11lingxian
- 浏览: 373000 次
- 性别:
- 来自: 青岛
-
文章分类
最新评论
-
lippeng:
楼主,你好!这篇中提到的一个话题,是我现在非常关心的,我自己还 ...
使用JUnit测试通过 HttpClient(https协议)访问支付宝接口时不能自动获得证书的解决办法 -
snoopy7713:
[2014-03-14 17:55:06.651] TCP ...
刚完成Struts的Virgo插件,分享一下设计思路和Virgo OSGi内部的独特机制 -
snoopy7713:
需要看一下,你的代码说的挺模糊的。我的联系方式QQ 16200 ...
刚完成Struts的Virgo插件,分享一下设计思路和Virgo OSGi内部的独特机制 -
roronjavaeye:
不错,受教了
java_class反编译后的代码还原 -
daoyongyu:
讲的很好,很详细。
Struts2配置文件详解——struts.properties
用了大半天时间才了解如何使用httpclient来进行https访问,现记录,已备后忘。
httpclient完全支持ssl连接方式。通常,如果不需要进行客户端认证和服务器端认证的ssl连接,httpclient的处理方式是和 http方式完全一样。
现在这里是讲的是需要客户端认证数字证书时的httpclient处理方式(因为需要客户端认证时,连接会被主动关闭)。
1。使用ie访问你要连结的url地址,这时你会看到弹出一个询问是否继续和服务器建立连接的对话框(安全警报)。选择“查看证书”->“详 细信息”->“复制文件到”导出数字证书(例: server.cer或server.crt)。
2。使用导出的数字证书来创建你的keystore
keytool -import -alias "my server cert" -file server.cer -keystore my.truststore
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
3。在引入AuthSSLProtocolSocketFactory.java,AuthSSLX509TrustManager.java和 AuthSSLInitializationError后在你的代码里按下面的例子里来进行ssl连接
Protocol authhttps = new Protocol("https",
new AuthSSLProtocolSocketFactory(
new URL("file:my.keystore"), "mypassword",
new URL("file:my.truststore"), "mypassword"), 8443);
HttpClient client = new HttpClient();
client.getHostConfiguration().setHost("sh.12530", 8443, authhttps);
/*只能使用相对路径*/
GetMethod httpget = new GetMethod("/");
client.executeMethod(httpget);
附录:
AuthSSLInitializationError.java
public class AuthSSLInitializationError extends Error {
/**
* 构招一个AuthSSLInitializationError实例
*/
public AuthSSLInitializationError() {
super();
}
/**
* 用指定信息构造一个AuthSSLInitializationError实例
* @param message
*/
public AuthSSLInitializationError(String message) {
super(message);
}
}
AuthSSLX509TrustManager.java
import java.security.cert.X509Certificate;
import com.sun.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public class AuthSSLX509TrustManager implements X509TrustManager
{
private X509TrustManager defaultTrustManager = null;
/** Log object for this class. */
private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class);
/**
* Constructor for AuthSSLX509TrustManager.
*/
public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) {
super();
if (defaultTrustManager == null) {
throw new IllegalArgumentException("Trust manager may not be null");
}
this.defaultTrustManager = defaultTrustManager;
}
/**
* @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
*/
public boolean isClientTrusted(X509Certificate[] certificates) {
if (LOG.isInfoEnabled() && certificates != null) {
for (int c = 0; c < certificates.length; c++) {
X509Certificate cert = certificates[c];
LOG.info(" Client certificate " + (c + 1) + ":");
LOG.info(" Subject DN: " + cert.getSubjectDN());
LOG.info(" Signature Algorithm: " + cert.getSigAlgName());
LOG.info(" Valid from: " + cert.getNotBefore() );
LOG.info(" Valid until: " + cert.getNotAfter());
LOG.info(" Issuer: " + cert.getIssuerDN());
}
}
return this.defaultTrustManager.isClientTrusted(certificates);
}
/**
* @see com.sun.net.ssl.X509TrustManager#isServerTrusted(X509Certificate[])
*/
public boolean isServerTrusted(X509Certificate[] certificates) {
if (LOG.isInfoEnabled() && certificates != null) {
for (int c = 0; c < certificates.length; c++) {
X509Certificate cert = certificates[c];
LOG.info(" Server certificate " + (c + 1) + ":");
LOG.info(" Subject DN: " + cert.getSubjectDN());
LOG.info(" Signature Algorithm: " + cert.getSigAlgName());
LOG.info(" Valid from: " + cert.getNotBefore() );
LOG.info(" Valid until: " + cert.getNotAfter());
LOG.info(" Issuer: " + cert.getIssuerDN());
}
}
return this.defaultTrustManager.isServerTrusted(certificates);
}
/**
* @see com.sun.net.ssl.X509TrustManager#getAcceptedIssuers()
*/
public X509Certificate[] getAcceptedIssuers() {
return this.defaultTrustManager.getAcceptedIssuers();
}
}
AuthSSLProtocolSocketFactory .java
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import com.sun.net.ssl.KeyManager;
import com.sun.net.ssl.KeyManagerFactory;
import com.sun.net.ssl.SSLContext;
import com.sun.net.ssl.TrustManager;
import com.sun.net.ssl.TrustManagerFactory;
import com.sun.net.ssl.X509TrustManager;
public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory {
/** Log object for this class. */
private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class);
private URL keystoreUrl = null;
private String keystorePassword = null;
private URL truststoreUrl = null;
private String truststorePassword = null;
private SSLContext sslcontext = null;
/**
* Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file
* must be given. Otherwise SSL context initialization error will result.
