RestTemplate进行https请求时适配信任证书
转载请注明出处:
1.http协议请求
使用RestTemplate进行http协议的请求时,不需要考虑证书验证相关问题,以下为使用RestTemplate直接使用的代码示例:
import org.springframework.web.client.RestTemplate; import org.springframework.http.ResponseEntity; import org.springframework.http.HttpMethod; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; public class HttpRestClient { public static void main(String[] args) { RestTemplate restTemplate = new RestTemplate(); String url = "http://example.com/api/endpoint"; // 注意这里是HTTP协议 HttpHeaders headers = new HttpHeaders(); // 可以在这里添加请求头,如果需要的话 HttpEntity<?> requestEntity = new HttpEntity<>(headers); try { ResponseEntity<String> responseEntity = restTemplate.exchange( url, HttpMethod.GET, // 或者使用其他HTTP方法,如POST、PUT等 requestEntity, String.class // 指定响应体的类型 ); // 处理响应 if (responseEntity.getStatusCode().is2xxSuccessful()) { String responseBody = responseEntity.getBody(); System.out.println("Response: " + responseBody); } else { System.out.println("Request failed with status: " + responseEntity.getStatusCode()); } } catch (Exception e) { e.printStackTrace(); } } }
2.Https请求信任所有证书:
在Java中,使用RestTemplate
进行HTTP请求时,默认情况下它会验证HTTPS证书的有效性。如果想要忽略HTTPS证书验证(这通常不推荐,因为它会降低安全性),需要自定义一个HttpClient
并设置它忽略SSL证书验证。
以下是一个示例,展示了如何为RestTemplate
创建一个自定义的HttpClient
,该HttpClient
将忽略HTTPS证书验证:
-
创建一个忽略SSL证书验证的
HttpClient
import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContexts; import javax.net.ssl.SSLContext; import java.security.KeyManagementException; import java.security.NoSuchAlgorithmException; public CloseableHttpClient createTrustingHttpClient() throws NoSuchAlgorithmException, KeyManagementException { SSLContext sslContext = SSLContexts.custom() .loadTrustMaterial(null, (chain, authType) -> true) // 信任所有证书 .build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); return HttpClients.custom() .setSSLSocketFactory(sslsf) .build(); }
2.使用自定义的HttpClient
创建RestTemplate
:
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; public RestTemplate createRestTemplateWithTrustingHttpClient() throws NoSuchAlgorithmException, KeyManagementException { HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory(); factory.setHttpClient(createTrustingHttpClient()); return new RestTemplate(factory); }
3.使用RestTemplate
进行请求
public void makeRequest() throws NoSuchAlgorithmException, KeyManagementException { RestTemplate restTemplate = createRestTemplateWithTrustingHttpClient(); String url = "https://example.com/api/endpoint"; RequestEntity<?> requestEntity = RequestEntity.get(URI.create(url)).build(); ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class); // 处理响应... }
注意:
-
忽略SSL证书验证会降低你的应用的安全性,因为它容易受到中间人攻击。在生产环境中,你应该始终验证SSL证书。
-
如果确实需要忽略证书验证,确保完全了解相关的安全风险,并在完成后尽快恢复正常的证书验证。
3.自定义加载证书
-
创建自定义的HttpClient
需要创建一个自定义的HttpClient
,并配置SSL上下文以加载你的证书。
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContexts; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManagerFactory; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; public class CustomRestTemplate { public static RestTemplate createRestTemplateWithCustomSSL() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { // 加载你的证书和私钥 KeyStore keyStore = KeyStore.getInstance("PKCS12"); try (InputStream certStream = new FileInputStream("path/to/your/cert.p12")) { keyStore.load(certStream, "password".toCharArray()); // 替换为你的证书密码 } KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, "password".toCharArray()); // 替换为你的证书密码 TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); SSLContext sslContext = SSLContexts.custom() .loadKeyMaterial(keyManagerFactory, "password".toCharArray()) // 替换为你的证书密码 .loadTrustMaterial(trustManagerFactory) .build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.NO_HOSTNAME_VERIFIER); CloseableHttpClient httpClient = HttpClients.custom() .setSSLSocketFactory(sslsf) .build(); HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient); return new RestTemplate(requestFactory); } }
2.使用自定义的RestTemplate
public class MyService { private final RestTemplate restTemplate; public MyService() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException { this.restTemplate = CustomRestTemplate.createRestTemplateWithCustomSSL(); } public String makeHttpsRequest(String url) { return restTemplate.getForObject(url, String.class); } }