Jdk1.6 HTTPS访问问题解决办法

真是艹蛋的一次经历,jdk6上面去访问别人的https,还好有百度搞定了问题.现在写下随笔,记录下;

首先要自己重写SSLSocketFactory这个类,

下面是自己重写的这个类:TLSSocketConnectionFactory

package cn.cbsw.tools;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;

import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.security.cert.X509Certificate;

import org.bouncycastle.crypto.tls.Certificate;
import org.bouncycastle.crypto.tls.CertificateRequest;
import org.bouncycastle.crypto.tls.DefaultTlsClient;
import org.bouncycastle.crypto.tls.ExtensionType;
import org.bouncycastle.crypto.tls.TlsAuthentication;
import org.bouncycastle.crypto.tls.TlsClientProtocol;
import org.bouncycastle.crypto.tls.TlsCredentials;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
/**
 * 建立一个自己的ssl类
 */
public class TLSSocketConnectionFactory extends SSLSocketFactory{
 
    static {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }

    @Override
    public Socket createSocket(Socket socket, final String host, int port,
                               boolean arg3) throws IOException {
        if (socket == null) {
            socket = new Socket();
        }
        if (!socket.isConnected()) {
            socket.connect(new InetSocketAddress(host, port));
        }

        final TlsClientProtocol tlsClientProtocol = new     TlsClientProtocol(socket.getInputStream(), socket.getOutputStream(), new     SecureRandom());

        return _createSSLSocket(host, tlsClientProtocol);
    }

    @Override public String[] getDefaultCipherSuites() { return null; }
    @Override public String[] getSupportedCipherSuites() { return null; }
    @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress host, int port) throws IOException { return null; }
    @Override public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException { return null; }
    @Override public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { return null; }

    private SSLSocket _createSSLSocket(final String host, final TlsClientProtocol tlsClientProtocol) {
        return new SSLSocket() {
            private java.security.cert.Certificate[] peertCerts;

            @Override public InputStream getInputStream() throws IOException { return tlsClientProtocol.getInputStream(); }
            @Override public OutputStream getOutputStream() throws IOException { return tlsClientProtocol.getOutputStream(); }
            @Override public synchronized void close() throws IOException { tlsClientProtocol.close(); }
            @Override public void addHandshakeCompletedListener( HandshakeCompletedListener arg0) { }
            @Override public boolean getEnableSessionCreation() { return false; }
            @Override public String[] getEnabledCipherSuites() { return null; }
            @Override public String[] getEnabledProtocols() { return null; }
            @Override public boolean getNeedClientAuth() { return false; }

            @Override
            public SSLSession getSession() {
                return new SSLSession() {

                    /*原本这些方法都是直接throw UnsupportedOperationException 导致看不到真实异常*/
                    @Override
                    public int getApplicationBufferSize() {
                        return 0;
                    }
                    @Override public String getCipherSuite() { return null; }
                    @Override public long getCreationTime() { return 0; }
                    @Override public byte[] getId() { return null; }
                    @Override public long getLastAccessedTime() { return 0; }
                    @Override public java.security.cert.Certificate[] getLocalCertificates() { return null; }
                    @Override public Principal getLocalPrincipal() { return null; }
                    @Override public int getPacketBufferSize() { return 0; }
                    @Override public X509Certificate[] getPeerCertificateChain() throws SSLPeerUnverifiedException { return null; }
                    @Override public java.security.cert.Certificate[] getPeerCertificates() throws SSLPeerUnverifiedException { return peertCerts; }
                    @Override public String getPeerHost() { return null; }
                    @Override public int getPeerPort() { return 0; }
                    @Override public Principal getPeerPrincipal() throws SSLPeerUnverifiedException { return null; }
                    @Override public String getProtocol() { return null; }
                    @Override public SSLSessionContext getSessionContext() { return null; }
                    @Override public Object getValue(String arg0) { return null; }
                    @Override public String[] getValueNames() { return null; }
                    @Override public void invalidate() { return; }
                    @Override public boolean isValid() { return true; }
                    @Override public void putValue(String arg0, Object arg1) { return; }
                    @Override
                    public void removeValue(String arg0) {
                        return;
                    }
                };
            }

