- 浏览: 373714 次
- 性别:
- 来自: 青岛
文章分类
最新评论
-
lippeng:
楼主,你好!这篇中提到的一个话题,是我现在非常关心的,我自己还 ...
使用JUnit测试通过 HttpClient(https协议)访问支付宝接口时不能自动获得证书的解决办法 -
snoopy7713:
[2014-03-14 17:55:06.651] TCP ...
刚完成Struts的Virgo插件,分享一下设计思路和Virgo OSGi内部的独特机制 -
snoopy7713:
需要看一下,你的代码说的挺模糊的。我的联系方式QQ 16200 ...
刚完成Struts的Virgo插件,分享一下设计思路和Virgo OSGi内部的独特机制 -
roronjavaeye:
不错,受教了
java_class反编译后的代码还原 -
daoyongyu:
讲的很好,很详细。
Struts2配置文件详解——struts.properties
用了大半天时间才了解如何使用httpclient来进行https访问,现记录,已备后忘。
httpclient完全支持ssl连接方式。通常,如果不需要进行客户端认证和服务器端认证的ssl连接,httpclient的处理方式是和 http方式完全一样。
现在这里是讲的是需要客户端认证数字证书时的httpclient处理方式(因为需要客户端认证时,连接会被主动关闭)。
1。使用ie访问你要连结的url地址,这时你会看到弹出一个询问是否继续和服务器建立连接的对话框(安全警报)。选择“查看证书”->“详 细信息”->“复制文件到”导出数字证书(例: server.cer或server.crt)。
2。使用导出的数字证书来创建你的keystore
keytool -import -alias "my server cert" -file server.cer -keystore my.truststore
keytool -genkey -v -alias "my client key" -validity 365 -keystore my.keystore
3。在引入AuthSSLProtocolSocketFactory.java,AuthSSLX509TrustManager.java和 AuthSSLInitializationError后在你的代码里按下面的例子里来进行ssl连接
Protocol authhttps = new Protocol("https", new AuthSSLProtocolSocketFactory( new URL("file:my.keystore"), "mypassword", new URL("file:my.truststore"), "mypassword"), 8443); HttpClient client = new HttpClient(); client.getHostConfiguration().setHost("sh.12530", 8443, authhttps); /*只能使用相对路径*/ GetMethod httpget = new GetMethod("/"); client.executeMethod(httpget);
附录:
AuthSSLInitializationError.java
public class AuthSSLInitializationError extends Error { /** * 构招一个AuthSSLInitializationError实例 */ public AuthSSLInitializationError() { super(); } /** * 用指定信息构造一个AuthSSLInitializationError实例 * @param message */ public AuthSSLInitializationError(String message) { super(message); } }
AuthSSLX509TrustManager.java
import java.security.cert.X509Certificate; import com.sun.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; public class AuthSSLX509TrustManager implements X509TrustManager { private X509TrustManager defaultTrustManager = null; /** Log object for this class. */ private static final Log LOG = LogFactory.getLog(AuthSSLX509TrustManager.class); /** * Constructor for AuthSSLX509TrustManager. */ public AuthSSLX509TrustManager(final X509TrustManager defaultTrustManager) { super(); if (defaultTrustManager == null) { throw new IllegalArgumentException("Trust manager may not be null"); } this.defaultTrustManager = defaultTrustManager; } /** * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[]) */ public boolean isClientTrusted(X509Certificate[] certificates) { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Client certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore() ); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } return this.defaultTrustManager.isClientTrusted(certificates); } /** * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(X509Certificate[]) */ public boolean isServerTrusted(X509Certificate[] certificates) { if (LOG.isInfoEnabled() && certificates != null) { for (int c = 0; c < certificates.length; c++) { X509Certificate cert = certificates[c]; LOG.info(" Server certificate " + (c + 1) + ":"); LOG.info(" Subject DN: " + cert.getSubjectDN()); LOG.info(" Signature Algorithm: " + cert.getSigAlgName()); LOG.info(" Valid from: " + cert.getNotBefore() ); LOG.info(" Valid until: " + cert.getNotAfter()); LOG.info(" Issuer: " + cert.getIssuerDN()); } } return this.defaultTrustManager.isServerTrusted(certificates); } /** * @see com.sun.net.ssl.X509TrustManager#getAcceptedIssuers() */ public X509Certificate[] getAcceptedIssuers() { return this.defaultTrustManager.getAcceptedIssuers(); } }
AuthSSLProtocolSocketFactory .java
import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.URL; import java.net.UnknownHostException; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.Enumeration; import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory; import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import com.sun.net.ssl.KeyManager; import com.sun.net.ssl.KeyManagerFactory; import com.sun.net.ssl.SSLContext; import com.sun.net.ssl.TrustManager; import com.sun.net.ssl.TrustManagerFactory; import com.sun.net.ssl.X509TrustManager; public class AuthSSLProtocolSocketFactory implements SecureProtocolSocketFactory { /** Log object for this class. */ private static final Log LOG = LogFactory.getLog(AuthSSLProtocolSocketFactory.class); private URL keystoreUrl = null; private String keystorePassword = null; private URL truststoreUrl = null; private String truststorePassword = null; private SSLContext sslcontext = null; /** * Constructor for AuthSSLProtocolSocketFactory. Either a keystore or truststore file * must be given. Otherwise SSL context initialization error will result. * * @param keystoreUrl URL of the keystore file. May be <tt>null</tt> if HTTPS client * authentication is not to be used. * @param keystorePassword Password to unlock the keystore. IMPORTANT: this implementation * assumes that the same password is used to protect the key and the keystore itself. * @param truststoreUrl URL of the truststore file. May be <tt>null</tt> if HTTPS server * authentication is not to be used. * @param truststorePassword Password to unlock the truststore. */ public AuthSSLProtocolSocketFactory( final URL keystoreUrl, final String keystorePassword, final URL truststoreUrl, final String truststorePassword) { super(); this.keystoreUrl = keystoreUrl; this.keystorePassword = keystorePassword; this.truststoreUrl = truststoreUrl; this.truststorePassword = truststorePassword; } private static KeyStore createKeyStore(final URL url, final String password) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { if (url == null) { throw new IllegalArgumentException("Keystore url may not be null"); } LOG.debug("Initializing key store"); KeyStore keystore = KeyStore.getInstance("jks"); keystore.load(url.openStream(), password != null ? password.toCharArray(): null); return keystore; } private static KeyManager[] createKeyManagers(final KeyStore keystore, final String password) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); } LOG.debug("Initializing key manager"); KeyManagerFactory kmfactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); kmfactory.init(keystore, password != null ? password.toCharArray(): null); return kmfactory.getKeyManagers(); } private static TrustManager[] createTrustManagers(final KeyStore keystore) throws KeyStoreException, NoSuchAlgorithmException { if (keystore == null) { throw new IllegalArgumentException("Keystore may not be null"); } LOG.debug("Initializing trust manager"); TrustManagerFactory tmfactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); tmfactory.init(keystore); TrustManager[] trustmanagers = tmfactory.getTrustManagers(); for (int i = 0; i < trustmanagers.length; i++) { if (trustmanagers[i] instanceof X509TrustManager) { trustmanagers[i] = new AuthSSLX509TrustManager( (X509TrustManager)trustmanagers[i]); } } return trustmanagers; } private SSLContext createSSLContext() { try { KeyManager[] keymanagers = null; TrustManager[] trustmanagers = null; if (this.keystoreUrl != null) { KeyStore keystore = createKeyStore(this.keystoreUrl, this.keystorePassword); if (LOG.isDebugEnabled()) { Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String)aliases.nextElement(); Certificate[] certs = keystore.getCertificateChain(alias); if (certs != null) { LOG.debug("Certificate chain '" + alias + "':"); for (int c = 0; c < certs.length; c++) { if (certs[c] instanceof X509Certificate) { X509Certificate cert = (X509Certificate)certs[c]; LOG.debug(" Certificate " + (c + 1) + ":"); LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore() ); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } } } keymanagers = createKeyManagers(keystore, this.keystorePassword); } if (this.truststoreUrl != null) { KeyStore keystore = createKeyStore(this.truststoreUrl, this.truststorePassword); if (LOG.isDebugEnabled()) { Enumeration aliases = keystore.aliases(); while (aliases.hasMoreElements()) { String alias = (String)aliases.nextElement(); LOG.debug("Trusted certificate '" + alias + "':"); Certificate trustedcert = keystore.getCertificate(alias); if (trustedcert != null && trustedcert instanceof X509Certificate) { X509Certificate cert = (X509Certificate)trustedcert; LOG.debug(" Subject DN: " + cert.getSubjectDN()); LOG.debug(" Signature Algorithm: " + cert.getSigAlgName()); LOG.debug(" Valid from: " + cert.getNotBefore() ); LOG.debug(" Valid until: " + cert.getNotAfter()); LOG.debug(" Issuer: " + cert.getIssuerDN()); } } } trustmanagers = createTrustManagers(keystore); } SSLContext sslcontext = SSLContext.getInstance("SSL"); sslcontext.init(keymanagers, trustmanagers, null); return sslcontext; } catch (NoSuchAlgorithmException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Unsupported algorithm exception: " + e.getMessage()); } catch (KeyStoreException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Keystore exception: " + e.getMessage()); } catch (GeneralSecurityException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("Key management exception: " + e.getMessage()); } catch (IOException e) { LOG.error(e.getMessage(), e); throw new AuthSSLInitializationError("I/O error reading keystore/truststore file: " + e.getMessage()); } } private SSLContext getSSLContext() { if (this.sslcontext == null) { this.sslcontext = createSSLContext(); } return this.sslcontext; } /** * Attempts to get a new socket connection to the given host within the given time limit. * <p> * To circumvent the limitations of older JREs that do not support connect timeout a * controller thread is executed. The controller thread attempts to create a new socket * within the given limit of time. If socket constructor does not return until the * timeout expires, the controller terminates and throws an {@link ConnectTimeoutException} * </p> * * @param host the host name/IP * @param port the port on the host * @param clientHost the local host name/IP to bind the socket to * @param clientPort the port on the local machine * @param params {@link HttpConnectionParams Http connection parameters} * * @return Socket a new socket * * @throws IOException if an I/O error occurs while creating the socket * @throws UnknownHostException if the IP address of the host cannot be * determined */ public Socket createSocket( final String host, final int port, final InetAddress localAddress, final int localPort, final HttpConnectionParams params ) throws IOException, UnknownHostException, ConnectTimeoutException { if (params == null) { throw new IllegalArgumentException("Parameters may not be null"); } int timeout = params.getConnectionTimeout(); if (timeout == 0) { return createSocket(host, port, localAddress, localPort); } else { // To be eventually deprecated when migrated to Java 1.4 or above return ControllerThreadSocketFactory.createSocket( this, host, port, localAddress, localPort, timeout); } } /** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int) */ public Socket createSocket( String host, int port, InetAddress clientHost, int clientPort) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket( host, port, clientHost, clientPort ); } /** * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int) */ public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket( host, port ); } /** * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean) */ public Socket createSocket( Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return getSSLContext().getSocketFactory().createSocket( socket, host, port, autoClose ); } }
发表评论
-
java_class反编译后的代码还原
2012-03-18 00:06 1784java class 利用jad 反编译之后,偶尔回碰到 ... -
ThreadLocal的几种误区
2012-01-10 09:48 886最近由于需要用到ThreadLocal,在网上搜索 ... -
深入解析OGNL投影
2011-12-16 15:15 1911先看这个表达式:list.{#me=#this,#root.m ... -
浅谈JAVA ThreadPoolExecutor
2011-01-28 16:36 1335这篇文章分为两部分 ... -
ant echo message 特殊字符转换
2011-01-27 11:54 1730< < > &a ... -
hibernate------hql总结
2010-08-24 12:52 8581. 查询整个映射对象所 ... -
log4j additivity 作用
2010-08-11 22:15 1979log4j.rootLogger=debug,stdout ... -
Log4j 集群环境下的 处理方案
2010-08-11 21:17 3220需求:近期有个项目要 ... -
构建Java并发模型框架
2010-07-12 17:04 921Java的多线程特性为构建 ... -
Java 程序中的多线程
2010-07-12 17:03 821由于在语言级提供了线 ... -
JAVA 线程 基础概念
2010-07-12 17:00 1036Java 有几程方法可以实 ... -
在 Java 平台上进行多线程编程的缺陷
2010-07-12 16:58 971Java 语言的并发编程 就其自身来说,并发编程是一种 ... -
c3p0-0.9.1.2数据库连接池
2010-06-17 11:46 1382C3PO是一个开放源代码的JDBC数据源实现项目,它在li ... -
Axis2快速上手指南
2010-06-03 17:59 822http://hideto.iteye.com/blog/56 ... -
C3P0连接池详细配置与实现
2010-05-31 17:33 1052<c3p0-config> <defau ... -
实例讲解:JAVA SOAP技术
2010-05-25 18:19 2390Very Simple Object Access Proto ... -
Tomcat 5.5 JNDI Resource 配置
2010-05-25 11:14 1659本文来自CSDN博客,转载请标明出处:http://blog. ... -
SSH2 jar
2010-05-21 14:51 1697在JavaEE企业级开发中, ... -
让httpclient接受所有ssl证书https 分享
2010-04-29 11:21 5096访问https 资源时,让httpclient接受所有ssl证 ... -
使用JUnit测试通过 HttpClient(https协议)访问支付宝接口时不能自动获得证书的解决办法
2010-04-29 11:17 5257最近在做一个通过 HttpCl ...
