zoukankan      html  css  js  c++  java

  • java 2个httpclient客户端处理 https + postman

    零 

    根据 spring boot https,在pb协议 jdk序列化协议中代码新建一个json序列化springboot controller,并配置ssl

    一 java HttpURLConnection

    关于JAVA发送Https请求(HttpsURLConnection和HttpURLConnection) 

    证书包含两种情况:

    1.1、机构所颁发的被认证的证书,这种证书的网站在浏览器访问时https头显示为绿色如百度

    package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {
            URL object = new URL("https://www.sina.com.cn");
            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */
            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
    JsonHttpsTestCA

    1.2、个人所设定的证书,这种证书的网站在浏览器里https头显示为红色×,且需要点击信任该网站才能继续访问。而点击信任这一步的操作就是我们在java代码访问https网站时区别于http请求需要做的事情。

    package com.example.demo.controller.ssl.httpcon;

import serial.MyBaseProto;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https,需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            MyX509TrustManager.initSSL();

            URL object = new URL("https://localhost:8080/json/testhttps");

            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */

            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
    JsonHttpsTest
    package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Created by joyce on 2019/12/26.
 */
public class MyX509TrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] ax509certificate,String s) throws CertificateException {
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        // TODO Auto-generated method stub
        return null;
    }

    public static void initSSL() throws Exception {
        SSLContext sslcontext = SSLContext.getInstance("SSL","SunJSSE");
        sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
        HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
            public boolean verify(String s, SSLSession sslsession) {
                //   System.out.println("WARNING: Hostname is not matched for cert.");
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
    }
}
    MyX509TrustManager

    httpurlconnection的ssl context支持直接访问http请求

                /**
             * 该context下http也可
             */
            // URL object = new URL("http://localhost:8080/json/testhttps");

    所以JAVA发送Https请求有两种情况,三种解决办法:

    第一种情况:Https网站的证书为机构所颁发的被认证的证书,这种情况下和http请求一模一样,无需做任何改变,用HttpsURLConnection或者HttpURLConnection都可以,这也是为什么此前对外(西瓜)的https链接访问都不需要额外处理证书

    第二种情况:个人所设定的证书,这种证书默认不被信任,需要我们自己选择信任,信任的办法有两种:

    B、忽略证书验证过程,忽略之后任何Https协议网站皆能正常访问(实测用HttpsURLConnection或者HttpURLConnection都可以

    C、java代码中加载证书,必须使用HttpsURLConnection方式

    二 apache httpclient

     HttpClient发送https请求,信任所有证书

    2.1

    package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {

            /**
             * CA证书直接使用default
             */
            CloseableHttpClient httpClient = HttpClientBuilder.create().build();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://www.sina.com.cn");

            // 响应模型
            CloseableHttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
    JsonHttpsTestCA

    2.2

    package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https,需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            /**
             * 自己的证书,忽略所有
             */
            HttpClient httpClient = HttpClientFactory.createSSLClientDefault();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://localhost:8080/json/testhttps");

            // 响应模型
            HttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
    JsonHttpsTest
    package com.example.demo.controller.ssl.httpclient;

/**
 * Created by joyce on 2019/12/25.
 */
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;

import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import java.security.SecureRandom;

public class HttpClientFactory {

    public static CloseableHttpClient createSSLClientDefault() {
        try {
            //使用 loadTrustMaterial() 方法实现一个信任策略,信任所有证书
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
                // 信任所有
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }
            }).build();
            //NoopHostnameVerifier类:  作为主机名验证工具,实质上关闭了主机名验证,它接受任何
            //有效的SSL会话并匹配到目标主机。
            HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
            return HttpClients.custom().setSSLSocketFactory(sslsf).build();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return HttpClients.createDefault();

    }
}
    HttpClientFactory

    http client的ssl context支持直接访问http请求

                /**
             * 该context下http也可
             */
            // HttpGet httpGet = new HttpGet("http://localhost:8080/json/testhttps");

    二点五

      http CA 私有忽略 私有不忽略
    httpclient原生 ok ok not 未尝试
    httpclient sslcontext ok ok ok 未尝试
    con原生 ok ok not 未尝试
    con sslcontext ok ok ok 未尝试
    cons 未尝试 / / /

    三 postman

    3.1 CA认证-直接请求

    3.2 自签名

    直接请求时挂了

    3.2.1 chrome

     未成功

    3.2.2 ignore

      成功

    3.2.3 导入

    不试了
  • 相关阅读:
    主机连接虚拟机redis 服务器
    在dockers中调试dump的dotnet程序
    我的devops实践经验分享一二
    【nodejs】让nodejs像后端mvc框架(asp.net mvc)一样处理请求--请求处理结果适配篇(7/8)
    【nodejs】让nodejs像后端mvc框架(asp.net mvc)一样处理请求--参数自动映射篇(6/8)
    【nodejs】让nodejs像后端mvc框架(asp.net mvc)一样处理请求--请求处理函数装饰器注册篇(5/8)【controller+action】
    【nodejs】让nodejs像后端mvc框架(asp.net mvc)一样处理请求--控制器和处理函数的注册篇(4/8)【controller+action】
    【nodejs】让nodejs像后端mvc框架(asp.net mvc )一样处理请求--控制器的声明定义和发现篇(3/8)
    【nodejs】让nodejs像后端mvc框架(asp.net mvc )一样处理请求--路由限制及选择篇(2/8)【route】
    【nodejs】让nodejs像后端mvc框架(asp.net mvc)一样处理请求--目录(8/8 完结)
  • 原文地址:https://www.cnblogs.com/silyvin/p/12099743.html
Copyright © 2011-2022 走看看