            @Override public String[] getSupportedProtocols() { return null; }
            @Override public boolean getUseClientMode() { return false; }
            @Override public boolean getWantClientAuth() { return false; }
            @Override public void removeHandshakeCompletedListener(HandshakeCompletedListener arg0) { }
            @Override public void setEnableSessionCreation(boolean arg0) { }
            @Override public void setEnabledCipherSuites(String[] arg0) { }
            @Override public void setEnabledProtocols(String[] arg0) { }
            @Override public void setNeedClientAuth(boolean arg0) { }
            @Override public void setUseClientMode(boolean arg0) { }
            @Override public void setWantClientAuth(boolean arg0) { }
            @Override public String[] getSupportedCipherSuites() { return null; }

            @Override
            public void startHandshake() throws IOException {
                tlsClientProtocol.connect(new DefaultTlsClient() {

                    @SuppressWarnings("unchecked")
                    @Override
                    public Hashtable<Integer, byte[]> getClientExtensions() throws IOException {
                        Hashtable<Integer, byte[]> clientExtensions = super.getClientExtensions();
                        if (clientExtensions == null) {
                            clientExtensions = new Hashtable<Integer, byte[]>();
                        }

                        //Add host_name
                        byte[] host_name = host.getBytes();

                        final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                        final DataOutputStream dos = new DataOutputStream(baos);
                        dos.writeShort(host_name.length + 3);
                        dos.writeByte(0);
                        dos.writeShort(host_name.length);
                        dos.write(host_name);
                        dos.close();
                        clientExtensions.put(ExtensionType.server_name, baos.toByteArray());
                        return clientExtensions;
                    }

                    @Override
                    public TlsAuthentication getAuthentication() throws IOException {
                        return new TlsAuthentication() {

                            @Override
                            public void notifyServerCertificate(Certificate serverCertificate) throws IOException {
                                try {
                                    KeyStore ks = _loadKeyStore();

                                    CertificateFactory cf = CertificateFactory.getInstance("X.509");
                                    List<java.security.cert.Certificate> certs = new LinkedList<java.security.cert.Certificate>();
                                    boolean trustedCertificate = false;
                                    for ( org.bouncycastle.asn1.x509.Certificate c : serverCertificate.getCertificateList()) {
                                        java.security.cert.Certificate cert = cf.generateCertificate(new ByteArrayInputStream(c.getEncoded()));
                                        certs.add(cert);

                                        String alias = ks.getCertificateAlias(cert);
                                        if(alias != null) {
                                            if (cert instanceof java.security.cert.X509Certificate) {
                                                try {
                                                    ( (java.security.cert.X509Certificate) cert).checkValidity();
                                                    trustedCertificate = true;
                                                } catch(CertificateExpiredException cee) {
                                                    // Accept all the certs!
                                                }
                                            }
                                        } else {
                                            // Accept all the certs!
                                        }

                                    }
                                    if (!trustedCertificate) {
                                        // Accept all the certs!
                                    }
                                    peertCerts = certs.toArray(new java.security.cert.Certificate[0]);
                                } catch (Exception ex) {
                                    ex.printStackTrace();
                                    throw new IOException(ex);
                                }
                            }

                            @Override
                            public TlsCredentials getClientCredentials(CertificateRequest certificateRequest) throws IOException {
                                return null;
                            }

                            private KeyStore _loadKeyStore() throws Exception {
                                FileInputStream trustStoreFis = null;
                                try {
                                    KeyStore localKeyStore = null;

