使用 apache httpClient 客户端在没有 ssl 证书验证的情况下将发布数据发送到 https

Posted

技术标签:

【中文标题】使用 apache httpClient 客户端在没有 ssl 证书验证的情况下将发布数据发送到 https【英文标题】:sending post data to https without ssl cert verification with apache httpClient client 【发布时间】:2013-01-11 17:56:42 【问题描述】:

我需要使用 apache HttpClient 包将帖子数据发送到 https url,

发送帖子数据后,我需要检索 html 数据。

我发送的帖子数据是一个 XML 字符串,而我接收的帖子数据是一个 XML 字符串。

任何有关该问题的信息将不胜感激。

我用谷歌搜索并在互联网上找到了使用 DefaultHttpClient 的示例,现在版本 4 中已弃用。所以想知道如何正确使用新版客户端。

谢谢。

更新

public String sendPost(final String request, final String postData) throws ClientProtocolException, IOException  
    String result = null;
    CloseableHttpClient httpclient = HttpClients.createDefault();
    HttpPost httpPost = new HttpPost(request);
    CloseableHttpResponse response = httpclient.execute(httpPost);
    try 
        HttpEntity entity = response.getEntity();
        result = EntityUtils.toString(entity);
        EntityUtils.consume(entity);
     finally 
        response.close();
    
    return result;


到目前为止,我想出了这个发送请求并从响应中检索字符串的函数。我认为它应该工作。我缺少的是我对 postData 没有做任何事情。如何在我的请求中发送帖子数据?

【问题讨论】:

为什么您不想使用套接字编写一个简单的 telnet 客户端? 因为将来我需要验证 ssl 证书 【参考方案1】:
public String sendPost(final String request, final String postData) throws ClientProtocolException, IOException, NoSuchAlgorithmException, KeyManagementException  
    String result = null;
    SSLContext sslContext = SSLContext.getInstance("SSL");

    // set up a TrustManager that trusts everything
    sslContext.init(null, new TrustManager[]  new X509TrustManager() 
                public X509Certificate[] getAcceptedIssuers() 
                        System.out.println("getAcceptedIssuers =============");
                        return null;
                

                public void checkClientTrusted(X509Certificate[] certs,
                                String authType) 
                        System.out.println("checkClientTrusted =============");
                

                public void checkServerTrusted(X509Certificate[] certs,
                                String authType) 
                        System.out.println("checkServerTrusted =============");
                
     , new SecureRandom());

    CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(new SSLSocketFactory(sslContext)).build();
    HttpPost httpPost = new HttpPost(request);
    ByteArrayEntity postDataEntity = new ByteArrayEntity(postData.getBytes());
    httpPost.setEntity(postDataEntity);
    CloseableHttpResponse response = httpclient.execute(httpPost);
    try 
        HttpEntity entity = response.getEntity();
        result = EntityUtils.toString(entity);
        EntityUtils.consume(entity);
     finally 
        response.close();
    
    return result;


【讨论】:

SSLSocketFactory 现已折旧! @joker 我们应该改用什么? @EliHalych,很遗憾,我不确定。【参考方案2】:

这是另一种使用 Apache 4.5 的方法:

/////////////////
// Create SSL Client
/////////////////

CloseableHttpClient httpclient = null;
HttpHost target = new HttpHost('www.mysite.com', 443, "https");

SSLContext sslcontext = SSLContexts.createSystemDefault();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
        sslcontext, new String[]  "TLSv1", "SSLv3" , null,
        SSLConnectionSocketFactory.getDefaultHostnameVerifier());

Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
        .register("http", PlainConnectionSocketFactory.INSTANCE)
        .register("https", sslConnectionSocketFactory)
        .build();
PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(socketFactoryRegistry);

httpclient = HttpClients.custom()
.setSSLSocketFactory(sslConnectionSocketFactory)
.setConnectionManager(cm)
.build();

/////////////////
// Send POST
/////////////////

HttpPost httppost = new HttpPost('/mypath');
ByteArrayEntity postDataEntity = new ByteArrayEntity(postData.getBytes());
httpPost.setEntity(postDataEntity);
CloseableHttpResponse response = httpclient.execute(target, httpPost);

/////////////////
// Get RESPONSE
/////////////////

try 
        HttpEntity entity = response.getEntity();
        result = EntityUtils.toString(entity);
        EntityUtils.consume(entity);
 finally 
        response.close();

【讨论】:

如果提供到所需 jars/依赖项的链接会更好

以上是关于使用 apache httpClient 客户端在没有 ssl 证书验证的情况下将发布数据发送到 https的主要内容,如果未能解决你的问题,请参考以下文章

工具篇:apache-httpClient 和 jdk11-HttpClient的使用

使用 apache httpClient 客户端在没有 ssl 证书验证的情况下将发布数据发送到 https

使用 Java 和 apache HttpClient 的 Apache Shiro authcBasic 身份验证

java 使用apache httpClient客户端将发布数据发送到https而不使用ssl证书验证

Apache HTTPClient-使用不确定的HTTP GET流

是否可以使用 Apache HTTPClient 4.2.5 发出 HTTP/2 请求?