相关推荐
在这个主题中,我们将深入探讨如何在Java中使用HttpClient来实现HTTPS接口调用。 首先,我们需要理解HTTPS协议。HTTPS是HTTP(超文本传输协议)与SSL/TLS(安全套接层/传输层安全)的结合,它为数据传输提供了加密...
标题中的“使用httpClient访问https+443端口号”指的是使用Apache HttpClient库来发起HTTPS(安全超文本传输协议)请求,目标服务器的默认端口是443。HTTPS是一种基于SSL/TLS的安全通信协议,用于在客户端和服务器...
使用HttpClient4.5实现https请求忽略SSL证书验证工具类
以下是一个简单的示例,展示了如何使用HttpClient发送HTTPS GET和POST请求: ```java import org.apache.http.HttpEntity; import org.apache.http.client.config.RequestConfig; import org.apache....
HttpClient之Https应用实例~ 包含: HttpClient 使用代理访问Https HttpClient 信任所有主机-对于任何证书都不做检查 HttpClient 允许所有证书的校验(包括过期证书)
不会的可以在评论区留言哈,这是我自己做项目用到的。所以绝对可用!同时共享出来给到大家
httpClient连接https 获得验证码图片示例 需要证书才能连接的那种 /* 本文所用开发工具 jak1.5.0_06 eclipse:ObjectWeb Lomboz lib: commons-codec-1.4.jar commons-logging-1.1.jar httpclient-4.0.3.jar ...
以下将详细介绍HttpClient的使用以及如何进行SSL验证的忽略。 首先,了解HttpClient的基本使用。HttpClient是一个灵活且强大的HTTP客户端API,它允许开发者执行各种HTTP方法(如GET、POST等),处理响应,以及管理...
这篇博客“HttpClient Https实战”很可能详细介绍了如何使用HttpClient库来处理HTTPS连接,这是在互联网安全通信中不可或缺的一部分。 HttpClient库提供了丰富的API,使得开发者可以方便地发送GET、POST等各种HTTP...
在默认情况下,`httpclient`会使用系统提供的`TrustManager`,这会严格检查服务器证书链是否可信任。但是,我们可以通过创建一个信任所有证书的`TrustManager`实例,然后将其设置到`SSLContext`中,从而跳过证书验证...
https 的支持单向认证 支持多线程 支持get、post
在本文中,我们将详细介绍如何使用JAVA的HttpClient库来发送POST请求,以便与HTTPS服务器进行交互。首先,我们需要继承DefaultHttpClient类,以便自定义HttpClient的行为。然后,我们需要使用X509TrustManager来忽略...
android HttpClient访问某些Https时,出现了问题,无法访问,好像是要安全验证。此Demo解决了此问题,HttpClient能够Https和Http类型的URL了。 在eclipse下打开工程若有乱码,请把eclipse的字符编码改成UTF-8。
根据提供的文件信息,我们可以深入探讨如何使用`httpclient`库来进行`https`访问,并了解其中涉及的关键概念和技术细节。 ### 标题与描述解析:使用`httpclient`进行`https`访问 #### 1. `httpclient`简介 `...
Java中使用HttpClient进行HTTPS接口调用的方法是通过继承DefaultHttpClient类,忽略证书校验过程。首先,创建一个SSLClient类,继承DefaultHttpClient类,并在构造函数中初始化SSLContext和TrustManager。然后,使用...
本文将深入探讨如何使用HTTPClient库来发送HTTPS请求,以及涉及到的证书管理相关知识。 首先,理解HTTPS协议是至关重要的。HTTPS(HyperText Transfer Protocol Secure)是一种基于SSL/TLS的安全通信协议,它在HTTP...
7. **SSL支持**:HttpClient支持HTTPS协议,通过`SSLProtocolSocketFactory`可以处理SSL/TLS连接。 8. **Cookie管理**:`CookiePolicy`和`CookieSpec`用于管理HTTP cookies,`CookieStore`接口用于存储和检索...
8. **SSL/TLS支持**:HttpClient可以配置为使用HTTPS协议,需要`httpmime-x.x.x.jar`(处理MIME类型,如上传文件)和相关SSL库,如`httpclient-cache-x.x.x.jar`(缓存机制)。 9. **错误处理和重试策略**:...
我们将涵盖SSL证书的生成、Tomcat服务器的SSL配置以及HttpClient的使用。” 【标签】:“httpclient4.1 https ssl” 【正文】: 在现代的互联网环境中,安全的通信协议是至关重要的。HTTPS(HTTP over SSL/TLS)...
HttpClient提供了丰富的API,能够处理各种复杂的HTTP请求,包括处理COOKIE、上传文件、HTTPS通信等,使得开发者无需直接使用底层的java.net.HttpURLConnection,大大降低了开发难度。 在处理顽固的WEB服务器时,...