                                    String trustStoreType = System.getProperty("javax.net.ssl.trustStoreType")!=null?System.getProperty("javax.net.ssl.trustStoreType"):KeyStore.getDefaultType();
                                    String trustStoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider")!=null?System.getProperty("javax.net.ssl.trustStoreProvider"):"";

                                    if (trustStoreType.length() != 0) {
                                        if (trustStoreProvider.length() == 0) {
                                            localKeyStore = KeyStore.getInstance(trustStoreType);
                                        } else {
                                            localKeyStore = KeyStore.getInstance(trustStoreType, trustStoreProvider);
                                        }

                                        char[] keyStorePass = null;
                                        String str5 = System.getProperty("javax.net.ssl.trustStorePassword")!=null?System.getProperty("javax.net.ssl.trustStorePassword"):"";

                                        if (str5.length() != 0) {
                                            keyStorePass = str5.toCharArray();
                                        }

                                        localKeyStore.load(trustStoreFis, keyStorePass);

                                        if (keyStorePass != null) {
                                            for (int i = 0; i < keyStorePass.length; i++) {
                                                keyStorePass[i] = 0;
                                            }
                                        }
                                    }
                                    return localKeyStore;
                                } finally {
                                    if (trustStoreFis != null) {
                                        trustStoreFis.close();
                                    }
                                }
                            }
                        };
                    }

                });
            } // startHandshake
        };
    }
}

依赖jar包:

bcpkix-jdk15on-1.60.jar

bcprov-jdk15on-1.60.jar

然后再写一个httpsConnectionUtils工具类:

package cn.cbsw.tools;

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLEncoder;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.lang.StringUtils;

/**
 * 本类是解决https访问问题 
 * @author sun
 *
 */
public class HttpsConnectUtils {
    
    /**
     * 获取url内容
     */
    public static String getQuery(String desUrl,String method,Map<String,String> params) throws Throwable{
        if(!"POST".equalsIgnoreCase(method)){
            method="GET";//如果不是POST就认为是GET,至于PUT很少用到,暂时用不到
        }
        String paramStr="";
        if(params!=null && !params.isEmpty()){
               List<String> list=new ArrayList<String>();//存放参数
               Iterator<String> it=params.keySet().iterator();
               while(it.hasNext()){
                   String key=it.next();
                   list.add(key+"="+URLEncoder.encode(params.get(key), "utf-8"));
               }
               paramStr=StringUtils.join(list,"&");
           }
        //如果是get请求且带有参数
        if(!"".equals(paramStr) && "GET".equalsIgnoreCase(method)){
            desUrl+="?"+paramStr;
        }
         URL url = new URL(null,desUrl,new sun.net.www.protocol.https.Handler());
        SSLContext sslContext=SSLContext.getInstance("TLS");
        TrustManager x509TrustManager=new X509TrustManager() {
            
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            
            @Override
            public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                
            }
            
            @Override
            public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                
            }
        };
        sslContext.init(null, new TrustManager[]{x509TrustManager}, null);
        HttpsURLConnection httpsConn=(HttpsURLConnection) url.openConnection();
        httpsConn.setSSLSocketFactory(new TLSSocketConnectionFactory());
           httpsConn.setRequestProperty("accept", "*/*");
           httpsConn.setRequestProperty("connection", "Keep-Alive");
           httpsConn.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows xp)");
           httpsConn.setDoOutput(true);
           httpsConn.setDoInput(true);
           httpsConn.setRequestMethod(method!=null?method:"GET");//默认get
           //忽略证书设置
           httpsConn.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
           //下面的方法会自动修改请求方式为POST
           if(!"".equals(paramStr) && "POST".equalsIgnoreCase(method)){
            DataOutputStream out = new DataOutputStream(httpsConn.getOutputStream());
            out.writeBytes(paramStr);
            out.flush();
            out.close();
           }
           
           InputStreamReader isr = new InputStreamReader(httpsConn.getInputStream(), "utf-8");  
           BufferedReader inReader = new BufferedReader(isr);  
           StringBuffer result = new StringBuffer();  
           String inputLine;  
           while ((inputLine = inReader.readLine()) != null) {  
               result.append(inputLine);  
           }  
           // 关闭输入流  
           inReader.close();  
           isr.close();  
           httpsConn.disconnect();//每次请求完毕后关闭链接
           return result.toString();
    }
}

 

然后调用的时候直接按httpsConnectionUtils.getQuery(String desUrl,String method,Map<String,String> params)调用即可.

