輕鬆把玩HttpClient之配置ssl,採用繞過證書驗證實現https
上篇文章說道httpclient不能直接訪問https的資源,這次就來模擬一下環境,然後配置https測試一下。在前面的文章中,分享了一篇自己生成並在tomcat中配置ssl的文章《Tomcat配置SSL》,大家可以據此來在本地配置https。我已經配置好了,效果是這樣滴:
可以看到已經信任該證書(顯示淺綠色小鎖),瀏覽器可以正常訪問。現在我們用程式碼測試一下:
public static void main(String[] args) throws ParseException, IOException, KeyManagementException, NoSuchAlgorithmException, HttpProcessException { String url = "https://sso.tgb.com:8443/cas/login"; String body = send(url, null, "utf-8"); System.out.println("交易響應結果:"); System.out.println(body); System.out.println("-----------------------------------"); }
發現丟擲了異常,我知道的有兩種方案(也許還有我不知道的方案),這裡介紹第一種方案,也是用的比較多的方案——繞過證書驗證。直接看程式碼吧:
/** * 繞過驗證 * * @return * @throws NoSuchAlgorithmException * @throws KeyManagementException */ public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException { SSLContext sc = SSLContext.getInstance("SSLv3"); // 實現一個X509TrustManager介面,用於繞過驗證,不用修改裡面的方法 X509TrustManager trustManager = new X509TrustManager() { @Override public void checkClientTrusted( java.security.cert.X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException { } @Override public void checkServerTrusted( java.security.cert.X509Certificate[] paramArrayOfX509Certificate, String paramString) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } }; sc.init(null, new TrustManager[] { trustManager }, null); return sc; } 然後修改原來的send方法: /** * 模擬請求 * * @param url 資源地址 * @param map 引數列表 * @param encoding 編碼 * @return * @throws NoSuchAlgorithmException * @throws KeyManagementException * @throws IOException * @throws ClientProtocolException */ public static String send(String url, Map<String,String> map,String encoding) throws KeyManagementException, NoSuchAlgorithmException, ClientProtocolException, IOException { String body = ""; //採用繞過驗證的方式處理https請求 SSLContext sslcontext = createIgnoreVerifySSL(); // 設定協議http和https對應的處理socket連結工廠的物件 Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.INSTANCE) .register("https", new SSLConnectionSocketFactory(sslcontext)) .build(); PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry); HttpClients.custom().setConnectionManager(connManager); //建立自定義的httpclient物件 CloseableHttpClient client = HttpClients.custom().setConnectionManager(connManager).build(); // CloseableHttpClient client = HttpClients.createDefault(); //建立post方式請求物件 HttpPost httpPost = new HttpPost(url); //裝填引數 List<NameValuePair> nvps = new ArrayList<NameValuePair>(); if(map!=null){ for (Entry<String, String> entry : map.entrySet()) { nvps.add(new BasicNameValuePair(entry.getKey(), entry.getValue())); } } //設定引數到請求物件中 httpPost.setEntity(new UrlEncodedFormEntity(nvps, encoding)); System.out.println("請求地址:"+url); System.out.println("請求引數:"+nvps.toString()); //設定header資訊 //指定報文頭【Content-type】、【User-Agent】 httpPost.setHeader("Content-type", "application/x-www-form-urlencoded"); httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)"); //執行請求操作,並拿到結果(同步阻塞) CloseableHttpResponse response = client.execute(httpPost); //獲取結果實體 HttpEntity entity = response.getEntity(); if (entity != null) { //按指定編碼轉換結果實體為String型別 body = EntityUtils.toString(entity, encoding); } EntityUtils.consume(entity); //釋放連結 response.close(); return body; } 現在再進行測試,發現果然通了。
下篇介紹另一種方案,應對自己生成的證書,敬請期待。 --------------------- 作者:龍軒 來源:CSDN 原文:https://blog.csdn.net/xiaoxian8023/article/details/49865335 版權宣告:本文為博主原創文章,轉載請附上博文連結!