https://www.dazhuanlan.com/crushondogs/topics/1476318
1.Java 需要驗證客戶端證書和服務端證書,客戶端證書為 P12 庫,服務端為 keystore 庫,客戶端庫需要密碼,服務端庫不需要密碼。
2.如果服務端證書已經添加到 JVM 證書庫中,則代碼可省略服務端的證書驗證。
JAVA SSL
package com.dianru.analysis.module.weixin;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
public class HttpsPost {
/** 獲得KeyStore.
*
* @param keyStorePath
* 密鑰庫路徑
* @param password
* 密碼
* @return 密鑰庫
* @throws Exception */
public static KeyStore getKeyStore(String password, String keyStorePath) throws Exception {
// 實例化密鑰庫
KeyStore ks = KeyStore.getInstance("JKS");
// 獲得密鑰庫文件流
FileInputStream is = new FileInputStream(keyStorePath);
// 加載密鑰庫
ks.load(is, password.toCharArray());
// 關閉密鑰庫文件流
is.close();
return ks;
}
/** 獲得SSLSocketFactory.
*
* @param password
* 密碼
* @param keyStorePath
* 密鑰庫路徑
* @param trustStorePath
* 信任庫路徑
* @return SSLSocketFactory
* @throws Exception */
public static SSLContext getSSLContext(String password, String keyStorePath, String trustStorePath)
throws Exception {
// 實例化密鑰庫
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
// 獲得密鑰庫
KeyStore keyStore = getKeyStore(password, keyStorePath);
// 初始化密鑰工廠
keyManagerFactory.init(keyStore, password.toCharArray());
// 實例化信任庫
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// 獲得信任庫
KeyStore trustStore = getKeyStore(password, trustStorePath);
// 初始化信任庫
trustManagerFactory.init(trustStore);
// 實例化SSL上下文
SSLContext ctx = SSLContext.getInstance("TLS");
// 初始化SSL上下文
ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
// 獲得SSLSocketFactory
return ctx;
}
/** 初始化HttpsURLConnection.
*
* @param password
* 密碼
* @param keyStorePath
* 密鑰庫路徑
* @param trustStorePath
* 信任庫路徑
* @throws Exception */
public static void initHttpsURLConnection(String password, String keyStorePath, String trustStorePath)
throws Exception {
// 聲明SSL上下文
SSLContext sslContext = null;
// 實例化主機名驗證接口
HostnameVerifier hnv = new MyHostnameVerifier();
try {
sslContext = getSSLContext(password, keyStorePath, trustStorePath);
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hnv);
}
/** 發送請求.
*
* @param httpsUrl
* 請求的地址
* @param xmlStr
* 請求的數據 */
public static void post(String httpsUrl, String xmlStr) {
HttpsURLConnection urlCon = null;
try {
urlCon = (HttpsURLConnection) (new URL(httpsUrl)).openConnection();
urlCon.setDoInput(true);
urlCon.setDoOutput(true);
urlCon.setRequestMethod("POST");
urlCon.setRequestProperty("Content-Length", String.valueOf(xmlStr.getBytes().length));
urlCon.setUseCaches(false);
//設置為gbk可以解決服務器接收時讀取的數據中文亂碼問題
urlCon.getOutputStream().write(xmlStr.getBytes("gbk"));
urlCon.getOutputStream().flush();
urlCon.getOutputStream().close();
BufferedReader in = new BufferedReader(new InputStreamReader(urlCon.getInputStream()));
String line;
while ((line = in.readLine()) != null) {
System.out.println(line);
}
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
/** 測試方法.
*
* @param args
* @throws Exception */
public static void main(String[] args) throws Exception {
// 密碼
String password = "wanggang";
// 密鑰庫
String keyStorePath = "D:/wngn/cert/wngn/java-client.p12";
// 信任庫
String trustStorePath = "D:/wngn/cert/wngn/java-server.truststore";
// 本地起的https服務
String httpsUrl = "https://java.vfou.com:8086/data/active/getLatest";
// 傳輸文本
String xmlStr = "";
HttpsPost.initHttpsURLConnection(password, keyStorePath, trustStorePath);
// 發起請求
HttpsPost.post(httpsUrl, xmlStr);
}
}
package com.dianru.analysis.module.weixin;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
/**
* 實現用於主機名驗證的基接口。
* 在握手期間,如果 URL 的主機名和服務器的標識主機名不匹配,則驗證機制可以回調此接口的實現程序來確定是否應該允許此連接。
*/
public class MyHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
if("localhost".equals(hostname)){
return true;
} else {
return false;
}
}
}
HTTP CLIENT
package com.dianru.analysis.module.weixin;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/** User: rizenguo Date: 2014/10/29 Time: 14:36 */
public class HttpsRequest {
public static Logger LOG = LogManager.getLogger(HttpsRequest.class);
public interface ResultListener {
public void onConnectionPoolTimeoutError();
}
// 表示請求器是否已經做了初始化工作
private boolean hasInit = false;
// 請求器的配置
private RequestConfig requestConfig;
// HTTP請求器
private CloseableHttpClient httpClient;
public HttpsRequest() {
try {
init();
} catch (Exception e) {
e.printStackTrace();
}
}
private void init() throws IOException, KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException,
KeyManagementException {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
FileInputStream instream = new FileInputStream(new File("D:/wngn/cert/wngn/java-client.p12"));
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream2 = new FileInputStream(new File("D:/wngn/cert/wngn/java-server.truststore"));
try {
keyStore.load(instream, "wanggang".toCharArray());// 設置證書密碼
trustStore.load(instream2, "wanggang".toCharArray());// 設置證書密碼
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} finally {
instream.close();
}
// Trust own CA and all self-signed certs 相信自己的CA和所有自簽名的證書
SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keyStore, "wanggang".toCharArray())
.loadTrustMaterial(trustStore).build();
// Allow TLSv1 protocol only 只允許使用TLSv1協議
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1" }, null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
// 根據默認超時限制初始化requestConfig
requestConfig = RequestConfig.custom().setSocketTimeout(10 * 1000).setConnectTimeout(30 * 1000).build();
hasInit = true;
}
public String sendPost(String url) throws UnrecoverableKeyException, KeyManagementException,
NoSuchAlgorithmException, KeyStoreException, IOException {
if (!hasInit) {
init();
}
String result = null;
HttpPost httpPost = new HttpPost(url);
System.out.println("API,POST過去的數據是:");
// 得指明使用UTF-8編碼,否則到API服務器XML的中文不能被成功識別
StringEntity postEntity = new StringEntity("", "UTF-8");
httpPost.addHeader("Content-Type", "text/xml");
httpPost.setEntity(postEntity);
// 設置請求器的配置
httpPost.setConfig(requestConfig);
try {
HttpResponse response = httpClient.execute(httpPost);
HttpEntity entity = response.getEntity();
result = EntityUtils.toString(entity, "UTF-8");
System.out.println(result);
} catch (Exception e) {
LOG.error(url + "-" + e.getMessage());
e.printStackTrace();
} finally {
httpPost.abort();
}
return result;
}
private static final String HTTPS_URL = "https://java.vfou.com:8086/data/active/getLatest";
public static void main(String[] args) throws UnrecoverableKeyException, KeyManagementException,
NoSuchAlgorithmException, KeyStoreException, IOException {
HttpsRequest CLIENT = new HttpsRequest();
String response = CLIENT.sendPost(HTTPS_URL);
System.out.println(response);
}
}