*
* @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client
* authentication is not to be used.
* @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation
* assumes that the same password is used to protect the key and the keystore itself.
* @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server
* authentication is not to be used.
* @param truststorePassword Password to unlock the truststore.
*/
public AuthSSLProtocolSocketFactory(
final URL keystoreUrl, final String keystorePassword,
final URL truststoreUrl, final String truststorePassword)
{
super();
this.keystoreUrl = keystoreUrl;
this.keystorePassword = keystorePassword;
this.truststoreUrl = truststoreUrl;
this.truststorePassword = truststorePassword;
}
private static KeyStore createKeyStore(final URL url, final String password)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
{
if (url == null) {
throw new IllegalArgumentException("Keystore url may not be null");
}
LOG.debug("Initializing key store");
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(url.openStream(), password != null ? password.toCharArray(): null);
return keystore;
}
private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password)
throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException
{
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
LOG.debug("Initializing key manager");
KeyManagerFactory kmfactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
kmfactory.init(keystore, password != null ? password.toCharArray(): null);
return kmfactory.getKeyManagers();
}
private static TrustManager[] createTrustManagers(final KeyStore keystore)
throws KeyStoreException, NoSuchAlgorithmException
{
if (keystore == null) {
throw new IllegalArgumentException("Keystore may not be null");
}
LOG.debug("Initializing trust manager");
TrustManagerFactory tmfactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
tmfactory.init(keystore);
TrustManager[] trustmanagers = tmfactory.getTrustManagers();
for (int i = 0; i < trustmanagers.length; i++) {
if (trustmanagers[i] instanceof X509TrustManager) {
trustmanagers[i] = new AuthSSLX509TrustManager(
(X509TrustManager)trustmanagers[i]);
}
}
return trustmanagers;
}
private SSLContext createSSLContext() {
try {
KeyManager[] keymanagers = null;
TrustManager[] trustmanagers = null;
if (this.keystoreUrl != null) {
KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword);
if (LOG.isDebugEnabled()) {
Enumeration aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = (String)aliases.nextElement();
Certificate[] certs = keystore.getCertificateChain(alias);
if (certs != null) {
LOG.debug("Certificate chain '" + alias + "':");
for (int c = 0; c < certs.length; c++) {
if (certs[c] instanceof X509Certificate) {
X509Certificate cert = (X509Certificate)certs[c];
LOG.debug(" Certificate " + (c + 1) + ":");
LOG.debug(" Subject DN: " + cert.getSubjectDN());
LOG.debug(" Signature Algorithm: " + cert.getSigAlgName());
LOG.debug(" Valid from: " + cert.getNotBefore() );
LOG.debug(" Valid until: " + cert.getNotAfter());
LOG.debug(" Issuer: " + cert.getIssuerDN());
}
}
}
}
}
keymanagers = createKeyManagers(keystore, this.keystorePassword);
}
if (this.truststoreUrl != null) {
KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword);
if (LOG.isDebugEnabled()) {
Enumeration aliases = keystore.aliases();
while (aliases.hasMoreElements()) {
String alias = (String)aliases.nextElement();
LOG.debug("Trusted certificate '" + alias + "':");
Certificate trustedcert = keystore.getCertificate(alias);
if (trustedcert != null && trustedcert instanceof X509Certificate) {
X509Certificate cert = (X509Certificate)trustedcert;
LOG.debug(" Subject DN: " + cert.getSubjectDN());
LOG.debug(" Signature Algorithm: " + cert.getSigAlgName());
LOG.debug(" Valid from: " + cert.getNotBefore() );
LOG.debug(" Valid until: " + cert.getNotAfter());
LOG.debug(" Issuer: " + cert.getIssuerDN());
}
}
}
trustmanagers = createTrustManagers(keystore);
}
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(keymanagers, trustmanagers, null);
return sslcontext;
} catch (NoSuchAlgorithmException e) {
LOG.error(e.getMessage(), e);
throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage());
} catch (KeyStoreException e) {
LOG.error(e.getMessage(), e);
throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage());
} catch (GeneralSecurityException e) {
LOG.error(e.getMessage(), e);
throw new AuthSSLInitializationError("Key management exception: " + e.getMessage());
} catch (IOException e) {
LOG.error(e.getMessage(), e);
throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: " + e.getMessage());
}
}
private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createSSLContext();
}
return this.sslcontext;
}
/**
* Attempts to get a new socket connection to the given host within the given time limit.
