java 2个httpclient客户端处理 https + postman

零 

根据 spring boot https,在pb协议 jdk序列化协议中代码新建一个json序列化springboot controller,并配置ssl

一 java HttpURLConnection

关于JAVA发送Https请求(HttpsURLConnection和HttpURLConnection) 

证书包含两种情况:

1.1、机构所颁发的被认证的证书,这种证书的网站在浏览器访问时https头显示为绿色如百度

package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {
            URL object = new URL("https://www.sina.com.cn");
            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */
            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
JsonHttpsTestCA

1.2、个人所设定的证书,这种证书的网站在浏览器里https头显示为红色×,且需要点击信任该网站才能继续访问。而点击信任这一步的操作就是我们在java代码访问https网站时区别于http请求需要做的事情。

package com.example.demo.controller.ssl.httpcon;

import serial.MyBaseProto;

import javax.net.ssl.*;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https,需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            MyX509TrustManager.initSSL();

            URL object = new URL("https://localhost:8080/json/testhttps");

            /**
             * HttpURLConnection HttpsURLConnection 都可以
             */

            HttpURLConnection con = (HttpURLConnection) object.openConnection();
            con.setDoOutput(true);
            con.setDoInput(true);

            // 显示 POST 请求返回的内容
            StringBuilder sb = new StringBuilder();
            int HttpResult = con.getResponseCode();
            if (HttpResult == HttpURLConnection.HTTP_OK) {
                InputStream inputStream = con.getInputStream();
                ByteArrayOutputStream result = new ByteArrayOutputStream();
                byte[] buffer = new byte[1024];
                int length;
                while ((length = inputStream.read(buffer)) != -1) {
                    result.write(buffer, 0, length);
                }
                System.out.println(new String(result.toByteArray()));

            } else {
                System.out.println(con.getResponseCode());
                System.out.println("http error");
            }


        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
JsonHttpsTest
package com.example.demo.controller.ssl.httpcon;

import javax.net.ssl.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

/**
 * Created by joyce on 2019/12/26.
 */
public class MyX509TrustManager implements X509TrustManager {

    @Override
    public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException {
    }

    @Override
    public void checkServerTrusted(X509Certificate[] ax509certificate,String s) throws CertificateException {
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        // TODO Auto-generated method stub
        return null;
    }

    public static void initSSL() throws Exception {
        SSLContext sslcontext = SSLContext.getInstance("SSL","SunJSSE");
        sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom());
        HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
            public boolean verify(String s, SSLSession sslsession) {
                //   System.out.println("WARNING: Hostname is not matched for cert.");
                return true;
            }
        };
        HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
        HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory());
    }
}
MyX509TrustManager

httpurlconnection的ssl context支持直接访问http请求

            /**
             * 该context下http也可
             */
            // URL object = new URL("http://localhost:8080/json/testhttps");

所以JAVA发送Https请求有两种情况,三种解决办法:

第一种情况:Https网站的证书为机构所颁发的被认证的证书,这种情况下和http请求一模一样,无需做任何改变,用HttpsURLConnection或者HttpURLConnection都可以,这也是为什么此前对外(西瓜)的https链接访问都不需要额外处理证书

第二种情况:个人所设定的证书,这种证书默认不被信任,需要我们自己选择信任,信任的办法有两种:

B、忽略证书验证过程,忽略之后任何Https协议网站皆能正常访问(实测用HttpsURLConnection或者HttpURLConnection都可以

C、java代码中加载证书,必须使用HttpsURLConnection方式

二 apache httpclient

 HttpClient发送https请求,信任所有证书

2.1

package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.nio.charset.Charset;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 测试CA认证的啥都不用做
 */
public class JsonHttpsTestCA {

    public static void main(String[] args) {
        try {

            /**
             * CA证书直接使用default
             */
            CloseableHttpClient httpClient = HttpClientBuilder.create().build();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://www.sina.com.cn");

            // 响应模型
            CloseableHttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
JsonHttpsTestCA

2.2

package com.example.demo.controller.ssl.httpclient;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;

/**
 * https://www.cnblogs.com/silyvin/p/12099743.html
 * Created by joyce on 2019/11/17.
 */

/**
 * 自己的https,需要忽略证书
 */
public class JsonHttpsTest {

    public static void main(String[] args) {
        try {
            /**
             * 自己的证书,忽略所有
             */
            HttpClient httpClient = HttpClientFactory.createSSLClientDefault();
            // 创建Get请求
            HttpGet httpGet = new HttpGet("https://localhost:8080/json/testhttps");

            // 响应模型
            HttpResponse response = null;
            try {
                // 由客户端执行(发送)Get请求
                response = httpClient.execute(httpGet);
                // 从响应模型中获取响应实体
                HttpEntity responseEntity = response.getEntity();
                System.out.println("响应状态为:" + response.getStatusLine());
                if (responseEntity != null) {
                    System.out.println("响应内容长度为:" + responseEntity.getContentLength());
                    System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8"));
                }
            } catch (Exception e) {
                e.printStackTrace();
            } finally {

            }

        } catch (Exception e) {
            e.printStackTrace();
        }
    }

}
JsonHttpsTest
package com.example.demo.controller.ssl.httpclient;

/**
 * Created by joyce on 2019/12/25.
 */
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.X509TrustManager;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContexts;

import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import java.security.SecureRandom;

public class HttpClientFactory {

    public static CloseableHttpClient createSSLClientDefault() {
        try {
            //使用 loadTrustMaterial() 方法实现一个信任策略,信任所有证书
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
                // 信任所有
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }
            }).build();
            //NoopHostnameVerifier类:  作为主机名验证工具,实质上关闭了主机名验证,它接受任何
            //有效的SSL会话并匹配到目标主机。
            HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
            SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
            return HttpClients.custom().setSSLSocketFactory(sslsf).build();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return HttpClients.createDefault();

    }
}
HttpClientFactory

http client的ssl context支持直接访问http请求

            /**
             * 该context下http也可
             */
            // HttpGet httpGet = new HttpGet("http://localhost:8080/json/testhttps");

二点五

  http CA 私有忽略 私有不忽略
httpclient原生 ok ok not 未尝试
httpclient sslcontext ok ok ok 未尝试
con原生 ok ok not 未尝试
con sslcontext ok ok ok 未尝试
cons 未尝试 / / /

三 postman

3.1 CA认证-直接请求

3.2 自签名

直接请求时挂了

3.2.1 chrome

 未成功

3.2.2 ignore

  成功

3.2.3 导入

不试了

【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/silyvin/p/12099743.html