零
根據 spring boot https,在pb協議 jdk序列化協議中代碼新建一個json序列化springboot controller,並配置ssl
一 java HttpURLConnection
關於JAVA發送Https請求(HttpsURLConnection和HttpURLConnection)
證書包含兩種情況:
1.1、機構所頒發的被認證的證書,這種證書的網站在瀏覽器訪問時https頭顯示為綠色如百度
package com.example.demo.controller.ssl.httpcon; import javax.net.ssl.*; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 測試CA認證的啥都不用做 */ public class JsonHttpsTestCA { public static void main(String[] args) { try { URL object = new URL("https://www.sina.com.cn"); /** * HttpURLConnection HttpsURLConnection 都可以 */ HttpURLConnection con = (HttpURLConnection) object.openConnection(); con.setDoOutput(true); con.setDoInput(true); // 顯示 POST 請求返回的內容 StringBuilder sb = new StringBuilder(); int HttpResult = con.getResponseCode(); if (HttpResult == HttpURLConnection.HTTP_OK) { InputStream inputStream = con.getInputStream(); ByteArrayOutputStream result = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; int length; while ((length = inputStream.read(buffer)) != -1) { result.write(buffer, 0, length); } System.out.println(new String(result.toByteArray())); } else { System.out.println(con.getResponseCode()); System.out.println("http error"); } } catch (Exception e) { e.printStackTrace(); } } }
1.2、個人所設定的證書,這種證書的網站在瀏覽器里https頭顯示為紅色×,且需要點擊信任該網站才能繼續訪問。而點擊信任這一步的操作就是我們在java代碼訪問https網站時區別於http請求需要做的事情。
package com.example.demo.controller.ssl.httpcon; import serial.MyBaseProto; import javax.net.ssl.*; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 自己的https,需要忽略證書 */ public class JsonHttpsTest { public static void main(String[] args) { try { MyX509TrustManager.initSSL(); URL object = new URL("https://localhost:8080/json/testhttps"); /** * HttpURLConnection HttpsURLConnection 都可以 */ HttpURLConnection con = (HttpURLConnection) object.openConnection(); con.setDoOutput(true); con.setDoInput(true); // 顯示 POST 請求返回的內容 StringBuilder sb = new StringBuilder(); int HttpResult = con.getResponseCode(); if (HttpResult == HttpURLConnection.HTTP_OK) { InputStream inputStream = con.getInputStream(); ByteArrayOutputStream result = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; int length; while ((length = inputStream.read(buffer)) != -1) { result.write(buffer, 0, length); } System.out.println(new String(result.toByteArray())); } else { System.out.println(con.getResponseCode()); System.out.println("http error"); } } catch (Exception e) { e.printStackTrace(); } } }
package com.example.demo.controller.ssl.httpcon; import javax.net.ssl.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * Created by joyce on 2019/12/26. */ public class MyX509TrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] ax509certificate,String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { // TODO Auto-generated method stub return null; } public static void initSSL() throws Exception { SSLContext sslcontext = SSLContext.getInstance("SSL","SunJSSE"); sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom()); HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() { public boolean verify(String s, SSLSession sslsession) { // System.out.println("WARNING: Hostname is not matched for cert."); return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier); HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory()); } }
httpurlconnection的ssl context支持直接訪問http請求
/**
* 該context下http也可
*/
// URL object = new URL("http://localhost:8080/json/testhttps");
所以JAVA發送Https請求有兩種情況,三種解決辦法:
第一種情況:Https網站的證書為機構所頒發的被認證的證書,這種情況下和http請求一模一樣,無需做任何改變,用HttpsURLConnection或者HttpURLConnection都可以,這也是為什么此前對外(西瓜)的https鏈接訪問都不需要額外處理證書
第二種情況:個人所設定的證書,這種證書默認不被信任,需要我們自己選擇信任,信任的辦法有兩種:
B、忽略證書驗證過程,忽略之后任何Https協議網站皆能正常訪問(實測用HttpsURLConnection或者HttpURLConnection都可以)
C、java代碼中加載證書,必須使用HttpsURLConnection方式
二 apache httpclient
2.1
package com.example.demo.controller.ssl.httpclient; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; import java.nio.charset.Charset; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 測試CA認證的啥都不用做 */ public class JsonHttpsTestCA { public static void main(String[] args) { try { /** * CA證書直接使用default */ CloseableHttpClient httpClient = HttpClientBuilder.create().build(); // 創建Get請求 HttpGet httpGet = new HttpGet("https://www.sina.com.cn"); // 響應模型 CloseableHttpResponse response = null; try { // 由客戶端執行(發送)Get請求 response = httpClient.execute(httpGet); // 從響應模型中獲取響應實體 HttpEntity responseEntity = response.getEntity(); System.out.println("響應狀態為:" + response.getStatusLine()); if (responseEntity != null) { System.out.println("響應內容長度為:" + responseEntity.getContentLength()); System.out.println("響應內容為:" + EntityUtils.toString(responseEntity, "UTF-8")); } } catch (Exception e) { e.printStackTrace(); } finally { } } catch (Exception e) { e.printStackTrace(); } } }
2.2
package com.example.demo.controller.ssl.httpclient; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 自己的https,需要忽略證書 */ public class JsonHttpsTest { public static void main(String[] args) { try { /** * 自己的證書,忽略所有 */ HttpClient httpClient = HttpClientFactory.createSSLClientDefault(); // 創建Get請求 HttpGet httpGet = new HttpGet("https://localhost:8080/json/testhttps"); // 響應模型 HttpResponse response = null; try { // 由客戶端執行(發送)Get請求 response = httpClient.execute(httpGet); // 從響應模型中獲取響應實體 HttpEntity responseEntity = response.getEntity(); System.out.println("響應狀態為:" + response.getStatusLine()); if (responseEntity != null) { System.out.println("響應內容長度為:" + responseEntity.getContentLength()); System.out.println("響應內容為:" + EntityUtils.toString(responseEntity, "UTF-8")); } } catch (Exception e) { e.printStackTrace(); } finally { } } catch (Exception e) { e.printStackTrace(); } } }
package com.example.demo.controller.ssl.httpclient; /** * Created by joyce on 2019/12/25. */ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.X509TrustManager; import org.apache.http.client.HttpClient; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.SSLContexts; import org.apache.http.conn.ssl.TrustStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.SecureRandom; public class HttpClientFactory { public static CloseableHttpClient createSSLClientDefault() { try { //使用 loadTrustMaterial() 方法實現一個信任策略,信任所有證書 SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { // 信任所有 public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }).build(); //NoopHostnameVerifier類: 作為主機名驗證工具,實質上關閉了主機名驗證,它接受任何 //有效的SSL會話並匹配到目標主機。 HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); return HttpClients.custom().setSSLSocketFactory(sslsf).build(); } catch (Exception e) { e.printStackTrace(); } return HttpClients.createDefault(); } }
http client的ssl context支持直接訪問http請求
/**
* 該context下http也可
*/
// HttpGet httpGet = new HttpGet("http://localhost:8080/json/testhttps");
二點五
| http | CA | 私有忽略 | 私有不忽略 | |
| httpclient原生 | ok | ok | not | 未嘗試 |
| httpclient sslcontext | ok | ok | ok | 未嘗試 |
| con原生 | ok | ok | not | 未嘗試 |
| con sslcontext | ok | ok | ok | 未嘗試 |
| cons | 未嘗試 | / | / | / |
三 postman
3.1 CA認證-直接請求
3.2 自簽名
直接請求時掛了
3.2.1 chrome
未成功
3.2.2 ignore
成功
3.2.3 導入
不試了