java http client https

零 

根据 spring boot https，在pb协议 jdk序列化协议中代码新建一个json序列化springboot controller，并配置ssl

 

一 java HttpURLConnection

关于JAVA发送Https请求（HttpsURLConnection和HttpURLConnection） 

证书包含两种情况：

1.1、机构所颁发的被认证的证书，这种证书的网站在浏览器访问时https头显示为绿色如百度

package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {
            URL object = new URL("https://www.sina.com.cn");
            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */
            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

JsonHttpsTestCA

 

1.2、个人所设定的证书，这种证书的网站在浏览器里https头显示为红色×，且需要点击信任该网站才能继续访问。而点击信任这一步的操作就是我们在java代码访问https网站时区别于http请求需要做的事情。

package com.example.demo.controller.ssl.httpcon;

import serial.MyBaseProto;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https，需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            MyX509TrustManager.initSSL();

            URL object = new URL("https://localhost:8080/json/testhttps");

            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */

            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

JsonHttpsTestCA

package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Created by joyce on 2019/12/26.
 */
public class MyX509TrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] ax509certificate,String s) throws CertificateException {
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        // TODO Auto-generated method stub
        return null;
    }

    public static void initSSL() throws Exception {
        SSLContext sslcontext = SSLContext.getInstance("SSL","SunJSSE");
        sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
        HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
            public boolean verify(String s, SSLSession sslsession) {
                //   System.out.println("WARNING: Hostname is not matched for cert.");
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
    }
}

MyX509TrustManager

 

所以JAVA发送Https请求有两种情况，三种解决办法：

第一种情况：Https网站的证书为机构所颁发的被认证的证书，这种情况下和http请求一模一样，无需做任何改变，用HttpsURLConnection或者HttpURLConnection都可以

第二种情况：个人所设定的证书，这种证书默认不被信任，需要我们自己选择信任，信任的办法有两种：

B、忽略证书验证过程，忽略之后任何Https协议网站皆能正常访问（实测用HttpsURLConnection或者HttpURLConnection都可以）

C、java代码中加载证书，必须使用HttpsURLConnection方式

 

二 apache httpclient

 HttpClient发送https请求，信任所有证书

 

2.1

package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {

            /**
             * CA证书直接使用default
             */
            CloseableHttpClient httpClient = HttpClientBuilder.create().build();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://www.sina.com.cn");

            // 响应模型
            CloseableHttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

JsonHttpsTestCA

 

2.2

package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https，需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            /**
             * 自己的证书，忽略所有
             */
            HttpClient httpClient = HttpClientFactory.createSSLClientDefault();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://localhost:8080/json/testhttps");

            // 响应模型
            HttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}

JsonHttpsTestCA

package com.example.demo.controller.ssl.httpclient;

/**
 * Created by joyce on 2019/12/25.
 */
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;

import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import java.security.SecureRandom;

public class HttpClientFactory {

    public static CloseableHttpClient createSSLClientDefault() {
        try {
            //使用 loadTrustMaterial() 方法实现一个信任策略，信任所有证书
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
                // 信任所有
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }
            }).build();
            //NoopHostnameVerifier类:  作为主机名验证工具，实质上关闭了主机名验证，它接受任何
            //有效的SSL会话并匹配到目标主机。
            HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
            return HttpClients.custom().setSSLSocketFactory(sslsf).build();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return HttpClients.createDefault();

    }
}

HttpClientFactory