使用HttpClient发送HTTPS请求以及配置Tomcat支持SSL

Posted 魔流剑●风之痕

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了使用HttpClient发送HTTPS请求以及配置Tomcat支持SSL相关的知识,希望对你有一定的参考价值。

这里使用的是HttpComponents-Client-4.1.2

  1 package com.jadyer.util;
  2 
  3 import java.io.File;
  4 import java.io.FileInputStream;
  5 import java.io.FileNotFoundException;
  6 import java.io.IOException;
  7 import java.security.KeyManagementException;
  8 import java.security.KeyStore;
  9 import java.security.KeyStoreException;
 10 import java.security.NoSuchAlgorithmException;
 11 import java.security.UnrecoverableKeyException;
 12 import java.security.cert.CertificateException;
 13 
 14 import org.apache.http.HttpEntity;
 15 import org.apache.http.HttpResponse;
 16 import org.apache.http.ParseException;
 17 import org.apache.http.client.ClientProtocolException;
 18 import org.apache.http.client.HttpClient;
 19 import org.apache.http.client.methods.HttpGet;
 20 import org.apache.http.conn.scheme.Scheme;
 21 import org.apache.http.conn.ssl.SSLSocketFactory;
 22 import org.apache.http.impl.client.DefaultHttpClient;
 23 import org.apache.http.util.EntityUtils;
 24 
 25 /**
 26  * 使用HttpClient模拟HTTPS访问
 27  * @see ===================================================================================================================================
 28  * @see 【配置Tomcat支持SSL(即让Tomcat下的Web应用处于SSL安全通道中)】
 29  * @see ===================================================================================================================================
 30  * @see 1、生成KeyStore
 31  * @see    1)运行-->CMD-->"keytool -genkey -alias Jadyer_SSL_20120508 -keyalg RSA -validity 1024 -keystore D:\Jadyer_SSL_20120508.keystore"
 32  * @see      参数说明----->-genkey  表示生成密钥
 33  * @see                   -alias    指定别名,这里是Jadyer_SSL_20120508
 34  * @see                   -keyalg   指定算法,这里是RSA
 35  * @see                   -validity 指定证书有效期,这里是1024天
 36  * @see                   -keystore 指定存储位置,这里是D:\\Jadyer_SSL_20120508.keystore
 37  * @see    2)CMD输出----->输入keystore密码:hongyu75
 38  * @see                   再次输入新密码:hongyu75
 39  * @see                   您的名字与姓氏是什么?[Unknown]:127.0.0.1(这里要根据实际情况填写网站域名或者IP,否则会出现证书上的名称无效)
 40  * @see                   您的组织单位名称是什么?[Unknown]:http://blog.csdn.net/jadyer
 41  * @see                   您的组织名称是什么?[Unknown]:JavaLover_jadyer
 42  * @see                   您所在的城市或区域名称是什么?[Unknown]:BJ
 43  * @see                   您所在的州或省份名称是什么?[Unknown]:BJ_NanTian
 44  * @see                   该单位的两字母国家代码是什么[Unknown]:CN
 45  * @see                   CN=127.0.0.1, OU=http://blog.csdn.net/jadyer, O=JavaLover_jadyer, L=BJ, ST=BJ_NanTian, C=CN 正确吗?[否]:Y
 46  * @see                   输入<Jadyer_SSL_20120508>的主密码(如果和 keystore 密码相同,按回车):这里按回车键
 47  * @see                   (这里的主密码一定要与keystore密码相同,否则启动Tomcat时就会告诉你java.io.IOException: Cannot recover key)
 48  * @see    3)接下来就会按照-keystore参数值在指定位置生成指定的KeyStore文件了
 49  * @see ===================================================================================================================================
 50  * @see 2、让Tomcat支持SSL
 51  * @see    1)将生成的Jadyer_SSL_20120508.keystore拷贝到\\%TOMCAT_HOME%\\conf\\目录中(其它目录也可以)
 52  * @see    2)修改\\%TOMCAT_HOME%\\conf\\server.xml文件(大约在85行的位置),新增内容如下
 53  * @see      <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
 54  * @see                 maxThreads="150" scheme="https" secure="true"
 55  * @see                 clientAuth="false" sslProtocol="TLS" URIEncoding="UTF-8"
 56  * @see                 keystoreFile="conf/Jadyer_SSL_20120508.keystore" keystorePass="hongyu75"/>
 57  * @see    3)这样,我们的Tomcat就支持HTTPS访问了(关于<Connector/>标签中的属性说明,参拜Google大神)
 58  * @see ===================================================================================================================================
 59  * @see 3、用浏览器访问我们的应用
 60  * @see   1)输入https://127.0.0.1:8443/blog会发现你的应用已经处于SSL安全通道中了
 61  * @see     此时,如果我们在浏览器里访问http://127.0.0.1:8443/blog会发现,竟然能访问
 62  * @see     也就是说,我们虽然启用了HTTPS,但现在还可以绕开HTTPS直接访问HTTP还能,这样HTTPS也就起不到作用了
 63  * @see   2)我们可以配置一下\\%TOMCAT_HOME%\\conf\\web.xml文件,使得HTTP的访问能够重定向到HTTPS的连接
 64  * @see     修改位置大约为web.xml的1224行,即在</welcome-file-list>标签后面加入下面的内容,即可
 65  * @see     <security-constraint>
 66  * @see         <!-- Authorization setting for SSL -->
 67  * @see         <web-resource-collection>
 68  * @see             <web-resource-name>SSL_App</web-resource-name>
