網路程式設計七:HttpClient配置ssl,繞過證書驗證
阿新 • • 發佈:2018-12-15
1、HttpClient配置ssl,繞過證書驗證: 自定義實現X509ExtendedTrustManager,JDK會使用TrustAnyTrustManager來驗證證書演算法,而這個類所有的驗證方法都是空方法,也就是不驗證。
2、報錯資訊: ConnectException:com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Fail to verify issuer; internal cause is: java.security.cert.CertPathValidatorException: Signature does not match.
3、注意:對服務端的證書無條件的信任是不安全的
4、必要jar包: ①commons-logging-1.2.jar(有的時候不需要,不過配置上比較好) ②httpclient-4.3.4.jar ③httpclient-cache-4.3.4.jar ④httpcore-4.3.2.jar ⑤httpmime-4.3.4.jar
5、SSLClient.java
import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ClientConnectionManager; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; public class SSLClient extends DefaultHttpClient{ public SSLClient() throws Exception{ super(); SSLContext ctx = SSLContext.getInstance("TLS"); X509TrustManager tm = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { return null; } }; ctx.init(null, new TrustManager[]{tm}, null); SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); ClientConnectionManager ccm = this.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", 443, ssf)); } }
6、HttpClientUtil.java
import java.util.ArrayList; import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Map.Entry; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; import org.apache.http.message.BasicNameValuePair; import org.apache.http.util.EntityUtils; public class HttpClientUtil { public static String doPost(String url, Map<String, String> map, String charset) { HttpClient httpClient = null; HttpPost httpPost = null; String result = null; try { httpClient = new SSLClient(); httpPost = new HttpPost(url); // 設定引數 List<NameValuePair> list = new ArrayList<NameValuePair>(); Iterator iterator = map.entrySet().iterator(); while (iterator.hasNext()) { Entry<String, String> elem = (Entry<String, String>) iterator.next(); list.add(new BasicNameValuePair(elem.getKey(), elem.getValue())); } if (list.size() > 0) { UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list, charset); httpPost.setEntity(entity); } HttpResponse response = httpClient.execute(httpPost); if (response != null) { HttpEntity resEntity = response.getEntity(); if (resEntity != null) { result = EntityUtils.toString(resEntity, charset); } } } catch (Exception ex) { ex.printStackTrace(); } return result; } }
7、TestMain.java
import java.util.HashMap;
import java.util.Map;
public class TestMain {
/*
1、HttpClient配置ssl,繞過證書驗證:
自定義實現X509ExtendedTrustManager,JDK會使用TrustAnyTrustManager來驗證證書演算法,而這個類所有的驗證方法都是空方法,也就是不驗證。
2、報錯資訊:
ConnectException:com.ibm.jsse2.util.h: PKIX path validation failed: java.security.cert.CertPathValidatorException: Fail to verify issuer; internal cause is:
java.security.cert.CertPathValidatorException: Signature does not match.
3、注意:對服務端的證書無條件的信任是不安全的
4、必要jar包:
①commons-logging-1.2.jar(有的時候不需要,不過配置上比較好)
②httpclient-4.3.4.jar
③httpclient-cache-4.3.4.jar
④httpcore-4.3.2.jar
⑤httpmime-4.3.4.jar
*/
public static void main(String[] args) {
String url = "https://www.baidu.com";
Map<String, String>requestDate = new HashMap<String,String>();
requestDate.put("id", "1");
requestDate.put("key", "sdfsd");
String Call_response = HttpClientUtil.doPost(url,requestDate,"utf-8");
System.out.println(Call_response);
}
}