* <p>
* To circumvent the limitations of older JREs that do not support connect timeout a
* controller thread is executed. The controller thread attempts to create a new socket
* within the given limit of time. If socket constructor does not return until the
* timeout expires, the controller terminates and throws an {@link ConnectTimeoutException}
* </p>
*
* @param host the host name/IP
* @param port the port on the host
* @param clientHost the local host name/IP to bind the socket to
* @param clientPort the port on the local machine
* @param params {@link HttpConnectionParams Http connection parameters}
*
* @return Socket a new socket
*
* @throws IOException if an I/O error occurs while creating the socket
* @throws UnknownHostException if the IP address of the host cannot be
* determined
*/
public Socket createSocket(
final String host,
final int port,
final InetAddress localAddress,
final int localPort,
final HttpConnectionParams params
) throws IOException, UnknownHostException, ConnectTimeoutException {
if (params == null) {
throw new IllegalArgumentException("Parameters may not be null");
}
int timeout = params.getConnectionTimeout();
if (timeout == 0) {
return createSocket(host, port, localAddress, localPort);
} else {
// To be eventually deprecated when migrated to Java 1.4 or above
return ControllerThreadSocketFactory.createSocket(
this, host, port, localAddress, localPort, timeout);
}
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
*/
public Socket createSocket(
String host,
int port,
InetAddress clientHost,
int clientPort)
throws IOException, UnknownHostException
{
return getSSLContext().getSocketFactory().createSocket(
host,
port,
clientHost,
clientPort
);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
*/
public Socket createSocket(String host, int port)
throws IOException, UnknownHostException
{
return getSSLContext().getSocketFactory().createSocket(
host,
port
);
}
/**
* @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
*/
public Socket createSocket(
Socket socket,
String host,
int port,
boolean autoClose)
throws IOException, UnknownHostException
{
return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
}
}
分享到:
发表评论
-
java_class反编译后的代码还原
2012-03-18 00:06 1777java class 利用jad 反编译之后,偶尔回碰到 ... -
ThreadLocal的几种误区
2012-01-10 09:48 884最近由于需要用到ThreadLocal,在网上搜索 ... -
深入解析OGNL投影
2011-12-16 15:15 1908先看这个表达式:list.{#me=#this,#root.m ... -
浅谈JAVA ThreadPoolExecutor
2011-01-28 16:36 1331这篇文章分为两部分 ... -
ant echo message 特殊字符转换
2011-01-27 11:54 1727< < > &a ... -
hibernate------hql总结
2010-08-24 12:52 8511. 查询整个映射对象所 ... -
log4j additivity 作用
2010-08-11 22:15 1973log4j.rootLogger=debug,stdout ... -
Log4j 集群环境下的 处理方案
2010-08-11 21:17 3215需求:近期有个项目要 ... -
构建Java并发模型框架
2010-07-12 17:04 917Java的多线程特性为构建 ... -
Java 程序中的多线程
2010-07-12 17:03 819由于在语言级提供了线 ... -
JAVA 线程 基础概念
2010-07-12 17:00 1034Java 有几程方法可以实 ... -
在 Java 平台上进行多线程编程的缺陷
2010-07-12 16:58 970Java 语言的并发编程 就其自身来说,并发编程是一种 ... -
c3p0-0.9.1.2数据库连接池
2010-06-17 11:46 1378C3PO是一个开放源代码的JDBC数据源实现项目,它在li ... -
Axis2快速上手指南
2010-06-03 17:59 815http://hideto.iteye.com/blog/56 ... -
C3P0连接池详细配置与实现
2010-05-31 17:33 1049<c3p0-config> <defau ... -
实例讲解:JAVA SOAP技术
2010-05-25 18:19 2382Very Simple Object Access Proto ... -
Tomcat 5.5 JNDI Resource 配置
2010-05-25 11:14 1656本文来自CSDN博客,转载请标明出处:http://blog. ... -
SSH2 jar
2010-05-21 14:51 1694在JavaEE企业级开发中, ... -
让httpclient接受所有ssl证书https 分享
2010-04-29 11:21 5095访问https 资源时,让httpclient接受所有ssl证 ... -
使用JUnit测试通过 HttpClient(https协议)访问支付宝接口时不能自动获得证书的解决办法
2010-04-29 11:17 5251最近在做一个通过 HttpCl ...
