1. HTTPS vs HTTP
https://www.cnblogs.com/enhance/p/15766413.html
2. HTTPS三次握手
第二步:
浏览器生成一串随机数,然后用公钥对随机数和hash签名进行加密,加密后发送给服务器;服务器用私钥解密,取出字符串和hash签名再通过私钥加密后发送给客户端。
第三步:
客户端用公钥对密文进行解密并判断是否被篡改,如果没有篡改,客户端向服务器端发出信息,协商后面的数据通讯将使用生成的随机字符串做为秘钥进行对称密钥,同时通知服务器握手结束。服务器接受到信息后,响应协商的加密秘钥并通知客户端握手结束。
3. HTTP远程访问
3.1服务端
3.1.1 controller
@RequestMapping(value="hello11")
public String say11(){
System.out.println("sourceProperties:"+redisProperty);
return redisProperty;
}
3.1.2 application.properties
server.port=8081
#server.ssl.key-store-type=PKCS12
#server.ssl.key-store=classpath:springbucks.p12
#server.ssl.key-store-password=bridgereport
#server.ssl.enabled=true
上边内容注释掉,以上内容时启动https服务的配置
3.2客戶端
3.2.1 applicaiton.properties
server.port=8083
call.url=http://localhost:8081/test/hello11
3.2.2客户端通过restTemplate方式访问http
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.client.ClientHttpRequestFactory; import org.springframework.http.client.SimpleClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; @Configuration public class RestTemplateConfig { @Bean public RestTemplate restTemplate(ClientHttpRequestFactory factory){ return new RestTemplate(factory); } @Bean public ClientHttpRequestFactory simpleClientHttpRequestFactory(){ SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory(); factory.setConnectTimeout(15000); factory.setReadTimeout(5000); return factory; } }
3.2.3 controller
@RequestMapping(value="hello15")
public String say15(){
String result=restTemplate.getForObject(url,String.class);
System.out.println(result);
return result;
}
3.3 访问结果
服务端
客户端
4. HTTPS远程访问
4.1 生成证书 keytool
在IDEA程序对应位置执行 keytool -genkey -alias springbucks -storetype PKCS12 -keyalg RSA -keysize 2048 -keystore springbucks.p12 -validity 365
上边语句含义:生成一个 springbucks.p12 的 keytool 用的RSA算法 2048位的长度 有效期是365天
这样执行完后会在对应目中生成springbucks.p12证书文件
alias 证书别名
storetype:仓库类型,有JKS、 JCEKS、PCKS12等
keysize:证书大小
keystore:证书文件名
validity:证书有效期
4.2 服务端
application.properties
server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:springbucks.p12
server.ssl.key-store-password=bridgereport(这个密码是在4.1中生成证书文件时输入的密码)
server.ssl.enabled=true //z这个参数用于是否开启https还是http,如果true则时https,如果是false则是http
server.port=8081
这样启动客户端服务,原来所有http接口都变成https接口
4.3 客户端
4.3.1 applicaiton.properties
server.port=8083
call.url=https://localhost:8081/test/hello11 //服务端被调用接口
security.key-store=classpath:springbucks.p12 //证书
security.key-pass=bridgereport //证书密码
4.3.2 restTemplate方式访问https
import lombok.extern.slf4j.Slf4j; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.DefaultConnectionKeepAliveStrategy; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.client.RestTemplateBuilder; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.Resource; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; import javax.net.ssl.SSLContext; import java.time.Duration; import java.util.concurrent.TimeUnit; @Configuration @Slf4j public class WebConfigurer { @Value("${security.key-store}") private Resource keyStore; @Value("${security.key-pass}") private String keyPass; @Bean public HttpComponentsClientHttpRequestFactory requestFactory() { SSLContext sslContext = null; try { sslContext = SSLContextBuilder.create()//创建一个SSLContex // 会校验证书 .loadTrustMaterial(keyStore.getURL(), keyPass.toCharArray()) //这个方法需要一个url 和 一个char数组 // 放过所有证书校验 // .loadTrustMaterial(null, (certificate, authType) -> true) .build(); } catch(Exception e) { log.error("Exception occurred while creating SSLContext.", e); } CloseableHttpClient httpClient = HttpClients.custom() .evictIdleConnections(30, TimeUnit.SECONDS) .setMaxConnTotal(200) .setMaxConnPerRoute(20) .disableAutomaticRetries() .setKeepAliveStrategy(new DefaultConnectionKeepAliveStrategy()) .setSSLContext(sslContext)//设置SSLContext .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)//设置Hostname校验 .build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);//将httpClient放入 return requestFactory; } @Bean public RestTemplate restTemplate(RestTemplateBuilder builder) { //定制restTemplate return builder .setConnectTimeout(Duration.ofMillis(100)) .setReadTimeout(Duration.ofMillis(500)) .requestFactory(this::requestFactory) .build(); } }
4.3.3 调用
被调用方controller
@RequestMapping(value="hello11") public String say11(){ System.out.println("sourceProperties:"+redisProperty); return redisProperty; }
服务启动调用接口返回结果
调用方controller
@RestController @RequestMapping("/test") public class QueryController { private String redisProperty; @Value("${call.url}" @Autowired private RestTemplate restTemplate; @RequestMapping(value="hello15") public String say15(){ String result=restTemplate.getForObject(url,String.class); System.out.println(result); return result; } }
调用方call被调用方接口返回结果
