HTTPs TLS1.2 請求模擬測試
阿新 • • 發佈:2019-01-17
以下工具可以用來測試TLS1.2證書是否生效:
第一個類:
package com.firstdata.TLStool; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSession; /** * 實現用於主機名驗證的基介面。 * 在握手期間,如果 URL 的主機名和伺服器的標識主機名不匹配,則驗證機制可以回撥此介面的實現程式來確定是否應該允許此連線。 */ public class MyHostnameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { if ("localhost".equals(hostname)) { return true; } else { return false; } } }
主要測試類:
package com.firstdata.TLStool; import java.io.BufferedReader; import java.io.FileInputStream; import java.io.InputStreamReader; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; public class httpsClitents { static int i = 0; /** * 獲得KeyStore. * * @param keyStorePath * 金鑰庫路徑 * @param password * 密碼 * @return 金鑰庫 * @throws Exception */ public static KeyStore getKeyStore(String password, String keyStorePath) throws Exception { // 例項化金鑰庫 KeyStore ks = KeyStore.getInstance("JKS"); // 獲得金鑰庫檔案流 FileInputStream is = new FileInputStream(keyStorePath); // 載入金鑰庫 ks.load(is, password.toCharArray()); // 關閉金鑰庫檔案流 is.close(); return ks; } /** * 獲得SSLSocketFactory. * * @param password * 密碼 * @param keyStorePath * 金鑰庫路徑 * @param trustStorePath * 信任庫路徑 * @return SSLSocketFactory * @throws Exception */ public static SSLContext getSSLContext(String password, String keyStorePath, String trustStorePath) throws Exception { // 例項化金鑰庫 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); // 獲得金鑰庫 KeyStore keyStore = getKeyStore(password, keyStorePath); // 初始化金鑰工廠 keyManagerFactory.init(keyStore, password.toCharArray()); // 例項化信任庫 TrustManagerFactory trustManagerFactory = TrustManagerFactory .getInstance(TrustManagerFactory.getDefaultAlgorithm()); // 獲得信任庫 KeyStore trustStore = getKeyStore(password, trustStorePath); // 初始化信任庫 trustManagerFactory.init(trustStore); // 例項化SSL上下文 SSLContext ctx = SSLContext.getInstance("TLS"); // 初始化SSL上下文 ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null); // 獲得SSLSocketFactory return ctx; } /** * 初始化HttpsURLConnection. * * @param password * 密碼 * @param keyStorePath * 金鑰庫路徑 * @param trustStorePath * 信任庫路徑 * @throws Exception */ public static void initHttpsURLConnection(String password, String keyStorePath, String trustStorePath) throws Exception { // 宣告SSL上下文 SSLContext sslContext = null; // 例項化主機名驗證介面 HostnameVerifier hnv = new MyHostnameVerifier(); try { sslContext = getSSLContext(password, keyStorePath, trustStorePath); } catch (GeneralSecurityException e) { e.printStackTrace(); } if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } HttpsURLConnection.setDefaultHostnameVerifier(hnv); } /** * 傳送請求. * * @param httpsUrl * 請求的地址 * @param xmlStr * 請求的資料 */ public static void post(String httpsUrl, String xmlStr) { HttpsURLConnection urlCon = null; try { urlCon = (HttpsURLConnection) (new URL(httpsUrl)).openConnection(); urlCon.setDoInput(true); urlCon.setDoOutput(true); urlCon.setRequestMethod("POST"); urlCon.setRequestProperty("Content-Length", String.valueOf(xmlStr.getBytes().length)); urlCon.setRequestProperty("Content-Type", "text/xml;charset=UTF-8"); urlCon.setUseCaches(false); // 設定為gbk可以解決伺服器接收時讀取的資料中文亂碼問題 urlCon.getOutputStream().write(xmlStr.getBytes("utf-8")); urlCon.getOutputStream().flush(); urlCon.getOutputStream().close(); BufferedReader in = new BufferedReader(new InputStreamReader(urlCon.getInputStream())); String line; while ((line = in.readLine()) != null) { i++; System.out.println(line + "---- 第" + i + "條"); } } catch (Exception e) { e.printStackTrace(); } } /** * 測試方法. * * @param args * @throws Exception */ public static void main(String[] args) throws Exception { // 密碼 String password = "123456"; // 金鑰庫 String keyStorePath = "C:/Program Files/Java/jdk1.7.0_79/bin/kclient.keystore"; // 信任庫 String trustStorePath = "C:/Program Files/Java/jdk1.7.0_79/bin/tclient.keystore"; // 本地起的https服務 String httpsUrl = "https://localhost:27890/httpsSubmit"; // 傳輸文字 String xmlStr = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><MESSAGE>" + "</MESSAGE>"; httpsClitents.initHttpsURLConnection(password, keyStorePath, trustStorePath); // 發起請求 httpsClitents.post(httpsUrl, xmlStr); } }
以下是如何使用p7b證書檔案來生成keystore:
開啟p7b證書檔案,點選copy to file生成Base-64 encoded X.509(.CER)檔案,可以獲得.CER的證書檔案
通過以下命令將.CER檔案匯入keystore金鑰庫:
C:\java\jdk1.8.0_65\bin\keytool -importcert -trustcacerts -file D:\CER\TestCer.cer -keystore D:\CER\TestKey.keystore -storepass 12345678 -keypass 12345678