java https信任所有证书
2016-07-14 11:36
531 查看
首先感谢http://www.infoq.com/cn/articles/keeping-your-secrets这篇文章解决了我的问题(即不能使用System.setProperty("https.protocols","TLSv1"); )
以下是两个https信任所有证书的实例:package com.colotnet.util;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
public class HttpUtil {
public static String send(String url, List<BasicNameValuePair> nvps, String ecoding) throws Exception{
String respStr = null;
DefaultHttpClient httpClient = new SSLClient();
HttpPost postMethod = new HttpPost(url);
postMethod.setEntity(new UrlEncodedFormEntity(nvps, "UTF-8"));
try{
HttpResponse resp = httpClient.execute(postMethod);
int statusCode = resp.getStatusLine().getStatusCode();
if(statusCode == HttpStatus.SC_OK){
respStr = EntityUtils.toString(resp.getEntity(), "UTF-8");
}
}catch(Exception e){
throw e;
}finally{
postMethod.releaseConnection();
}
return respStr;
}
public static InputStream post(String submitUrl, String reqData, int connectTimeOut, int readTimeOut, String encoding) throws Exception {
// String path = "E:/Bill99QuickPay/81231015722198890.jks";
// File certFile = new File(path);
// KeyStore ks = KeyStore.getInstance("JKS");
// String password = "vpos123";
// ks.load(new FileInputStream(certFile), password.toCharArray());
// KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// kmf.init(ks, password.toCharArray());
TrustManager[] tm = { new MyX509TrustManager() };
//
SSLContext sslContext = SSLContext.getInstance("TLSv1");
// System.setProperty("https.protocols","TLSv1");
String protocol = sslContext.getProtocol();
System.out.println(protocol);
// sslContext.init(kmf.getKeyManagers(),tm, null);
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory factory = sslContext.getSocketFactory();
SSLSocketFactoryWrapper wrapper = new SSLSocketFactoryWrapper(factory, new String[] { "TLSv1" }, null);
URL url = new URL(submitUrl);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setSSLSocketFactory(wrapper);
urlc.setHostnameVerifier(new TrustAnyHostnameVerifier());
urlc.setDoOutput(true);
urlc.setDoInput(true);
urlc.setReadTimeout(readTimeOut);
urlc.setConnectTimeout(connectTimeOut);
OutputStream out = urlc.getOutputStream();
out.write(reqData.getBytes(encoding));
out.flush();
out.close();
return urlc.getInputStream();
}
// public static String send(String url, String param,int readTimeout, int connTimeOut, String readecoding,String txtType, String sendecoding) throws Exception{
// String respStr = null;
// HttpClient httpClient = new HttpClient();
// PostMethod postmethod = new PostMethod(url);
// // 链接超时
// httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(connTimeOut);
// // 读取超时
// httpClient.getHttpConnectionManager().getParams().setSoTimeout(readTimeout);
// try{
// postmethod.setRequestEntity(new StringRequestEntity(param, txtType,sendecoding));
// int statusCode = httpClient.executeMethod(postmethod);
// if (statusCode == HttpStatus.SC_OK) {
// BufferedInputStream bis = new BufferedInputStream(postmethod.getResponseBodyAsStream());
// byte[] bytes = new byte[1024];
// ByteArrayOutputStream bos = new ByteArrayOutputStream();
// int count = 0;
// while ((count = bis.read(bytes)) != -1) {
// bos.write(bytes, 0, count);
// }
// byte[] strByte = bos.toByteArray();
// respStr = new String(strByte, 0, strByte.length, readecoding);
// }
// }catch(Exception e){
// throw e;
// }finally{
// postmethod.releaseConnection();
// }
// return respStr;
// }
}
package com.colotnet.util;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
public class SSLClient extends DefaultHttpClient {
public SSLClient() throws Exception {
super();
SSLContext ctx = SSLContext.getInstance("TLSv1");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
package com.colotnet.util;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class TrustAnyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
}
注意的是SSLClient中信任所有证书的方式对jdk6不适用,HTTPUtil中的第二个方法可以用于jdk6,需指定System.setProperty("https.protocols","TLSv1"); 如果由于环境问题不能使用System,(System针对整个环境所有的https设置),可使用SSLSocketFactory的包装类 SSLSocketFactoryWrapper来指定一条http连接使用的协议。