通过百度整整坑了一个星期总算搞定.另外jdk1.8版的工具类也发下httpsConnectionUtils

package cn.cbsw.tools;

import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLEncoder;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.commons.lang.StringUtils;

/**
 * 本类是解决https访问问题 
 * @author sun
 *
 */
public class HttpsConnectUtils {
    
    /**
     * 获取url内容
     */
    public static String getQuery(String desUrl,String method,Map<String,String> params) throws Throwable{
        if(!"POST".equalsIgnoreCase(method)){
            method="GET";//如果不是POST就认为是GET,至于PUT很少用到,暂时用不到
        }
        String paramStr="";
        if(params!=null && !params.isEmpty()){
               List<String> list=new ArrayList<String>();//存放参数
               Iterator<String> it=params.keySet().iterator();
               while(it.hasNext()){
                   String key=it.next();
                   list.add(key+"="+URLEncoder.encode(params.get(key), "utf-8"));
               }
               paramStr=StringUtils.join(list,"&");
           }
        //如果是get请求且带有参数
        if(!"".equals(paramStr) && "GET".equalsIgnoreCase(method)){
            desUrl+="?"+paramStr;
        }
         URL url = new URL(null,desUrl,new sun.net.www.protocol.https.Handler());
        SSLContext sslContext=SSLContext.getInstance("TLSv1.2");//jdk8支持1.2版本
        TrustManager x509TrustManager=new X509TrustManager() {
            
            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
            
            @Override
            public void checkServerTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                
            }
            
            @Override
            public void checkClientTrusted(X509Certificate[] arg0, String arg1)
                    throws CertificateException {
                
            }
        };
        sslContext.init(null, new TrustManager[]{x509TrustManager}, null);
        HttpsURLConnection httpsConn=(HttpsURLConnection) url.openConnection();
        httpsConn.setSSLSocketFactory(sslContext.getSocketFactory());
           httpsConn.setRequestProperty("accept", "*/*");
           httpsConn.setRequestProperty("connection", "Keep-Alive");
           httpsConn.setRequestProperty("user-agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows xp)");
           httpsConn.setDoOutput(true);
           httpsConn.setDoInput(true);
           httpsConn.setRequestMethod(method!=null?method:"GET");//默认get
           //忽略证书设置
           httpsConn.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
           //下面的方法会自动修改请求方式为POST
           if(!"".equals(paramStr) && "POST".equalsIgnoreCase(method)){
            DataOutputStream out = new DataOutputStream(httpsConn.getOutputStream());
            out.writeBytes(paramStr);
            out.flush();
            out.close();
           }
           
           InputStreamReader isr = new InputStreamReader(httpsConn.getInputStream(), "utf-8");  
           BufferedReader inReader = new BufferedReader(isr);  
           StringBuffer result = new StringBuffer();  
           String inputLine;  
           while ((inputLine = inReader.readLine()) != null) {  
               result.append(inputLine);  
           }  
           // 关闭输入流  
           inReader.close();  
           isr.close();  
           httpsConn.disconnect();//每次请求完毕后关闭链接
           return result.toString();
    }
}

希望能帮到后来人!

总的来说升级jdk到1.8肯定是最好方案,不得以才会用上面方法.

也感谢那些善于分享经验的人!

posted @ 2020-08-14 12:07  勇者无极限  阅读(4393)  评论(2编辑  收藏  举报