相关推荐
在这个主题中,我们将深入探讨如何在Java中使用HttpClient来实现HTTPS接口调用。 首先,我们需要理解HTTPS协议。HTTPS是HTTP(超文本传输协议)与SSL/TLS(安全套接层/传输层安全)的结合,它为数据传输提供了加密...
标题中的“使用httpClient访问https+443端口号”指的是使用Apache HttpClient库来发起HTTPS(安全超文本传输协议)请求,目标服务器的默认端口是443。HTTPS是一种基于SSL/TLS的安全通信协议,用于在客户端和服务器...
使用HttpClient4.5实现https请求忽略SSL证书验证工具类
以下是一个简单的示例,展示了如何使用HttpClient发送HTTPS GET和POST请求: ```java import org.apache.http.HttpEntity; import org.apache.http.client.config.RequestConfig; import org.apache....
HttpClient之Https应用实例~ 包含: HttpClient 使用代理访问Https HttpClient 信任所有主机-对于任何证书都不做检查 HttpClient 允许所有证书的校验(包括过期证书)
不会的可以在评论区留言哈,这是我自己做项目用到的。所以绝对可用!同时共享出来给到大家
httpClient连接https 获得验证码图片示例 需要证书才能连接的那种 /* 本文所用开发工具 jak1.5.0_06 eclipse:ObjectWeb Lomboz lib: commons-codec-1.4.jar commons-logging-1.1.jar httpclient-4.0.3.jar ...
以下将详细介绍HttpClient的使用以及如何进行SSL验证的忽略。 首先,了解HttpClient的基本使用。HttpClient是一个灵活且强大的HTTP客户端API,它允许开发者执行各种HTTP方法(如GET、POST等),处理响应,以及管理...
这篇博客“HttpClient Https实战”很可能详细介绍了如何使用HttpClient库来处理HTTPS连接,这是在互联网安全通信中不可或缺的一部分。 HttpClient库提供了丰富的API,使得开发者可以方便地发送GET、POST等各种HTTP...
在默认情况下,`httpclient`会使用系统提供的`TrustManager`,这会严格检查服务器证书链是否可信任。但是,我们可以通过创建一个信任所有证书的`TrustManager`实例,然后将其设置到`SSLContext`中,从而跳过证书验证...
https 的支持单向认证 支持多线程 支持get、post
在本文中,我们将详细介绍如何使用JAVA的HttpClient库来发送POST请求,以便与HTTPS服务器进行交互。首先,我们需要继承DefaultHttpClient类,以便自定义HttpClient的行为。然后,我们需要使用X509TrustManager来忽略...
android HttpClient访问某些Https时,出现了问题,无法访问,好像是要安全验证。此Demo解决了此问题,HttpClient能够Https和Http类型的URL了。 在eclipse下打开工程若有乱码,请把eclipse的字符编码改成UTF-8。
根据提供的文件信息,我们可以深入探讨如何使用`httpclient`库来进行`https`访问,并了解其中涉及的关键概念和技术细节。 ### 标题与描述解析:使用`httpclient`进行`https`访问 #### 1. `httpclient`简介 `...
Java中使用HttpClient进行HTTPS接口调用的方法是通过继承DefaultHttpClient类,忽略证书校验过程。首先,创建一个SSLClient类,继承DefaultHttpClient类,并在构造函数中初始化SSLContext和TrustManager。然后,使用...
本文将深入探讨如何使用HTTPClient库来发送HTTPS请求,以及涉及到的证书管理相关知识。 首先,理解HTTPS协议是至关重要的。HTTPS(HyperText Transfer Protocol Secure)是一种基于SSL/TLS的安全通信协议,它在HTTP...
7. **SSL支持**:HttpClient支持HTTPS协议,通过`SSLProtocolSocketFactory`可以处理SSL/TLS连接。 8. **Cookie管理**:`CookiePolicy`和`CookieSpec`用于管理HTTP cookies,`CookieStore`接口用于存储和检索...
8. **SSL/TLS支持**:HttpClient可以配置为使用HTTPS协议,需要`httpmime-x.x.x.jar`(处理MIME类型,如上传文件)和相关SSL库,如`httpclient-cache-x.x.x.jar`(缓存机制)。 9. **错误处理和重试策略**:...
我们将涵盖SSL证书的生成、Tomcat服务器的SSL配置以及HttpClient的使用。” 【标签】:“httpclient4.1 https ssl” 【正文】: 在现代的互联网环境中,安全的通信协议是至关重要的。HTTPS(HTTP over SSL/TLS)...
HttpClient提供了丰富的API,能够处理各种复杂的HTTP请求,包括处理COOKIE、上传文件、HTTPS通信等,使得开发者无需直接使用底层的java.net.HttpURLConnection,大大降低了开发难度。 在处理顽固的WEB服务器时,...