虽然java代码 URL.openconnect(proxy);已经实现了https客户端通过代理连接服务器
但个人在使用socket https代理http://www.cnblogs.com/hua198/p/5223945.html时一直出现一个问题Unrecognized SSL message, plaintext connection
大致意思是在SSL连接过程中收到不可以识别的消息
产生这个问题一般有两种
1.发送了明文消息
2.SSL握手出现问题,不能正确完成握手
通过连接的代码,使用代理后一直无法完成握手,原因还是与HTTPS代理连接出现问题,因为代码直接与HTTPS服务器连接正常,握手报文顺序是正常的
通过IE浏览器代理抓包分析,在SSL握手报文头部出现了proxy-connect-name:xxx.yyy.com proxy-connect-port:443
然道是java在握手过程中加入这些数据,后来发现https使用代理连接过程中,客户端向代理服务器发送一个connect xxx.yyy.com:443 HTTP/1.1的一个http的报文
显然在ssl代理过程中,客户端先要通过connect与代理服务器建立连接,ssl代理服务器需要与服务器完成ssl握手,建立连接。然后客户端再与代理服务器建立ssl连接。
import java.io.InputStream;
import java.io.OutputStream;
import java.net.Socket;
import java.security.SecureRandom;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class Ssl {
public static void sslSocket2() throws Exception {
SSLContext context = SSLContext.getInstance("SSL");
// 初始化
TrustManager[] tm = { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
} };
context.init(null, tm, new SecureRandom());
SSLSocketFactory factory = context.getSocketFactory();
//_____________________________________________________
Socket socket= new Socket("127.0.0.1",8080); //代理服务器
StringBuffer connect = new StringBuffer("CONNECT mail.163.com:443 HTTP/1.1
");
OutputStream output1 = socket.getOutputStream();
output1.write(connect.toString().getBytes());
output1.flush();
InputStream input1 = socket.getInputStream();
byte[] buf1 = new byte[1024];
input1.read(buf1);
System.out.println(new String(buf1));
SSLSocket s = (SSLSocket) factory.createSocket(socket,"mail.163.com", 443,true);
//_____________________________________________________
// SSLSocket s = (SSLSocket) factory.createSocket("mail.163.com", 443);
// s.startHandshake();
OutputStream output = s.getOutputStream();
InputStream input = s.getInputStream();
output.write(("POST https://mail.163.com/entry/cgi/ntesdoor?df=mail163_letter&from=web&funcid=loginone&iframe=1&language=-1&passtype=1&product=mail163&net=t&style=-1&race=1139_1154_1123_bj&uid=xj-07@163.com HTTP/1.1"
+"
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*"
+"
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)"
+"
Content-Type: application/x-www-form-urlencoded"
+"
Accept-Encoding: gzip, deflate"
+"
Host: mail.163.com"
+"
Content-Length: 106" //body的字符个数
+"
Connection: Keep-Alive"
+"
Cache-Control: no-cache"
+"
Referer: http://mail.163.com/"
+"
Accept-Language: zh-CN"+"
"
+"
savelogin=0&url2=http%3A%2F%2Fmail.163.com%2Ferrorpage%2Ferror163.htm&username=xj-0701&password=xxx12345yy").getBytes());
output.flush();
byte[] buf = new byte[1024];
int len = input.read(buf);
System.out.println("received:" + new String(buf, 0, len));
}
public static void main(String[] args) throws Exception {
sslSocket2();
}
}