无视Https证书是不是正确的Java Http Client

答案:2 悬赏:30 手机版

解决时间 2021-02-26 07:50

提问者网友：流星是天使的眼泪
2021-02-25 11:48

最佳答案

五星知识达人网友：孤老序
2021-02-25 12:56

无视Https证书是不是正确的Java Http Client
www.MyException.Cn 网友分享于：2013-11-10 浏览：5次
无视Https证书是否正确的Java Http Client

需要保证通讯的端到端安全，大家一致认为Https方式最适合，但需要评估性能代价。

采取ajp connector貌似无法直接使用httpd2进行load balance了，而且proxy模式的性能实在是让人心寒；jk connector如果tomcat不配ssl，据说需要forward一下，还没有搞定。

为了测试性能，写了个可以无视Https证书是否正确都能连接的Java Http Client。以为很简单的一段代码，绕是迈过了两个小门槛，才搞定的。code可以拿出来晒一晒了。

运行环境jdk1.6，不需要其它类库。

package test;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

public class HttpsUtil {

private static HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslsession) {
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
}
};

private static TrustManager ignoreCertificationTrustManger = new X509TrustManager() {

private X509Certificate[] certificates;

@Override
public void checkClientTrusted(X509Certificate certificates[],
String authType) throws CertificateException {
if (this.certificates == null) {
this.certificates = certificates;
System.out.println("init at checkClientTrusted");
}

}

@Override
public void checkServerTrusted(X509Certificate[] ax509certificate,
String s) throws CertificateException {
if (this.certificates == null) {
this.certificates = ax509certificate;
System.out.println("init at checkServerTrusted");
}

// for (int c = 0; c < certificates.length; c++) {
// X509Certificate cert = certificates[c];
// System.out.println(" Server certificate " + (c + 1) + ":");
// System.out.println(" Subject DN: " + cert.getSubjectDN());
// System.out.println(" Signature Algorithm: "
// + cert.getSigAlgName());
// System.out.println(" Valid from: " + cert.getNotBefore());
// System.out.println(" Valid until: " + cert.getNotAfter());
// System.out.println(" Issuer: " + cert.getIssuerDN());
// }

}

@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}

};

public static byte[] doGet(String urlString) {

ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
try {

URL url = new URL(urlString);

HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
HttpsURLConnection connection = (HttpsURLConnection) url
.openConnection();

// Prepare SSL Context
TrustManager[] tm = { ignoreCertificationTrustManger };
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(null, tm, new java.security.SecureRandom());

// 从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory ssf = sslContext.getSocketFactory();
connection.setSSLSocketFactory(ssf);

InputStream reader = connection.getInputStream();
byte[] bytes = new byte[512];
int length = reader.read(bytes);

do {
buffer.write(bytes, 0, length);
length = reader.read(bytes);
} while (length > 0);

// result.setResponseData(bytes);
System.out.println(buffer.toString());
reader.close();

connection.disconnect();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
}
return buffer.toByteArray();
}

public static void main(String[] args) {
String urlString = "https://www.google.com/adsense/";
String output = new String(HttpsUtil.getMethod(urlString));
System.out.println(output);
}
}

全部回答

1楼网友：孤老序
2021-02-25 13:48

jsse是一个ssl和tls的纯java实现，通过jsse可以很容易地编程实现对https站点的访问。但是，如果该站点的证书未经权威机构的验证，jsse将拒绝信任该证书从而不能访问https站点。建议到权威ca机构去申请一受信任的免费https证书来使用，比如wosign免费多域名https证书等。

我要举报

如以上回答内容为低俗、色情、不良、暴力、侵权、涉及违法等信息，可以点下面链接进行举报！

点此我要举报以上问答信息