java 2个httpclient客户端处理 https + postman
零
根据 spring boot https,在pb协议 jdk序列化协议中代码新建一个json序列化springboot controller,并配置ssl
一 java HttpURLConnection
关于JAVA发送Https请求(HttpsURLConnection和HttpURLConnection)
证书包含两种情况:
1.1、机构所颁发的被认证的证书,这种证书的网站在浏览器访问时https头显示为绿色如百度
package com.example.demo.controller.ssl.httpcon; import javax.net.ssl.*; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 测试CA认证的啥都不用做 */ public class JsonHttpsTestCA { public static void main(String[] args) { try { URL object = new URL("https://www.sina.com.cn"); /** * HttpURLConnection HttpsURLConnection 都可以 */ HttpURLConnection con = (HttpURLConnection) object.openConnection(); con.setDoOutput(true); con.setDoInput(true); // 显示 POST 请求返回的内容 StringBuilder sb = new StringBuilder(); int HttpResult = con.getResponseCode(); if (HttpResult == HttpURLConnection.HTTP_OK) { InputStream inputStream = con.getInputStream(); ByteArrayOutputStream result = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; int length; while ((length = inputStream.read(buffer)) != -1) { result.write(buffer, 0, length); } System.out.println(new String(result.toByteArray())); } else { System.out.println(con.getResponseCode()); System.out.println("http error"); } } catch (Exception e) { e.printStackTrace(); } } }
1.2、个人所设定的证书,这种证书的网站在浏览器里https头显示为红色×,且需要点击信任该网站才能继续访问。而点击信任这一步的操作就是我们在java代码访问https网站时区别于http请求需要做的事情。
package com.example.demo.controller.ssl.httpcon; import serial.MyBaseProto; import javax.net.ssl.*; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.io.OutputStream; import java.net.HttpURLConnection; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 自己的https,需要忽略证书 */ public class JsonHttpsTest { public static void main(String[] args) { try { MyX509TrustManager.initSSL(); URL object = new URL("https://localhost:8080/json/testhttps"); /** * HttpURLConnection HttpsURLConnection 都可以 */ HttpURLConnection con = (HttpURLConnection) object.openConnection(); con.setDoOutput(true); con.setDoInput(true); // 显示 POST 请求返回的内容 StringBuilder sb = new StringBuilder(); int HttpResult = con.getResponseCode(); if (HttpResult == HttpURLConnection.HTTP_OK) { InputStream inputStream = con.getInputStream(); ByteArrayOutputStream result = new ByteArrayOutputStream(); byte[] buffer = new byte[1024]; int length; while ((length = inputStream.read(buffer)) != -1) { result.write(buffer, 0, length); } System.out.println(new String(result.toByteArray())); } else { System.out.println(con.getResponseCode()); System.out.println("http error"); } } catch (Exception e) { e.printStackTrace(); } } }
package com.example.demo.controller.ssl.httpcon; import javax.net.ssl.*; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; /** * Created by joyce on 2019/12/26. */ public class MyX509TrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate certificates[], String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] ax509certificate,String s) throws CertificateException { } @Override public X509Certificate[] getAcceptedIssuers() { // TODO Auto-generated method stub return null; } public static void initSSL() throws Exception { SSLContext sslcontext = SSLContext.getInstance("SSL","SunJSSE"); sslcontext.init(null, new TrustManager[]{new MyX509TrustManager()}, new java.security.SecureRandom()); HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() { public boolean verify(String s, SSLSession sslsession) { // System.out.println("WARNING: Hostname is not matched for cert."); return true; } }; HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier); HttpsURLConnection.setDefaultSSLSocketFactory(sslcontext.getSocketFactory()); } }
httpurlconnection的ssl context支持直接访问http请求
1 2 3 4 | /** * 该context下http也可 */// URL object = new URL("http://localhost:8080/json/testhttps"); |
所以JAVA发送Https请求有两种情况,三种解决办法:
第一种情况:Https网站的证书为机构所颁发的被认证的证书,这种情况下和http请求一模一样,无需做任何改变,用HttpsURLConnection或者HttpURLConnection都可以,这也是为什么此前对外(西瓜)的https链接访问都不需要额外处理证书
第二种情况:个人所设定的证书,这种证书默认不被信任,需要我们自己选择信任,信任的办法有两种:
B、忽略证书验证过程,忽略之后任何Https协议网站皆能正常访问(实测用HttpsURLConnection或者HttpURLConnection都可以)
C、java代码中加载证书,必须使用HttpsURLConnection方式
