HttpsURLConnection 安全传输(HTTPS--Secure Hypertext Transfer Protocol-安全超文本传输协议)
HttpsURLConnection 扩展 HttpURLConnection,支持各种特定于 https 功能。此类使用 HostnameVerifier 和 SSLSocketFactory。为这两个类都定义了默认实现。但是,可以根据每个类(静态的)或每个实例来替换该实现。所有新 HttpsURLConnection 实例在创建时将被分配“默认的”静态值,通过在连接前调用每个实例适当的 set 方法可以重写这些值
在URL前加https://前缀表明是用SSL加密的。 你的电脑与服务器之间收发的信息传输将更加安全。
Web服务器启用SSL需要获得一个服务器证书并将该证书与要使用SSL的服务器绑定。
http和https使用的是完全不同的连接方式,用的端口也不一样,前者是80,后者是443。http的连接很简单,是无状态的,...
HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议
要比http协议安全
import java.io.*; import java.net.*; import java.security.*; import java.security.cert.*; import javax.net.ssl.*; public class HttpsURLConnectionTest { private String url = "https://esales.the9.com/esa/DealerLogin.php?txt_sLogin=andysmile234&pas_sPwd=343211&userstatus=1"; private myX509TrustManager xtm = new myX509TrustManager(); private myHostnameVerifier hnv = new myHostnameVerifier(); public HttpsURLConnectionTest() { SSLContext sslContext = null; try { sslContext = SSLContext.getInstance("TLS"); //或SSL X509TrustManager[] xtmArray = new X509TrustManager[] {xtm}; sslContext.init(null, xtmArray, new java.security.SecureRandom()); } catch (GeneralSecurityException e) { e.printStackTrace(); } if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } HttpsURLConnection.setDefaultHostnameVerifier(hnv); } public void run() { HttpsURLConnection urlCon = null; try { urlCon = (HttpsURLConnection)(new URL(url)).openConnection(); urlCon.setDoOutput(true); urlCon.setRequestMethod("POST"); urlCon.setRequestProperty("Content-Length", "1024"); urlCon.setUseCaches(false); urlCon.setDoInput(true); urlCon.getOutputStream().write("request content".getBytes("gbk")); urlCon.getOutputStream().flush(); urlCon.getOutputStream().close(); BufferedReader in = new BufferedReader(new InputStreamReader(urlCon.getInputStream())); String line; while ((line = in.readLine()) != null) { System.out.println(line); } // 增加自己的代码 } catch (MalformedURLException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (Exception e) { e.printStackTrace(); } } public static void main(String[] args) { HttpsURLConnectionTest httpsTest = new HttpsURLConnectionTest(); httpsTest.run(); } } /** * 重写三个方法 * @author Administrator * */ class myX509TrustManager implements X509TrustManager { public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { System.out.println("cert: " + chain[0].toString() + ", authType: " + authType); } public X509Certificate[] getAcceptedIssuers() { return null; } } /** * 重写一个方法 * @author Administrator * */ class myHostnameVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { System.out.println("Warning: URL Host: " + hostname + " vs. " + session.getPeerHost()); return true; } }
以下摘自:http://www.zimbio.com/member/kinggod03/articles/HImNQwJm-Lp/
终于完成了博客备份的程序,自己一直想做的事情算是完成了。发扬怀疑一切的精神,真不放心把自己的帐号告诉其他的公司,让他们来备份。闲来无事,也为了让我玩实况累的发软的手体验一下敲代码的感觉,专心的做完了这个备份博客的程序。总共有300多行,功能其实也很简单,就是把每篇文章的网页保存起来 ,但第一次做这种网络程序,很多都要学习。下面列出几点收获:
1,登陆需要使用SSL协议,似乎封装的太好了——只是把代码烤过来,很简单,现在也没懂是啥意思
2,使用Cookie。登录之后究竟用什么保存SessionID,头疼了很长时间。用IE进行登陆,把Cookie设成“提示”,于是所有的暗箱操作都见了阳光。这时才知道,几乎每个网页都会用Cookie存些东西,哪还有隐私。百度是必须用Cookie的,否则就无法登陆。这样有些过分了,应该提供一个选择。得到Cookie值后需要把“PASSPORTRETRYSTRING=deleted;”去掉,这个字段应该是用于防止重复提交的。如果不去掉,相当于没有登陆。去掉之后的Cookie值(主要是BDUUSS和BDUID)可以发送到服务器,这样就以登陆用户的身份查看博客了。
3,对于HTML代码应该可以用XML的方式来处理,不过我没有那个耐心,就用字符串的替代查找来实现了,效率不好,可以改进。
4,连接那部分代码借鉴了Google提供的博客访问的源代码,受益匪浅。百度没有相应的API,要不然我也不用这么麻烦。
5,还有许多细节的东西,比如文件读写啦。
6,看HTML代码真是头大!!!
