocketFactory sf = new SSLSocketFactory(
26       acceptingTrustStrategy, ALLOW_ALL_HOSTNAME_VERIFIER);
27     httpClient.getConnectionManager().getSchemeRegistry()
28       .register(new Scheme("https", 8443, sf));
29  
30     String urlOverHttps
31       = "https://localhost:8443/spring-security-rest-basic-auth/api/bars/1";
32     ResponseEntity<String> response = new RestTemplate(requestFactory).
33       exchange(urlOverHttps, HttpMethod.GET, null, String.class);
34     assertThat(response.getStatusCode().value(), equalTo(200));
35 }

正如你所見,這和原生的HttpClient配置SSL非常相像----我們給 request factory 添加了SSL支持,然後初始化模板時將配置好的factory作為入參.

5.配置SSL(HttpClient版本為4.4)

在4.4版本,不再使用SSLSocketFactory,可簡單配置如下:

 1 @Test
 2 public void givenIgnoringCertificates_whenHttpsUrlIsConsumed_thenCorrect()
 3   throws Exception {
 4     SSLContext sslContext = new SSLContextBuilder()
 5       .loadTrustMaterial(null, (certificate, authType) -> true).build();
 6  
 7     CloseableHttpClient client = HttpClients.custom()
 8       .setSSLContext(sslContext)
 9       .setSSLHostnameVerifier(new NoopHostnameVerifier())
10       .build();
11     HttpGet httpGet = new HttpGet(HOST_WITH_SSL);
12     httpGet.setHeader("Accept", "application/xml");
13  
14     HttpResponse response = client.execute(httpGet);
15     assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
16 }

6.Spring RestTemplate 配置 SSL (HttpClient 4.4)

我們可以使用同樣的方式配置RestTemplate :

 1 @Test
 2 public void givenAcceptingAllCertificatesUsing4_4_whenUsingRestTemplate_thenCorrect() 
 3 throws ClientProtocolException, IOException {
 4     CloseableHttpClient httpClient
 5       = HttpClients.custom()
 6         .setSSLHostnameVerifier(new NoopHostnameVerifier())
 7         .build();
 8     HttpComponentsClientHttpRequestFactory requestFactory 
 9       = new HttpComponentsClientHttpRequestFactory();
10     requestFactory.setHttpClient(httpClient);
11  
12     ResponseEntity<String> response 
13       = new RestTemplate(requestFactory).exchange(
14       urlOverHttps, HttpMethod.GET, null, String.class);
15     assertThat(response.getStatusCode().value(), equalTo(200));
16 }

7.總結

本教程討論了如何給 Apache HttpClient 配置SSL ,忽略校驗以至於能夠訪問任何 HTTPS URL .並舉例說明給Spring RestTemplate配置SSL.

然而需要明白的是:該策略完全忽略證書驗證,這可能導致安全漏洞,因此只能用在需要的地方.

本文的示例代碼可訪問 the GitHub project ,工程基於Eclipse,因此可以輕松導入並運行.

8.原文地址:

傳送門

[譯]HttpClient請求HTTPS URL

相關推薦

[]HttpClient請求HTTPS URL

.exe med end set cookie ger true rate cti 1.概覽 本文將演示如何配置Apache HttpClient 4 添加ssl支持.目的很簡單----無需有效證書即可成功請求 HTTPS URLs. 如果你想深入挖掘和學習其他和HttpC

HttpClient請求https

    宣告一個SSLClient繞過https驗證 import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ss

Android中HttpClient請求https的驗證過程

前言: 好久沒更新了,最近遇到一些很心煩的事情,既然心煩索性在這裡就不提了。 HttpClient請求https應該加的一些處理: 1.在你的包裡面新增一個類: package com.xxx.x.common; import java.io.IOException;

HttpClient 請求傳參時如何優雅的進行編碼,拒絕url人工拼接

我們在利用HttpClient進行遠端呼叫時,第三方提供的介面如下: 這種介面我們用get、post請求都能呼叫,但是會有一個問題,傳參,@RequestParam 註解表示,傳參非body體,我們只能接在 /updateUserPhoto這個url後面,就是/updateUserPh

httpClient傳送https請求程式碼

package com.lvmama.dest.dianping; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.SS

HttpClient請求URL

1. 編寫HttpClientUtil做POST和GET請求 import com.alibaba.fastjson.JSON; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.

