https HttpsURLConnection請求的單向認證
參考連接php
android httpClient(https/http)的優化構建方式一html
android httpClient(https/http)的優化構建方式二java
Java https請求 HttpsURLConnectionandroid
OpenSSL生成根證書CA及簽發子證書tomcat
android 讓webview支持https 雙向認證(SSL)(一)session
android 讓webview支持https 雙向認證(SSL)(二)dom
Https訪問的相關知識中,主要分爲單項驗證和雙向驗證,雙向驗證在單項驗證的基礎上構建而成
關於單項驗證,若是要細分的話,分爲證書驗證和普通驗證(忽略驗證),由於這項驗證針對客戶端,因此客戶端有能力控制是否須要驗證
忽略驗證的方式
主要以下繼承X509TrustManager和HostnameVerifier
public class SSLTrustManager implements javax.net.ssl.TrustManager,
javax.net.ssl.X509TrustManager ,HostnameVerifier{
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
@Override
public boolean verify(String urlHostName, SSLSession session) { //容許全部主機
return true;
}
//封裝
public static HttpURLConnection connect(String strUrl) throws Exception {
javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
javax.net.ssl.TrustManager tm = new SSLTrustManager();
trustAllCerts[0] = tm;
javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext
.getInstance("SSL");
sc.init(null, trustAllCerts, null);
javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc
.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier((HostnameVerifier) tm);
URL url = new URL(strUrl);
HttpURLConnection urlConn = (HttpURLConnection) url.openConnection();
return urlConn;
}
}
雙向證書驗證方式
以下,這裏採用雙向驗證
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
public class HttpsPost {
/**
* 得到KeyStore.
* @param keyStorePath
* 密鑰庫路徑
* @param password
* 密碼
* @return 密鑰庫
* @throws Exception
*/
public static KeyStore getKeyStore(String password, String keyStorePath)
throws Exception {
// 實例化密鑰庫
KeyStore ks = KeyStore.getInstance("JKS");
// 得到密鑰庫文件流
FileInputStream is = new FileInputStream(keyStorePath);
// 加載密鑰庫
ks.load(is, password.toCharArray());
// 關閉密鑰庫文件流
is.close();
return ks;
}
/**
* 得到SSLSocketFactory.
* @param password
* 密碼
* @param keyStorePath
* 密鑰庫路徑
* @param trustStorePath
* 信任庫路徑
* @return SSLSocketFactory
* @throws Exception
*/
public static SSLContext getSSLContext(String password,
String keyStorePath, String trustStorePath) throws Exception {
// 實例化密鑰庫
KeyManagerFactory keyManagerFactory = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// 得到密鑰庫
KeyStore keyStore = getKeyStore(password, keyStorePath);
// 初始化密鑰工廠
keyManagerFactory.init(keyStore, password.toCharArray());
// 實例化信任庫
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// 得到信任庫
KeyStore trustStore = getKeyStore(password, trustStorePath);
// 初始化信任庫
trustManagerFactory.init(trustStore);
// 實例化SSL上下文
SSLContext ctx = SSLContext.getInstance("TLS");
// 初始化SSL上下文
ctx.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
// 得到SSLSocketFactory
return ctx;
}
/**
* 初始化HttpsURLConnection.
* @param password
* 密碼
* @param keyStorePath
* 密鑰庫路徑
* @param trustStorePath
* 信任庫路徑
* @throws Exception
*/
public static void initHttpsURLConnection(String password,
String keyStorePath, String trustStorePath) throws Exception {
// 聲明SSL上下文
SSLContext sslContext = null;
// 實例化主機名驗證接口
HostnameVerifier hnv = new MyHostnameVerifier();
try {
sslContext = getSSLContext(password, keyStorePath, trustStorePath);
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hnv);
}
/**
* 發送請求.
* @param httpsUrl
* 請求的地址
* @param xmlStr
* 請求的數據
*/
public static void post(String httpsUrl, String xmlStr) {
HttpsURLConnection urlCon = null;
try {
urlCon = (HttpsURLConnection) (new URL(httpsUrl)).openConnection();
urlCon.setDoInput(true);
urlCon.setDoOutput(true);
urlCon.setRequestMethod("POST");
urlCon.setRequestProperty("Content-Length",
String.valueOf(xmlStr.getBytes().length));
urlCon.setUseCaches(false);
//設置爲gbk能夠解決服務器接收時讀取的數據中文亂碼問題
urlCon.getOutputStream().write(xmlStr.getBytes("gbk"));
urlCon.getOutputStream().flush();
urlCon.getOutputStream().close();
BufferedReader in = new BufferedReader(new InputStreamReader(
urlCon.getInputStream()));
String line;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 測試方法.
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
// 密碼
String password = "123456";
// 密鑰庫
String keyStorePath = "tomcat.keystore";
// 信任庫
String trustStorePath = "tomcat.keystore";
// 本地起的https服務
String httpsUrl = "https://localhost:8443/service/httpsPost";
// 傳輸文本
String xmlStr = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><fruitShop><fruits><fruit><kind>蘿蔔</kind></fruit><fruit><kind>菠蘿</kind></fruit></fruits></fruitShop>";
HttpsPost.initHttpsURLConnection(password, keyStorePath, trustStorePath);
// 發起請求
HttpsPost.post(httpsUrl, xmlStr);
}
}
單向證書驗證
public static KeyStore getHttpsKeyStore()
{
InputStream ins = null;
try {
ins = new FileInputStream("srca.cer");
//讀取證書
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //問1
Certificate cer = cerFactory.generateCertificate(ins);
//建立一個證書庫,並將證書導入證書庫
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); //問2
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
return keyStore;
} catch (Exception e) {
e.printStackTrace();
} finally {
if(ins!=null)
{
try {
ins.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return null;
}
public void initSSLContext()
{
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(getHttpsKeyStore());
sslContext.init( null, trustManagerFactory.getTrustManagers(), new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession sslsession) {
if("localhost".equals(hostname)){
return true;
} else {
return false;
}
}
});
}
相關文章
- 1. Https單向認證
- 2. HTTPS 單向認證
- 3. HTTPS 單向認證、雙向認證
- 4. Https單向認證和雙向認證
- 5. https單向認證和雙向認證
- 6. HTTPS單向/雙向認證
- 7. tomcat配置https(單向認證)+如何使用java請求
- 8. HttpsURLConnection使用,並實現雙向認證
- 9. Https單向認證和雙向認證 認識和區別
- 10. 使用Tomcat 9驗證Https單向認證和雙向認證
- 更多相關文章...
- • HTTP 請求方法 - HTTP 教程
- • PHP 表單驗證 - PHP教程
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • 漫談MySQL的鎖機制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