为了取得信任我就把源代码贴出来,这也是我不愿意用那些商业软件的原因。商业软件,赚钱是最主要的,他不信任我,我也不信任他。而我,只不过图个安心和方便。
/** * 本程序可用于备份百度空间的文章。 * 18 hours costed. * niuys. * 2007.7.11 */ import java.io.*; import java.net.*; import java.security.GeneralSecurityException; import java.security.cert.X509Certificate; import java.util.*; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.X509TrustManager; public class OpticalBackup { // 把博客信息应编码 private String urlString = "https://passport.baidu.com/?login"; // 保存的目录 private String saveDir = "L:\\blogBackup"; // 博客的根路径 private String spaceRoot = "http://hi.baidu.com/niuys/blog/index/"; private String articleURLHead = "/niuys/blog/item/"; // parameters needed to log in. Map parameters = new HashMap(); // 建立连接需要使用cookie提供的sessionID. String cookieVal = null; // Create an anonymous class to trust all certificates. // This is bad style, you should create a separate class. private X509TrustManager xtm = new X509TrustManager() { public void checkClientTrusted(X509Certificate[] chain, String authType) { } public void checkServerTrusted(X509Certificate[] chain, String authType) { // System.out.println("cert: " + chain[0].toString() + ", authType: // " // + authType); } public X509Certificate[] getAcceptedIssuers() { return null; } }; // Create an class to trust all hosts private HostnameVerifier hnv = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { // System.out.println("hostname: " + hostname); return true; } }; // In this function we configure our system with a less stringent // hostname verifier and X509 trust manager. This code is // executed once, and calls the static methods of HttpsURLConnection public OpticalBackup() { // The parameters needed to log on. parameters.put("username", "保密"); parameters.put("password", "保密"); parameters.put("Submit", " 登录 "); parameters.put("tpl", "sp"); parameters.put("tpl_reg", "sp"); parameters.put("u", "http://www.baidu.com/"); // check the saveDir File dir = new File(saveDir); if (!dir.exists()) { dir.mkdir(); } // Initialize the TLS SSLContext with // our TrustManager SSLContext sslContext = null; try { sslContext = SSLContext.getInstance("TLS"); X509TrustManager[] xtmArray = new X509TrustManager[] {xtm}; sslContext.init(null, xtmArray, new java.security.SecureRandom()); } catch (GeneralSecurityException e) { // Print out some error message and deal with this exception e.printStackTrace(); } // Set the default SocketFactory and HostnameVerifier // for javax.net.ssl.HttpsURLConnection if (sslContext != null) { HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory()); } HttpsURLConnection.setDefaultHostnameVerifier(hnv); } // the whole process public void run() { try { URL url = new URL(urlString); HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); // Set properties of the connection urlConnection.setDoInput(true); urlConnection.setDoOutput(true); urlConnection.setUseCaches(false); urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); // Form the POST parameters StringBuilder content = new StringBuilder(); boolean first = true; Set set = parameters.entrySet(); Iterator iterator = set.iterator(); Map.Entry parameter = (Map.Entry) iterator.next(); try { while (parameter != null) { if (!first) { content.append("&"); } content.append(URLEncoder.encode((String) parameter.getKey(), "UTF-8")).append("="); content.append(URLEncoder.encode((String) parameter.getValue(), "UTF-8")); first = false; parameter = (Map.Entry) iterator.next(); } } catch (NoSuchElementException e) { e.printStackTrace(); } // send the POST request to server OutputStream outputStream = null; try { outputStream = urlConnection.getOutputStream(); outputStream.write(content.toString().getBytes("utf-8")); outputStream.flush(); } finally { if (outputStream != null) { outputStream.close(); } } // Retrieve the output InputStream inputStream = null; StringBuilder outputBuilder = new StringBuilder(); try { int responseCode = urlConnection.getResponseCode(); if (responseCode == HttpURLConnection.HTTP_OK) { inputStream = urlConnection.getInputStream(); } else { inputStream = urlConnection.getErrorStream(); } String string; if (inputStream != null) { BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); while (null != (string = reader.readLine())) { outputBuilder.append(string).append('\n'); } } // get the cookie value in the header filelds Map map = urlConnection.getHeaderFields(); Collection collection = map.values(); Object[] values = collection.toArray(); // values[4].toString() is nedded .Otherwise,an exception // throws. Direct class cast is forbidded. cookieVal = (String) values[4].toString(); // "replaceAll()" requests that if "[" exits, "]" is nedded // too.This is the diffrence from "replace()". cookieVal = cookieVal.replace(']', ' ').replace("[PASSPORTRETRYSTRING=deleted; expires=Mon, 01 Jan 1970 00:00:00 GMT; path=/;", "");// remedy the first key from cookie } finally { if (inputStream != null) { inputStream.close(); } } // find all the URLs of the articles you write. ArrayList pageURLs = findLinkers(); // save all the articles for (int i = 0; i < pageURLs.size(); i++) { savePage((String) pageURLs.get(i)); } } catch (Exception e) { e.printStackTrace(); } } // save the article with the URL private void savePage(String pageURL) { try { // create the file to accept the output.The file's name is a part of // the URL File pageFile = new File(saveDir + "\\" + pageURL.substring(36)); // 增量备份 if (pageFile.exists()) return; FileWriter fw = new FileWriter(pageFile); // create the connection to the server,and get the results. URL url = new URL(pageURL); String content = getContentFromURL(url); // write the contents to the file. fw.write(content); // flush the contents in the buffer.Without // it,the file's content may be not completed. fw.flush(); fw.close(); } catch (Exception e) { e.printStackTrace(); } } // find all the articles' URL from the html code accepted from the server private ArrayList findLinkers() { // the index of the articles int i = 0; ArrayList linkers = new ArrayList(); URL url = null; try { while (true) { url = new URL(spaceRoot + i); System.out.println("url==" + url); i++;// next index // get the content from server String content = getContentFromURL(url); // Analyze the content. ArrayList temp = getLinkerFromContent(content); if (temp.isEmpty())// no article url exists return linkers; linkers.addAll(temp);// combine the URLs } } catch (Exception e) { e.printStackTrace(); } return linkers; } private ArrayList getLinkerFromContent(String content) { ArrayList linkerArray = new ArrayList(); String linker = null; // The article's URL begins with "/niuys/blog/item/" int index = content.indexOf(articleURLHead); if (content.indexOf("暂无文章") > 0) {// 超过页数时会返回包含“暂无文章”的页,end return linkerArray; } // deal with the content while (index > 0) { // get the whole URL linker = content.substring(index, index + 46); content = content.replace(linker, ""); index = content.indexOf(articleURLHead); linker = "http://hi.baidu.com" + linker; linkerArray.add(linker); System.out.println("linker==" + linker); } return linkerArray; } private String getContentFromURL(URL url) throws Exception { HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); // Set properties of the connection urlConnection.setDoInput(true); urlConnection.setDoOutput(true); urlConnection.setUseCaches(false); urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); urlConnection.addRequestProperty("Cookie", cookieVal); // Retrieve the output InputStream inputStream = null; StringBuilder outputBuilder = new StringBuilder(); int responseCode = urlConnection.getResponseCode(); if (responseCode == HttpURLConnection.HTTP_OK) { inputStream = urlConnection.getInputStream(); } else { inputStream = urlConnection.getErrorStream(); } String string; if (inputStream != null) { BufferedReader reader = new BufferedReader(new InputStreamReader(inputStream)); while (null != (string = reader.readLine())) { outputBuilder.append(string).append('\n'); } inputStream.close(); return outputBuilder.toString(); } return ""; } public static void main(String[] args) { OpticalBackup backup = new OpticalBackup(); backup.run(); } }