JAVA後端請求HTTPSURL 遇到的問題

1、當沒有匯入證書的情況下,訪問https的url,後臺一般會報 類似如圖的 PKIX錯誤。那麼就需要將證書匯入jre 2、獲取證書,用谷歌瀏覽器,點選位址列左上角,將訪問地址的證書儲存為cer檔案。 3、 以下命令是直接將證書匯入jdk的jre內。 執行命令時要先cd到 jre的bi

java httpClient請求https型別網站遇到ssl證書不受信任

新增建立HTTPClient方法 /** * 建立一個SSL信任所有證書的httpClient物件 * * @return */ public stat

java使用httpClient解決外部url請求訪問

一,在一般專案中,涉及第三方介面呼叫,一般是採用webService或者httpClient。 基於專案要求,我這邊做一個httpClient請求檔案上傳,是先從資料庫表中讀取二進位制流,然後轉存到本地伺服器上面,最後呼叫httpClient上傳至檔案伺服器上面,具體程式碼

HTTPClient呼叫https請求,通過基本認證使用者名稱密碼(Basic Auth)

本文來源是Apache官網例子:http://hc.apache.org/httpcomponents-client-4.5.x/httpclient/examples/org/apache/http/examples/client/ClientAuthentication.java 之前找

使用HttpClient傳送https請求GET方式

第一步:封裝查詢引數,拼接url String url = "www.baidu.com?name=liufei";第二步:發出請求 HttpClient client = new DefaultHttpClient(); HttpGet request = new H

httpclient傳送https請求在weblogic上效率低下問題

最近遇到一個比較詭異的問題: 一個數據供應商的請求連結是https的,於是在網路上搜索了一個httpclient傳送https請求的方法,能夠成功返回資料,但是耗時非常長大概要17~18秒。在排除網路環境、伺服器、資料庫等影響因素後,發現罪魁禍首就在這了。(h

HttpClient實現https請求

package test.ssl; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; import java.security.

httpClient傳送https請求

前言       我們知道現在的http請求應用的越來越廣泛,最常見的場景就是瀏覽器作為http請求的客戶端,請求http服務端。在瀏覽器傳送請求時,會封裝請求行,請求頭,請求體資訊,那我們在用java程式碼模擬時,也需要帶上http請求的這些相關資訊。java自帶的java

HTTPClient 傳送HTTPS請求

HTTPClient 傳送HTTP請求就不多說了, 現在給出傳送HTTPS請求, 主要思路是忽略證書驗證. /** * * @param url * @param contextType "image/jpeg","application/Json" *

企業微信介面開發之使用httpclient實現https請求

    接上篇,企業微信的api不贅述,使用的是https協議.由於資訊也不是很重要,就沒有考慮安全問題,直接使用httpclient繞過證書認證實現功能1.引入httpclient依賴<!-- https://mvnrepository.com/artifact/or

使用httpclient發起https請求時peer not authenticated,handshake_failure

轉載地址:http://www.cnblogs.com/metoy/p/6238061.html 一、前述   使用httpclient發起https請求時,可能會遇到如下異常: javax.net.ssl.SSLPeerUnverifiedException: pee

HttpClient進行https請求

並不是所有的https請求都需要按照下面的程式碼進行設定,如果遇到下面的問題,則需要這麼做。 javax.net.ssl.SSLException: hostname in certificate didn't match: 採用繞過驗證的方式處理htt

PHP:CURL分別以GET、POST方式請求HTTPS協議接口api

json格式 gen useragent pin php curl 檢查 協議 處理 訪問 1、curl以GET方式請求https協議接口 //註意:這裏的$url已經包含參數了,不帶參數你自己處理哦GET很簡單 function curl_get_https($url

php curl請求https 返回無結果|false|errno:35

download 版本 sign sel subject ble etop fig 問題 1 SSL: certificate subject name ‘WMSvc-GWAMSERVER02‘ does not match target host name 把cu