java 访问https站点

 最近的项目里，有了这样的需求，需要预览图片。正常的理解觉得只要在后台处理好，直接把img标签在前台表示就可以，谁知道并不是想象中的那么简单。

当img标签的src属性指向https站点的时候问题来了，后来加入了如下处理，才解决了这个问题。具体的原因是因为安全证书的问题。

URL url = new URL(imageUrl);

    System.setProperty("java.protocol.handler.pkgs", "javax.net.ssl");

    HostnameVerifier hv = new HostnameVerifier() {

     public boolean verify(String urlHostName, SSLSession session) {

      return urlHostName.equals(session.getPeerHost());

     }

    };

    HttpsURLConnection.setDefaultHostnameVerifier(hv);

    

    

    TrustManager[] tm = { new CustomX509TrustManager() };

    

    SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");

    sslContext.init(null, tm, new java.security.SecureRandom());

    SSLSocketFactory ssf = sslContext.getSocketFactory();

    

    HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();

    conn.setSSLSocketFactory(ssf);

    

    input = new DataInputStream(conn.getInputStream());

 

 

用到的CustomX509TrustManager 代码如下

import java.security.KeyStore;

import java.security.cert.CertificateException;

import java.security.cert.X509Certificate;

import javax.net.ssl.TrustManager;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

public class CustomX509TrustManager implements X509TrustManager {

 /*

  * The default X509TrustManager returned by SunX509. We'll delegate

  * decisions to it, and fall back to the logic in this class if the default

  * X509TrustManager doesn't trust it.

  */

 X509TrustManager sunJSSEX509TrustManager;

 public CustomX509TrustManager() throws Exception {

  // create a "default" JSSE X509TrustManager.

  KeyStore ks = KeyStore.getInstance("JKS");

  

  //ks.load(new FileInputStream("trustedCerts"), "passphrase".toCharArray());

  TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509","SunJSSE");

  

  tmf.init(ks);

  TrustManager tms[] = tmf.getTrustManagers();

  /*

   * Iterate over the returned trustmanagers, look for an instance of

   * X509TrustManager. If found, use that as our "default" trust manager.

   */

  for (int i = 0; i < tms.length; i++) {

   if (tms[i] instanceof X509TrustManager) {

    sunJSSEX509TrustManager = (X509TrustManager) tms[i];

    return;

   }

  }

  /*

   * Find some other way to initialize, or else we have to fail the

   * constructor.

   */

  throw new Exception("init failure");

 }

 /*

  * Delegate to the default trust manager.

  */

 public void checkClientTrusted(X509Certificate[] chain, String authType)

   throws CertificateException {

  try {

   sunJSSEX509TrustManager.checkClientTrusted(chain, authType);

  } catch (CertificateException excep) {

   // do any special handling here, or rethrow exception.

  }

 }

 /*

  * Delegate to the default trust manager.

  */

 public void checkServerTrusted(X509Certificate[] chain, String authType)

   throws CertificateException {

  

  

  try {

   sunJSSEX509TrustManager.checkServerTrusted(chain, authType);

  } catch (CertificateException excep) {

   /*

    * Possibly pop up a dialog box asking whether to trust the cert

    * chain.

    */

   //excep.printStackTrace();

  }

 }

 /*

  * Merely pass this through.

  */

 public X509Certificate[] getAcceptedIssuers() {

  return sunJSSEX509TrustManager.getAcceptedIssuers();

 }

}