二 apache httpclient
2.1
package com.example.demo.controller.ssl.httpclient; import org.apache.http.HttpEntity; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; import java.io.ByteArrayOutputStream; import java.io.InputStream; import java.net.HttpURLConnection; import java.net.URL; import java.nio.charset.Charset; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 测试CA认证的啥都不用做 */ public class JsonHttpsTestCA { public static void main(String[] args) { try { /** * CA证书直接使用default */ CloseableHttpClient httpClient = HttpClientBuilder.create().build(); // 创建Get请求 HttpGet httpGet = new HttpGet("https://www.sina.com.cn"); // 响应模型 CloseableHttpResponse response = null; try { // 由客户端执行(发送)Get请求 response = httpClient.execute(httpGet); // 从响应模型中获取响应实体 HttpEntity responseEntity = response.getEntity(); System.out.println("响应状态为:" + response.getStatusLine()); if (responseEntity != null) { System.out.println("响应内容长度为:" + responseEntity.getContentLength()); System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8")); } } catch (Exception e) { e.printStackTrace(); } finally { } } catch (Exception e) { e.printStackTrace(); } } }
2.2
package com.example.demo.controller.ssl.httpclient; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; /** * https://www.cnblogs.com/silyvin/p/12099743.html * Created by joyce on 2019/11/17. */ /** * 自己的https,需要忽略证书 */ public class JsonHttpsTest { public static void main(String[] args) { try { /** * 自己的证书,忽略所有 */ HttpClient httpClient = HttpClientFactory.createSSLClientDefault(); // 创建Get请求 HttpGet httpGet = new HttpGet("https://localhost:8080/json/testhttps"); // 响应模型 HttpResponse response = null; try { // 由客户端执行(发送)Get请求 response = httpClient.execute(httpGet); // 从响应模型中获取响应实体 HttpEntity responseEntity = response.getEntity(); System.out.println("响应状态为:" + response.getStatusLine()); if (responseEntity != null) { System.out.println("响应内容长度为:" + responseEntity.getContentLength()); System.out.println("响应内容为:" + EntityUtils.toString(responseEntity, "UTF-8")); } } catch (Exception e) { e.printStackTrace(); } finally { } } catch (Exception e) { e.printStackTrace(); } } }
package com.example.demo.controller.ssl.httpclient; /** * Created by joyce on 2019/12/25. */ import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; import javax.net.ssl.X509TrustManager; import org.apache.http.client.HttpClient; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.SSLContexts; import org.apache.http.conn.ssl.TrustStrategy; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.security.SecureRandom; public class HttpClientFactory { public static CloseableHttpClient createSSLClientDefault() { try { //使用 loadTrustMaterial() 方法实现一个信任策略,信任所有证书 SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { // 信任所有 public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }).build(); //NoopHostnameVerifier类: 作为主机名验证工具,实质上关闭了主机名验证,它接受任何 //有效的SSL会话并匹配到目标主机。 HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE; SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier); return HttpClients.custom().setSSLSocketFactory(sslsf).build(); } catch (Exception e) { e.printStackTrace(); } return HttpClients.createDefault(); } }
http client的ssl context支持直接访问http请求
1 2 3 4 | /** * 该context下http也可 */// HttpGet httpGet = new HttpGet("http://localhost:8080/json/testhttps"); |
二点五
| http | CA | 私有忽略 | 私有不忽略 | |
| httpclient原生 | ok | ok | not | 未尝试 |
| httpclient sslcontext | ok | ok | ok | 未尝试 |
| con原生 | ok | ok | not | 未尝试 |
| con sslcontext | ok | ok | ok | 未尝试 |
| cons | 未尝试 | / | / | / |
三 postman
3.1 CA认证-直接请求
3.2 自签名
直接请求时挂了
3.2.1 chrome
未成功
3.2.2 ignore
成功
3.2.3 导入
不试了
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 10年+ .NET Coder 心语,封装的思维:从隐藏、稳定开始理解其本质意义
· .NET Core 中如何实现缓存的预热?
· 从 HTTP 原因短语缺失研究 HTTP/2 和 HTTP/3 的设计差异
· AI与.NET技术实操系列:向量存储与相似性搜索在 .NET 中的实现
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 地球OL攻略 —— 某应届生求职总结
· 提示词工程——AI应用必不可少的技术
· Open-Sora 2.0 重磅开源!
· 字符编码:从基础到乱码解决
2018-12-25 json文本协议
2017-12-25 netty rpc 方面demo 调研
2017-12-25 Zookeeper 安装和配置
2015-12-25 EXCEL工作表保护密码忘记,撤销保护攻略