java HttpClient 忽略证书的信任的实现 MySSLProtocolSocketFactory

当不需要任何证书访问https时，java中先实现一个MySSLProtocolSocketFactory类忽略证书的信任

package com.tgb.mq.producer.utils;

import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketAddress;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


public class MySSLProtocolSocketFactory implements SecureProtocolSocketFactory {

    private static final Logger logger = LoggerFactory.getLogger(MySSLProtocolSocketFactory.class);

    private static SSLContext context = null;

    SSLContext createSSLContext() {
        try {
            context = SSLContext.getInstance("SSL");
            context.init(null, new TrustManager[] { new TrustAnyTrustManager() }, new SecureRandom());

        } catch (NoSuchAlgorithmException e) {
            logger.debug(e.getMessage());
        } catch (KeyManagementException e) {
            logger.debug(e.getMessage());
        }

        return context;
    }

    SSLContext getSSLContext() {
        if (context != null) {
            return createSSLContext();
        } else {
            return context;
        }

    }

    @Override
    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(host, port);
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(host, port, localHost, localPort);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(socket, host, port, autoClose);
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort, HttpConnectionParams arg4)
            throws IOException, UnknownHostException, ConnectTimeoutException {
        if (arg4 == null) {
            try {
                throw new Exception("参数为空");
            } catch (Exception e) {
                logger.debug(e.getMessage());
            }
        }

        int timeout = arg4.getConnectionTimeout();

        SSLSocketFactory socketFactory = getSSLContext().getSocketFactory();

        if (timeout == 0) {
            return socketFactory.createSocket(host, port, localHost, localPort);
        } else {
            Socket socket = socketFactory.createSocket();

            SocketAddress localAdd = new InetSocketAddress(localHost, localPort);

            SocketAddress remoteAdd = new InetSocketAddress(host, port);

            socket.bind(remoteAdd);

            socket.connect(localAdd, timeout);

            return socket;
        }

    }

    // 自定义
    private static class TrustAnyTrustManager implements X509TrustManager {

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            // 重写x509TrustManager中的checkClentTrusted方法,为空默认客户端是可信的
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            // 重写x509TrustManager中的checkServerTrusted方法,为空默认服务器是可信的
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            // 重写x509TrustManager中的getAcceptedIssuers方法,默认接受发行人的证书为空
            return new X509Certificate[] {};
        }

    }

}

在请求的代码中加入Protocol的代码就行

        HttpClient httpClient = new HttpClient();
        if (url.startsWith("https")) {
            Protocol myhttps = new Protocol("https", new MySecureProtocolSocketFactory(), 443);
            Protocol.registerProtocol("https", myhttps);
        }

发表于 2018-04-11 14:56 凡人修仙迹阅读(810) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

java HttpClient 忽略证书的信任的实现 MySSLProtocolSocketFactory

公告