上篇文章說道httpclient不能直接訪問https的資源,這次就來模擬一下環境,然后配置https測試一下。在前面的文章中,分享了一篇自己生成並在tomcat中配置ssl的文章《Tomcat配置SSL》,大家可以據此來在本地配置https。我已經配置好了,效果是這樣滴:
可以看到已經信任該證書(顯示淺綠色小鎖),瀏覽器可以正常訪問。現在我們用代碼測試一下:
- public static void main(String[] args) throws ParseException, IOException, KeyManagementException, NoSuchAlgorithmException, HttpProcessException {
- String url = "https://sso.tgb.com:8443/cas/login";
- String body = send(url, null, "utf-8");
- System.out.println("交易響應結果:");
- System.out.println(body);
- System.out.println("-----------------------------------");
- }
發現拋出了異常,我知道的有兩種方案(也許還有我不知道的方案),這里介紹第一種方案,也是用的比較多的方案——繞過證書驗證。直接看代碼吧:
- /**
- * 繞過驗證
- *
- * @return
- * @throws NoSuchAlgorithmException
- * @throws KeyManagementException
- */
- public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
- SSLContext sc = SSLContext.getInstance("SSLv3");
- // 實現一個X509TrustManager接口,用於繞過驗證,不用修改里面的方法
- X509TrustManager trustManager = new X509TrustManager() {
- @Override
- public void checkClientTrusted(
- java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
- String paramString) throws CertificateException {
- }
- @Override
- public void checkServerTrusted(
- java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
- String paramString) throws CertificateException {
- }
- @Override
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
- };
- sc.init(null, new TrustManager[] { trustManager }, null);
- return sc;
- }
然后修改原來的send方法:
- /**
- * 模擬請求
- *
- * @param url 資源地址
- * @param map 參數列表
- * @param encoding 編碼
- * @return
- * @throws NoSuchAlgorithmException
- * @throws KeyManagementException
- * @throws IOException
- * @throws ClientProtocolException
- */
- public static String send(String url, Map<String,String> map,String encoding) throws KeyManagementException, NoSuchAlgorithmException, ClientProtocolException, IOException {
- String body = "";
- //采用繞過驗證的方式處理https請求
- SSLContext sslcontext = createIgnoreVerifySSL();
- // 設置協議http和https對應的處理socket鏈接工廠的對象
- Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
- .register("http", PlainConnectionSocketFactory.INSTANCE)
- .register("https", new SSLConnectionSocketFactory(sslcontext))
- .build();
- PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
- HttpClients.custom().setConnectionManager(connManager);
- //創建自定義的httpclient對象
- CloseableHttpClient client = HttpClients.custom().setConnectionManager(connManager).build();
- / CloseableHttpClient client = HttpClients.createDefault();
- //創建post方式請求對象
- HttpPost httpPost = new HttpPost(url);
- //裝填參數
- List<NameValuePair> nvps = new ArrayList<NameValuePair>();
- if(map!=null){
- for (Entry<String, String> entry : map.entrySet()) {
- nvps.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
- }
- }
- //設置參數到請求對象中
- httpPost.setEntity(new UrlEncodedFormEntity(nvps, encoding));
- System.out.println("請求地址:"+url);
- System.out.println("請求參數:"+nvps.toString());
- //設置header信息
- //指定報文頭【Content-type】、【User-Agent】
- httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
- httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)");
- //執行請求操作,並拿到結果(同步阻塞)
- CloseableHttpResponse response = client.execute(httpPost);
- //獲取結果實體
- HttpEntity entity = response.getEntity();
- if (entity != null) {
- //按指定編碼轉換結果實體為String類型
- body = EntityUtils.toString(entity, encoding);
- }
- EntityUtils.consume(entity);
- //釋放鏈接
- response.close();
- return body;
- }
現在再進行測試,發現果然通了。
下篇介紹另一種方案,應對自己生成的證書,敬請期待。