以下是两个https信任所有证书的实例:package com.colotnet.util;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URL;
import java.util.List;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
public class HttpUtil {
public static String send(String url, List<BasicNameValuePair> nvps, String ecoding) throws Exception{
String respStr = null;
DefaultHttpClient httpClient = new SSLClient();
HttpPost postMethod = new HttpPost(url);
postMethod.setEntity(new UrlEncodedFormEntity(nvps, "UTF-8"));
try{
HttpResponse resp = httpClient.execute(postMethod);
int statusCode = resp.getStatusLine().getStatusCode();
if(statusCode == HttpStatus.SC_OK){
respStr = EntityUtils.toString(resp.getEntity(), "UTF-8");
}
}catch(Exception e){
throw e;
}finally{
postMethod.releaseConnection();
}
return respStr;
}
public static InputStream post(String submitUrl, String reqData, int connectTimeOut, int readTimeOut, String encoding) throws Exception {
// String path = "E:/Bill99QuickPay/81231015722198890.jks";
// File certFile = new File(path);
// KeyStore ks = KeyStore.getInstance("JKS");
// String password = "vpos123";
// ks.load(new FileInputStream(certFile), password.toCharArray());
// KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// kmf.init(ks, password.toCharArray());
TrustManager[] tm = { new MyX509TrustManager() };
//
SSLContext sslContext = SSLContext.getInstance("TLSv1");
// System.setProperty("https.protocols","TLSv1");
String protocol = sslContext.getProtocol();
System.out.println(protocol);
// sslContext.init(kmf.getKeyManagers(),tm, null);
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory factory = sslContext.getSocketFactory();
SSLSocketFactoryWrapper wrapper = new SSLSocketFactoryWrapper(factory, new String[] { "TLSv1" }, null);
URL url = new URL(submitUrl);
HttpsURLConnection urlc = (HttpsURLConnection) url.openConnection();
urlc.setSSLSocketFactory(wrapper);
urlc.setHostnameVerifier(new TrustAnyHostnameVerifier());
urlc.setDoOutput(true);
urlc.setDoInput(true);
urlc.setReadTimeout(readTimeOut);
urlc.setConnectTimeout(connectTimeOut);
OutputStream out = urlc.getOutputStream();
out.write(reqData.getBytes(encoding));
out.flush();
out.close();
return urlc.getInputStream();
}
// public static String send(String url, String param,int readTimeout, int connTimeOut, String readecoding,String txtType, String sendecoding) throws Exception{
// String respStr = null;
// HttpClient httpClient = new HttpClient();
// PostMethod postmethod = new PostMethod(url);
// // 链接超时
// httpClient.getHttpConnectionManager().getParams().setConnectionTimeout(connTimeOut);
// // 读取超时
// httpClient.getHttpConnectionManager().getParams().setSoTimeout(readTimeout);
// try{
// postmethod.setRequestEntity(new StringRequestEntity(param, txtType,sendecoding));
// int statusCode = httpClient.executeMethod(postmethod);
// if (statusCode == HttpStatus.SC_OK) {
// BufferedInputStream bis = new BufferedInputStream(postmethod.getResponseBodyAsStream());
// byte[] bytes = new byte[1024];
// ByteArrayOutputStream bos = new ByteArrayOutputStream();
// int count = 0;
// while ((count = bis.read(bytes)) != -1) {
// bos.write(bytes, 0, count);
// }
// byte[] strByte = bos.toByteArray();
// respStr = new String(strByte, 0, strByte.length, readecoding);
// }
// }catch(Exception e){
// throw e;
// }finally{
// postmethod.releaseConnection();
// }
// return respStr;
// }
}
package com.colotnet.util;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
public class SSLClient extends DefaultHttpClient {
public SSLClient() throws Exception {
super();
SSLContext ctx = SSLContext.getInstance("TLSv1");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
package com.colotnet.util; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import javax.net.ssl.X509TrustManager; public class MyX509TrustManager implements X509TrustManager { public MyX509TrustManager() throws Exception { } /* * Delegate to the default trust manager. */ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } /* * Delegate to the default trust manager. */ public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } /* * Merely pass this through. */ public X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } }
