Java代码访问基于https安全协议的网站或服务器

Java代码访问基于https安全协议的网站或服务器, 一般分为有证书和无证书两种,无证书的大部分都很简单,说一下我遇到的有证书的:
证书类型:pfx,(个人证书带密码)
服务器配置:基于SSL加密模式(我这边是基于nginx配置的https安全验证)

 

    1. 首先要有jks格式文件的证书秘钥文件,如果没有可以向提供方索要pfx证书,带密码,然后把pfx证书转换为jks格式的密钥文件,因为用程序访问的话必须要密钥类型的文件才行,首先进入你的jdk,进入:
      %JAVA_HOME%/jre/bin目录下,执行如下命令:
      keytool -importkeystore -v -srckeystore client.pfx -srcstoretype pkcs12 -srcstorepass 111111 -destkeystore client.jks -deststoretype jks
      命令说明:一般命令从字面意思都能看懂,就不在说明
      kytool是jdk自带的一个密钥工具,源文件时客户端证书client.pfx,类型未pkcs12,密码是111111,目标密钥文件是client.jks,目标类型是jks

 

  1. 现在有了密钥文件和密码,就可以用java代码来访问了,把下面这段代码直接拷贝到你的
    package mr;
    
    import java.io.BufferedReader;
    import java.io.FileInputStream;
    import java.io.FileNotFoundException;
    import java.io.IOException;
    import java.io.InputStream;
    import java.io.InputStreamReader;
    import java.net.HttpURLConnection;
    import java.net.MalformedURLException;
    import java.net.URL;
    import java.security.KeyManagementException;
    import java.security.KeyStore;
    import java.security.KeyStoreException;
    import java.security.NoSuchAlgorithmException;
    import java.security.UnrecoverableKeyException;
    import java.security.cert.CertificateException;
    import java.security.cert.X509Certificate;
    
    import javax.net.ssl.HostnameVerifier;
    import javax.net.ssl.HttpsURLConnection;
    import javax.net.ssl.KeyManager;
    import javax.net.ssl.KeyManagerFactory;
    import javax.net.ssl.SSLContext;
    import javax.net.ssl.SSLSession;
    import javax.net.ssl.SSLSocketFactory;
    import javax.net.ssl.TrustManager;
    import javax.net.ssl.X509TrustManager;
    
    public class MarketReplyTest {
    
    	public static String HTTPSURL = "https://196.123.131.7/DSFA/MarketReply/GetReplayRecords?opType=get3DESStr&str=111111";
    	public static void main(String[] args){
    		testHttpsPost();
    	}
    	public static void testHttpsPost() {
    		String keystorefile = "c:\\\\cafakeystore_client1.jks";// 个人pfx证书转换为jks密钥文件,该密钥文件可以用程序进行访问
    		String keystorepw = "111111";// 证书密码
    		KeyStore keystore = null;
    		try {
    			keystore = KeyStore.getInstance("JKS");//密钥类型为jks
    			keystore.load(new FileInputStream(keystorefile), keystorepw.toCharArray());// 加载密钥文件
    			KeyManagerFactory keymanagerfactory = KeyManagerFactory.getInstance("SunX509");// 获取密钥管理类的工厂类
    			keymanagerfactory.init(keystore, keystorepw.toCharArray());// 工厂类初始化密钥文件,这里依然需要密码
    			KeyManager[] akeymanager = keymanagerfactory.getKeyManagers();// 获取密钥管理类
    			TrustManager[] atrustmanager = { new TrustAnyTrustManager() };// 获取受信任的证书
    			SSLContext ssl = SSLContext.getInstance("TLS");// 获取安全协议上下文
    			ssl.init(akeymanager, atrustmanager, null);// 初始化安全协议
    			SSLSocketFactory sslsocketfactory = ssl.getSocketFactory();// 获取协议通信
    			URL url = new URL(HTTPSURL);
    			HttpsURLConnection https = (HttpsURLConnection) url.openConnection();
    			https.setSSLSocketFactory(sslsocketfactory);
    			https.setHostnameVerifier(new TrustAnyHostnameVerifier());
    			https.setDoInput(true);
    			https.setDoOutput(true);
    			https.setUseCaches(false);
    			https.setRequestMethod("POST");
    			https.connect();
    			InputStream in = https.getInputStream();
    			BufferedReader reader = new BufferedReader(new InputStreamReader(in));
    			String result = "";
    			String line = "";
    			while ((line = reader.readLine()) != null) {
    				result += line + "\\r";
    			}
    			System.out.println(result);// 输出结果值,
    			reader.close();
    			https.disconnect();
    
    		} catch (KeyStoreException e) {
    			e.printStackTrace();
    		} catch (NoSuchAlgorithmException e) {
    			e.printStackTrace();
    		} catch (CertificateException e) {
    			e.printStackTrace();
    		} catch (FileNotFoundException e) {
    			e.printStackTrace();
    		} catch (IOException e) {
    			e.printStackTrace();
    		} catch (KeyManagementException e) {
    			e.printStackTrace();
    		} catch (UnrecoverableKeyException e) {
    			e.printStackTrace();
    		}
    
    	}
    
    	/**
    	 *信任所有证书(个人证书本来就不受信任,所以在此做处理)
    	 **/
    	private static class TrustAnyTrustManager implements X509TrustManager {
    		public void checkClientTrusted(X509Certificate[] arg0, String arg1)
    				throws CertificateException {
    		}
    
    		public void checkServerTrusted(X509Certificate[] arg0, String arg1)
    				throws CertificateException {
    		}
    
    		public X509Certificate[] getAcceptedIssuers() {
    			return new X509Certificate[] {};
    		}
    	}
    
    	/**
    	 * 验证IP
    	 **/
    	private static class TrustAnyHostnameVerifier implements HostnameVerifier {
    		public boolean verify(String hostname, SSLSession session) {
    			return hostname.equals(session.getPeerHost());
    		}
    	}
    
    }
     

你可能感兴趣的:(https)