添加对https协议的支持
2013-05-30 19:29
295 查看
对https协议的网站,httpclient需要添加一个合法的SSL Certificate,否则会报异常:javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated,在被访问方实际不需要证书为访问前提的情况下,可以重写一个trustManager,忽略证书的问题,就可以解决
例子:
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
//重写X509TrustManager:
private static X509TrustManager trustManager= new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
//然后再基于这个trustmanager ,声明一个httpclient:
public static HttpClient getInstance() throws KeyManagementException,
NoSuchAlgorithmException {
HttpClient client = new DefaultHttpClient();
SSLContext ctx = SSLContext.getInstance("SSL");
//SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
// 忽略掉HostName的比较,否则访问部分地址可能会报异常
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, client.getParams());
return client;
}
}
例子:
import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
//重写X509TrustManager:
private static X509TrustManager trustManager= new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] xcs, String string)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
//然后再基于这个trustmanager ,声明一个httpclient:
public static HttpClient getInstance() throws KeyManagementException,
NoSuchAlgorithmException {
HttpClient client = new DefaultHttpClient();
SSLContext ctx = SSLContext.getInstance("SSL");
//SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx);
// 忽略掉HostName的比较,否则访问部分地址可能会报异常
ssf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
client = new DefaultHttpClient(ccm, client.getParams());
return client;
}
}
相关文章推荐
- CentOS6.5 下在Nginx中添加SSL证书以支持HTTPS协议访问
- CentOS下在Nginx中添加SSL证书以支持HTTPS协议访问
- curl不支持https协议问题解决
- 修改TomCat文件实现同时支持http协议与https协议
- linux下wget命令,支持断点续传,ftp、http、https等协议
- React-Native 在iOS9之后,网络请求默认为Https请求,如需支持Http,修改info.plist文件添加键值对设置允许http访问。
- httpclient 调用工具(同时支持 HTTP 和 HTTPS 协议)
- 让linux服务器支持安全http协议(https)
- Jboss添加https支持
- httpclient 调用工具(同时支持 HTTP 和 HTTPS 协议)
- Spring Boot支持tomcat服务器,支持http、https(ssl、tls)双协议,支持双端口
- 读取URL页面中的内容,支持HTTP和HTTPS协议
- 让linux服务器支持https(安全http协议)
- Go支持https协议的简单例子
- 牛客网Java刷题知识点之UDP协议是否支持HTTP和HTTPS协议?为什么?TCP协议支持吗?
- 使用Spring Boot开发Web项目(二)之添加HTTPS支持
- 让JavaEE项目支持Https协议
- 使用Spring Boot开发Web项目(二)之添加HTTPS支持
- Spring Boot支持Undertow服务器,支持http、https(ssl、tls)双协议,支持双端口