ClientBuilder https请求时忽略SSL证书,并用获得token继续访问获得数据。
在chrome中连接https时,有时被告知不是私密链接,手动可以继续。用java 代码进行https也遇到这种情况,可以 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
附完整可用代码,这里还用获得的token继续访问数据
import org.apache.commons.codec.binary.Base64;
import org.glassfish.jersey.client.ClientConfig;
import org.glassfish.jersey.client.ClientProperties;
import org.glassfish.jersey.jackson.JacksonFeature;
import org.glassfish.jersey.media.multipart.MultiPartFeature;
import javax.crypto.Cipher;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.*;
import javax.ws.rs.core.MediaType;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
public class SensLevelHelper {
public static void main(String[] args) throws Exception {
String baseUrl = "https://hostname:port/";
String api = "apipath 不含baseUrl部分";
String account = "用户名";
String password = "密码";
String token = getClientToken(account, password, baseUrl, api);
ClientConfig configuration = new ClientConfig();
configuration = configuration.property(ClientProperties.CONNECT_TIMEOUT, 30000);
configuration = configuration.property(ClientProperties.READ_TIMEOUT, 30000);
Client testClient = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).withConfig(configuration).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build();
Invocation.Builder invoker = testClient.target(baseUrl).path(api).register(MultiPartFeature.class)
.request(MediaType.APPLICATION_JSON)
.header("token", token);
PolicyGroupHelper.SearchPolicyFilter filter = new PolicyGroupHelper.SearchPolicyFilter();
filter.setType(1);
PolicyGroupHelper.GetPolicyGroupsResponse response = invoker.post(Entity.entity(filter, MediaType.APPLICATION_JSON),PolicyGroupHelper.GetPolicyGroupsResponse.class);
System.out.println(response);
}
public static String getClientToken(String account, String password, String baseUrl, String api) {
String getKeyUrl = baseUrl + "api/user/getPublicKey";
String loginUrl = baseUrl + "api/login";
for (int i = 0; i < 3; i++) {
try {
Client client = ClientBuilder.newBuilder().sslContext(createIgnoreVerifySSL()).hostnameVerifier((s1, s2) -> true).register(new JacksonFeature()).build();
WebTarget webTarget = client.target(getKeyUrl);
Invocation.Builder invocationBuilder = webTarget.request(MediaType.APPLICATION_JSON);
LogInHelper.PubKey publicKey = invocationBuilder.get(LogInHelper.PubKey.class);
byte[] decoded = Base64.decodeBase64(publicKey.getData());
RSAPublicKey pubKey;
pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
String outStr = Base64.encodeBase64String(cipher.doFinal(password.getBytes(StandardCharsets.UTF_8)));
LogInHelper.LoginData loginData = new LogInHelper.LoginData(account, outStr);
LogInHelper.LoginResponse loginResponse = client.target(loginUrl)
.request(MediaType.APPLICATION_JSON)
.post(Entity.entity(loginData, MediaType.APPLICATION_JSON), LogInHelper.LoginResponse.class);
return loginResponse.data.token;
} catch (ProcessingException ex) {
ex.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
return null;
}
private static SSLContext createIgnoreVerifySSL() throws Exception {
SSLContext sc = SSLContext.getInstance("TLSv1.3");
// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[]{trustManager}, null);
return sc;
}
}
浙公网安备 33010602011771号