 69  * @see             <!-- 指明需要SSL的url -->
 70  * @see             <url-pattern>/*</url-pattern>
 71  * @see             <http-method>GET</http-method>
 72  * @see             <http-method>POST</http-method>
 73  * @see         </web-resource-collection>
 74  * @see         <user-data-constraint>
 75  * @see             <!-- 指明需要SSL -->
 76  * @see             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 77  * @see         </user-data-constraint>
 78  * @see     </security-constraint>
 79  * @see ===================================================================================================================================
 80  * @author http://blog.csdn.net/jadyer
 81  * @editor Feb 1, 2012 3:02:27 PM
 82  */
 83 public class HttpClientUtil {
 84     public static void main(String[] args)throws Exception{
 85         //String requestUrl = "http://127.0.0.1:8088/test/web/userac";
 86         String requestUrl = "https://127.0.0.1:8443/test/web/userac";
 87         System.out.println(sendSSLRequest(requestUrl));
 88     }
 89     
 90     /**
 91      * 发送HTTPS请求
 92      * @param requestUrl 请求的地址
 93      * @return 响应内容
 94      */
 95     @SuppressWarnings("finally")
 96     public static String sendSSLRequest(String requestUrl){
 97         long responseLength = 0;       //响应长度
 98         String responseContent = null; //响应内容
 99         HttpClient httpClient = new DefaultHttpClient(); //创建默认的httpClient实例
100         try {
101             KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
102             FileInputStream fis = new FileInputStream(new File("F:\\Tool\\IDE\\Jadyer_SSL_20120508.keystore"));
103             try {
104                 trustStore.load(fis, "hongyu75".toCharArray()); //加载KeyStore
105             } catch (NoSuchAlgorithmException e) {
106                 e.printStackTrace();
107             } catch (CertificateException e) {
108                 e.printStackTrace();
109             } catch (IOException e) {
110                 e.printStackTrace();
111             } finally {
112                 try {
113                     fis.close();
114                 } catch (IOException e) {
115                     e.printStackTrace();
116                 }
117             }
118             SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore);   //创建Socket工厂,将trustStore注入
119             Scheme sch = new Scheme("https", 8443, socketFactory);               //创建Scheme
120             httpClient.getConnectionManager().getSchemeRegistry().register(sch); //注册Scheme
121             HttpGet httpGet = new HttpGet(requestUrl);           //创建HttpGet
122             HttpResponse response = httpClient.execute(httpGet); //执行GET请求
123             HttpEntity entity = response.getEntity();            //获取响应实体
124             if (null != entity) {
125                 responseLength = entity.getContentLength();
126                 responseContent = EntityUtils.toString(entity, "UTF-8");
127                 EntityUtils.consume(entity); //Consume response content
128             }
129             System.out.println("请求地址: " + httpGet.getURI());
130             System.out.println("响应状态: " + response.getStatusLine());
131             System.out.println("响应长度: " + responseLength);
132             System.out.println("响应内容: " + responseContent);
133         } catch (KeyManagementException e) {
134             e.printStackTrace();
135         } catch (UnrecoverableKeyException e) {
136             e.printStackTrace();
137         } catch (KeyStoreException e) {
138             e.printStackTrace();
139         } catch (FileNotFoundException e) {
140             e.printStackTrace();
141         } catch (NoSuchAlgorithmException e) {
142             e.printStackTrace();
143         } catch (ClientProtocolException e) {
144             e.printStackTrace();
145         } catch (ParseException e) {
146             e.printStackTrace();
147         } catch (IOException e) {
148             e.printStackTrace();
149         } finally {
150             httpClient.getConnectionManager().shutdown(); //关闭连接,释放资源
151             return responseContent;
152         }
153     }
154 }

 

以上是关于使用HttpClient发送HTTPS请求以及配置Tomcat支持SSL的主要内容,如果未能解决你的问题,请参考以下文章

客户端怎么使用httpclient向https服务器发送数据

springboot2.X集成HttpClient 发送HTTPS 请求

HttpClient基本使用

关于httpclient 请求https (如何绕过证书验证)

java——HttpClient 代理模式发送Http Https(未完成,没贴代码呢)

httpclient跳过https请求的验证