輕鬆把玩HttpClient之配置ssl，採用繞過證書驗證明現https

時間 2019-11-12

標籤輕鬆把玩 httpclient 配置 ssl 採用繞過證書驗證 https 欄目系統網絡简体版

原文原文鏈接

上篇文章說道httpclient不能直接訪問https的資源，此次就來模擬一下環境，而後配置https測試一下。在前面的文章中，分享了一篇本身生成並在tomcat中配置ssl的文章《Tomcat配置SSL》，你們能夠據此來在本地配置https。我已經配置好了，效果是這樣滴：java

能夠看到已經信任該證書（顯示淺綠色小鎖），瀏覽器能夠正常訪問。如今咱們用代碼測試一下：瀏覽器

public static void main(String[] args) throws ParseException, IOException, KeyManagementException, NoSuchAlgorithmException, HttpProcessException {
String url = "https://sso.tgb.com:8443/cas/login";
String body = send(url, null, "utf-8");
System.out.println("交易響應結果：");
System.out.println(body);
System.out.println("-----------------------------------");
}

發現拋出了異常，我知道的有兩種方案（也許還有我不知道的方案），這裏介紹第一種方案，也是用的比較多的方案——繞過證書驗證。直接看代碼吧：tomcat

/**
* 繞過驗證
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("SSLv3");
// 實現一個X509TrustManager接口，用於繞過驗證，不用修改裏面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
return sc;
}

而後修改原來的send方法：app

/**
* 模擬請求
*
* @param url 資源地址
* @param map 參數列表
* @param encoding 編碼
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
* @throws IOException
* @throws ClientProtocolException
*/
public static String send(String url, Map<String,String> map,String encoding) throws KeyManagementException, NoSuchAlgorithmException, ClientProtocolException, IOException {
String body = "";
//採用繞過驗證的方式處理https請求
SSLContext sslcontext = createIgnoreVerifySSL();
// 設置協議http和https對應的處理socket連接工廠的對象
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", new SSLConnectionSocketFactory(sslcontext))
.build();
PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
HttpClients.custom().setConnectionManager(connManager);
//建立自定義的httpclient對象
CloseableHttpClient client = HttpClients.custom().setConnectionManager(connManager).build();
/ CloseableHttpClient client = HttpClients.createDefault();
//建立post方式請求對象
HttpPost httpPost = new HttpPost(url);
//裝填參數
List<NameValuePair> nvps = new ArrayList<NameValuePair>();
if(map!=null){
for (Entry<String, String> entry : map.entrySet()) {
nvps.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
}
}
//設置參數到請求對象中
httpPost.setEntity(new UrlEncodedFormEntity(nvps, encoding));
System.out.println("請求地址："+url);
System.out.println("請求參數："+nvps.toString());
//設置header信息
//指定報文頭【Content-type】、【User-Agent】
httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)");
//執行請求操做，並拿到結果（同步阻塞）
CloseableHttpResponse response = client.execute(httpPost);
//獲取結果實體
HttpEntity entity = response.getEntity();
if (entity != null) {
//按指定編碼轉換結果實體爲String類型
body = EntityUtils.toString(entity, encoding);
}
EntityUtils.consume(entity);
//釋放連接
response.close();
return body;
}