https認證和httpclient遠程調度https的接口的方法

證書認證和Httpclient遠程調度調度的方法
一．證書認證建立
1.0 服務認證命令
keytool -genkey -v -alias server -keyalg RSA -keystore /opt/yht/aaa/tomcat.keystore -validity 36500

 

你的名字與姓氏是什麼（填當前部署的IP地址）否則遠程調度會出錯
2.0 客戶端認證的命令
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore /opt/yht/aaa/client.key.p12

 

(可是能夠繞過https認證，就能夠不須要客戶端認證，若是要認證就得生成客戶端認證)
網上的方法
爲服務器生成證書
keytool -genkey -v -alias server -keyalg RSA -keystore d:\key2\server.keystore -validity 36500

爲客戶端生成證書
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:\key2\client.key.p12

導入客戶端證書
讓服務器信任客戶端證書
1.先把客戶端證書處處爲cer文件格式
keytool -export -alias client -keystore d:\key2\client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:\key2\client.key.cer

2.將客戶端cer導入到服務器證書庫
keytool -import -v -file d:\key2\client.key.cer -keystore d:\key2\server.keystore
3.查看安裝結果
keytool -list -keystore d:\key2\server.keystore

讓客戶端信任服務器證書
1.把服務器證書處處爲cer文件
keytool -keystore d:\key2\server.keystore -export -alias server -file d:\key2\server.cer

2.在客戶端安裝服務器證書
選擇受信任的根證書頒發機構
配置tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\\key2\\server.keystore" keystorePass="123456"
truststoreFile="D:\\key2\\server.keystore" truststorePass="123456" />
二．Httpclient遠程調度的方法
package com.gh.client.tools;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/**
* 用 http 進行get post的請求進行傳值
*
* @author yht
*
*/
public class HttpclientMethodTools {
/**
* 繞過驗證
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("SSLv3");
// 實現一個X509TrustManager接口，用於繞過驗證，不用修改裏面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}

@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
return sc;
}

/** * 進行post 請求 * * @param url * 傳遞的url參數 * @param msgbody * 傳遞信息結構 * @return * @throws NoSuchAlgorithmException * @throws KeyManagementException */ public static Map<String, Object> methPost(String url, Map<String, String> msgbody) throws KeyManagementException, NoSuchAlgorithmException { // 返回結果對象 Map<String, Object> resultobject = new HashMap<String, Object>(); // 是否請求成功後的狀態碼 2000 表示成功 2001 表示失敗 int statuscode = 2000; // 採用繞過驗證的方式處理https請求 SSLContext sslcontext = createIgnoreVerifySSL(); // 設置協議http和https對應的處理socket連接工廠的對象 Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.INSTANCE) .register("https", new SSLConnectionSocketFactory(sslcontext)).build(); PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry); HttpClients.custom().setConnectionManager(connManager); // 建立自定義的httpclient對象 CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(connManager).build(); // 實例化httpClient // CloseableHttpClient httpclient = HttpClients.createDefault(); // 實例化post方法 HttpPost httpPost = new HttpPost(url); // 指定報文頭Content-type、User-Agent httpPost.setHeader("Content-type", "application/x-www-form-urlencoded"); httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"); // 處理參數 List<NameValuePair> nvps = new ArrayList<NameValuePair>(); Set<String> keySet = msgbody.keySet(); for (String key : keySet) { nvps.add(new BasicNameValuePair(key, msgbody.get(key))); } // 結果 CloseableHttpResponse response = null; String content = ""; try { // 提交的參數 UrlEncodedFormEntity uefEntity = new UrlEncodedFormEntity(nvps, "UTF-8"); // 將參數給post方法 httpPost.setEntity(uefEntity); // 執行post方法 response = httpclient.execute(httpPost); if (response.getStatusLine().getStatusCode() == 200) { content = EntityUtils.toString(response.getEntity(), "utf-8"); } else { statuscode = 2001; } } catch (UnsupportedEncodingException e) { e.printStackTrace(); statuscode = 2001; } catch (ClientProtocolException e) { e.printStackTrace(); statuscode = 2001; } catch (IOException e) { e.printStackTrace(); statuscode = 2001; } finally { try { if (response != null) { response.close(); } if (httpclient != null) { httpclient.close(); } } catch (IOException e) { e.printStackTrace(); } } resultobject.put("statuscode", statuscode); resultobject.put("content", content); return resultobject; }}