Java發送HTTPS請求

前言

上篇文章介紹了 java 發送 http 請求，大家都知道發送http是不安全的 。我也是由於對接了其他企業后總結了一套發送 https的工具。大家網上找方法很多的，但是可不是你粘過來就能用啊，我也是踩過坑的，所以我這個工具，只要粘貼到你們自己項目里就可以用。我的工具跟網上沒什么區別，唯一的區別是我親身實戰過，把需要注意的細節列出來，不讓大家浪費時間。

 

正文

本文只介紹 發送 post 請求，既然選擇了 https 就不會用get，因為get也是不安全的。

 

讀前須知

我會把需要依賴的包和引入的包先貼給大家，防止大家引用錯誤。

<dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpcore</artifactId>
            <version>4.4.8</version>
        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
            <version>4.5.3</version>
        </dependency>
        <dependency>
            <groupId>org.testng</groupId>
            <artifactId>testng</artifactId>
            <version>6.11</version>
            <scope>test</scope>
        </dependency>

import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

<----工具類---->
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.HttpStatus;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;

import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

HTTPS 發送 POST 請求

 

一共需要兩個類，不要問為什么，復制過去就能用。

public class SSLClient extends DefaultHttpClient {

    public SSLClient() throws Exception {
        super();
        //傳輸協議需要根據自己的判斷
        SSLContext ctx = SSLContext.getInstance("TLS");
        X509TrustManager tm = new X509TrustManager() {
            @Override
            public void checkClientTrusted(X509Certificate[] chain,
                                           String authType) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain,
                                           String authType) throws CertificateException {
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        ctx.init(null, new TrustManager[]{tm}, null);
        SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        ClientConnectionManager ccm = this.getConnectionManager();
        SchemeRegistry sr = ccm.getSchemeRegistry();
        sr.register(new Scheme("https", 443, ssf));
    }
}

這里發送 https 的操作有兩個，一個是傳 json ，一個是傳 map ，大家根據自己需要自行復制使用

 

第一種是傳 json 作為參數

參數說明：

url：url

map：json參數

charset：寫死 utf-8

public String doPost(String url, String map, String charset) {
        org.apache.http.client.HttpClient httpClient = null;
        HttpPost httpPost = null;
        String result = null;
        try {
            httpClient = new SSLClient();
            httpPost = new HttpPost(url);
            //設置參數
            httpPost.addHeader("Accept", "application/json");
httpPost.addHeader("Content-Type", "application/json;charset=UTF-8");
            StringEntity stringEntity = new StringEntity(map);
            stringEntity.setContentEncoding("UTF-8");
            stringEntity.setContentType("application/json");
            httpPost.setEntity(stringEntity);
            HttpResponse response = httpClient.execute(httpPost);
            if (response != null) {
                HttpEntity resEntity = response.getEntity();
                if (resEntity != null) {
                  result = EntityUtils.toString(resEntity, charset);
                }
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        return result;
    }

測試類，送大家一個MD5加密，其實我就懶得刪掉了。

private String url = "https://www.xxxxxxxx.com/openapi/page/gettoken";
private String charset = "utf-8";
private HttpClient httpClientUtil = new HttpClient();


@Test
    public void HttpsPostTest() throws Exception {
        String ver = "1.0";
        String msgId = "91b024e3-06ca-4a79-9993-1472d0fdb973";
        String appId = "300011853779";
        String timestamp = new SimpleDateFormat("yyyyMMddHHmmssSSS").format(new Date());
        String appKey = "A0702827F21C9CC7DDC93AEF24B6B16B";
        String sign = md5(ver + appId + msgId + timestamp + appKey).toUpperCase();

        result.put("ver", ver);
        result.put("msgId", msgId);
        result.put("appId", appId);
        result.put("timestamp", timestamp);
        result.put("openType", "1");
        result.put("message", "");
        result.put("abilityId", "");
        result.put("expandParams", "");
        result.put("signType", "1");
        result.put("sign", sign);
        String encryptStr = result.toString();
        System.out.println("encryptStr：" + encryptStr);
        String httpOrgCreateTestRtn = httpClientUtil.doPost(url, encryptStr, charset);
        System.out.println("result:" + httpOrgCreateTestRtn);

    }
    public static String md5(String text) {
        String result="";
        try {
            MessageDigest md = MessageDigest.getInstance("MD5");
            md.update(text.getBytes("UTF-8"));
            byte b[] = md.digest();
            int i;
            StringBuffer buf = new StringBuffer("");
            for (int offset = 0; offset < b.length; offset++) {
                i = b[offset];
                if (i < 0)
                    i += 256;
                if (i < 16)
                    buf.append("0");
                buf.append(Integer.toHexString(i));
            }
            result = buf.toString();
//       System.out.println("result: " + buf.toString());// 32位的加密
//       System.out.println("result: " + buf.toString().substring(8, 24));// 16位的加密
        } catch (NoSuchAlgorithmException e) {
            // TODO Auto-generated catch block
        } catch (UnsupportedEncodingException e) {
            // TODO Auto-generated catch block
        }
        return result;
    }

第二種傳map作為參數

public String doPost(String url, Map<String,String> map, String charset) {
        org.apache.http.client.HttpClient httpClient = null;
        HttpPost httpPost = null;
        String result = null;
        try {
            httpClient = new SSLClient();
            httpPost = new HttpPost(url);
            //設置參數
            List<NameValuePair> list = new ArrayList<NameValuePair>();
            Iterator iterator = map.entrySet().iterator();
            while (iterator.hasNext()) {
                Map.Entry<String, String> elem = (Map.Entry<String, String>) iterator.next();
       list.add(new BasicNameValuePair(elem.getKey(), elem.getValue()));
            }
            if (list.size() > 0) {
      UrlEncodedFormEntity entity = new UrlEncodedFormEntity(list, charset);
                entity.setContentType("application/json");
                httpPost.setHeader("Accept", "application/json");
  httpPost.setHeader("Content-type", "application/json;charset=utf-8");
                httpPost.setEntity(entity);
            }
            HttpResponse response = httpClient.execute(httpPost);
            if (response != null) {
                HttpEntity resEntity = response.getEntity();
                if (resEntity != null) {
                    result = EntityUtils.toString(resEntity, charset);
                }
            }
        } catch (Exception ex) {
            ex.printStackTrace();
        }
        return result;
    }

發送的時候 大家把上面 json 測試的demo 中 JSONObject  改成Map 就可以。