构建https协议的webService并使用httpClient接口访问
发布时间:2020-12-16 21:53:41 所属栏目:安全 来源:网络整理
导读:1.组件版本信息 apache-tomcat-7.0.75 JDK 1.8.0_91 2.使用jdk自带的keytool命令生成keystore文件test.keystore 命令: keytool -genkey -alias test123 -keypass test123 -keyalg RSA -keysize 1024 -keystore test.keystore -storepass test123 3.将test.k
|
1.组件版本信息 2.使用jdk自带的keytool命令生成keystore文件test.keystore
3.将test.keystore拷贝到apache-tomcat-7.0.75bin目录下 4.配置tomcat的conf目录server.xml文件,在配置文件中新增SSL配置 <Connector SSLEnabled="true" clientAuth="false" keystoreFile="bin/test.keystore" keystorePass="test123" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" sslProtocol="TLS"/> 5.将webservice工程添加进tomcat并启动,使用postman访问http和https链接。http可以正常访问,https访问不了,由于客户端证书问题
6.新建类HttpClientTest,用于配置https相关SSL设置 import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
public class HttpClientTest
{
public static CloseableHttpClient createSSLClient()
throws KeyManagementException,NoSuchAlgorithmException,KeyStoreException
{
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(
null,new TrustStrategy()
{
public boolean isTrusted( X509Certificate[] chain,String authType ) throws CertificateException
{
return true;
}
} ).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext,NoopHostnameVerifier.INSTANCE );
return HttpClients.custom().setSSLSocketFactory( sslsf ).build();
}
}
7.新建类HttpClientUtil,用于测试https的get请求 import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.logging.Log;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.util.EntityUtils;
public class HttpClientUtil
{
public static void main( String[] args ) throws ClientProtocolException,IOException,URISyntaxException,KeyManagementException,KeyStoreException
{
String url = "https://localhost:8443/maven-example/hello";
CloseableHttpClient httpClient = HttpClientTest.createSSLClient();
HttpGet get = new HttpGet();
get.setURI( new URI( url ) );
HttpResponse response = httpClient.execute( get );
String s = streamToString( response.getEntity().getContent() );
System.out.println( s );
}
private static String streamToString( InputStream is )
throws IOException
{
String line = "";
StringBuilder total = new StringBuilder();
BufferedReader rd = new BufferedReader( new InputStreamReader( is ) );
while ( (line = rd.readLine()) != null )
{
total.append( line );
}
return total.toString();
}
}
8.执行main方法,正确输出https的response响应
9.操作过程中遇到一个问题,报主机名验证错误
解决方法:将new SSLConnectionSocketFactory(sslContext)修改为new SSLConnectionSocketFactory(sslContext,NoopHostnameVerifier.INSTANCE)即可。原理后续进一步研究 SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext,NoopHostnameVerifier.INSTANCE);
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