package com.colotnet.util;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
public class TrustAnyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
}
package com.colotnet.util; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; import javax.net.ssl.SSLSocket; import javax.net.ssl.SSLSocketFactory; public class SSLSocketFactoryWrapper extends SSLSocketFactory { private final SSLSocketFactory wrappedFactory; private final String[] enabledProtocols; private final String[] enabledSuites; public SSLSocketFactoryWrapper(SSLSocketFactory factory, String[] protocols, String[] suites) { wrappedFactory = factory; enabledProtocols = protocols; enabledSuites = suites; } /** * @param host * @param port * @return * @throws IOException * @throws UnknownHostException * @see javax.net.SocketFactory#createSocket(java.lang.String, int) */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port); setParameters(socket); return socket; } /** * @param host * @param port * @param localHost * @param localPort * @return * @throws IOException * @throws UnknownHostException * @see javax.net.SocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int) */ public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port, localHost, localPort); setParameters(socket); return socket; } /** * @param host * @param port * @return * @throws IOException * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int) */ public Socket createSocket(InetAddress host, int port) throws IOException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(host, port); setParameters(socket); return socket; } /** * @param address * @param port * @param localAddress * @param localPort * @return * @throws IOException * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int, java.net.InetAddress, int) */ public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(address, port, localAddress, localPort); setParameters(socket); return socket; } /** * @return * @throws IOException * @see javax.net.SocketFactory#createSocket() */ public Socket createSocket() throws IOException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(); setParameters(socket); return socket; } /** * @return * @see javax.net.ssl.SSLSocketFactory#getDefaultCipherSuites() */ public String[] getDefaultCipherSuites() { return wrappedFactory.getDefaultCipherSuites(); } /** * @return * @see javax.net.ssl.SSLSocketFactory#getSupportedCipherSuites() */ public String[] getSupportedCipherSuites() { return enabledSuites == null ? wrappedFactory.getSupportedCipherSuites() : enabledSuites; } /** * @param s * @param host * @param port * @param autoClose * @return * @throws IOException * @see javax.net.ssl.SSLSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean) */ public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException { SSLSocket socket = (SSLSocket)wrappedFactory.createSocket(s, host, port, autoClose); setParameters(socket); return socket; } /** * Override the configured parameters on the socket. * * @param socket */ private void setParameters(SSLSocket socket) { if (enabledProtocols != null) { socket.setEnabledProtocols(enabledProtocols); } if (enabledSuites != null) { socket.setEnabledCipherSuites(enabledSuites); } } }
注意的是SSLClient中信任所有证书的方式对jdk6不适用,HTTPUtil中的第二个方法可以用于jdk6,需指定System.setProperty("https.protocols","TLSv1"); 如果由于环境问题不能使用System,(System针对整个环境所有的https设置),可使用SSLSocketFactory的包装类 SSLSocketFactoryWrapper来指定一条http连接使用的协议。
相关文章推荐
- httpclient 发送get请求 。
- 「理解HTTP」之常见的状态码
- Android_开源框架_AndroidUniversalImageLoader网络图片加载
- c# TCPclient
- 通过DL4J使用递归网络
- 网络数据包检查,抓包形式
- [通信] C# TCP实现多个客户端与服务端 数据 与 文件的传输
- WEB服务器、应用程序服务器、HTTP服务器区别(转)
- (原创)使用AsyncTask(带修改线程池方式)+自定义ImageLoader+LRU算法对图片三级缓存及其显示优化(只有在ListView滑动停止的时候才去网络请求获取图片数据)
- 要自己当技术使用astgo运营网络电话系统,必须掌握的基本技术
- UDP实现网络数据传输
- 调用wcf 得不到HttpWebResponse.ContentLength的长度
- Android 判断用户2G/3G/4G移动数据网络
- HTTP请求中的缓存(cache)机制
- HTTP通信机制
- 理解HTTP session原理及应用
- HTTP请求响应机制
- 四层和七层负载均衡的区别
- URLConnection 和HttpURLConnection
- Http协议的Delete