httpclient 3.1跳过https请求SSL的验证

一.commons-httpclient 3.1 包。一般请求采用最新的httpclient4.5就可以了

<dependency><groupId>commons-httpclient</groupId><artifactId>commons-httpclient</artifactId><version>3.1</version>
</dependency>

二.实现3个类

1.MyX509TrustManager（方法直接实现X509TrustManager，X509TrustManager在javax.net.ssl.X509TrustManager里面）

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;public class MyX509TrustManager implements X509TrustManager {/* (non-Javadoc)* @see javax.net.ssl.X509TrustManager#checkClientTrusted(java.security.cert.X509Certificate[], java.lang.String)*/public void checkClientTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {}/* (non-Javadoc)* @see javax.net.ssl.X509TrustManager#checkServerTrusted(java.security.cert.X509Certificate[], java.lang.String)*/public void checkServerTrusted(X509Certificate[] arg0, String arg1)throws CertificateException {}/* (non-Javadoc)* @see javax.net.ssl.X509TrustManager#getAcceptedIssuers()*/public X509Certificate[] getAcceptedIssuers() {return null;}
}

2.MySecureProtocolSocketFactory（需要用到SSLContext，改写一个实现SecureProtocolSocketFactory的方法）

注意：SSLContext context = SSLContext.getInstance("SSL");不同编译环境对应的请求证书不一样，错误的版本会导致报错

请求时报如下错：

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

（注：JDK版本的默认协议，我当前用的是JDK1.7所以JDK1.7默认使用的是TLSv1.0，虽然JDK1.7也支持TLSv1.2 TLSv1.1）

import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.commons.httpclient.ConnectTimeoutException;
import org.apache.commons.httpclient.HttpClientError;
import org.apache.commons.httpclient.params.HttpConnectionParams;
import org.apache.commons.httpclient.protocol.ControllerThreadSocketFactory;
import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {//添加一个属性，主要目的获取ssl跳过验证private SSLContext sslContext = null;/*** Constructor for MySecureProtocolSocketFactory.*/public MySecureProtocolSocketFactory() {}/*** 创建一个获取SSLContext的方法，导入MyX509TrustManager进行初始化* @return*/private static SSLContext createEasySSLContext() {try {SSLContext context = SSLContext.getInstance("根据环境去配置不同版本：TLSv1.0");context.init(null, new TrustManager[] { new MyX509TrustManager() },null);return context;} catch (Exception e) {throw new HttpClientError(e.toString());}}/*** 判断获取SSLContext* @return*/private SSLContext getSSLContext() {if (this.sslContext == null) {this.sslContext = createEasySSLContext();}return this.sslContext;}//后面的方法基本上带入相关参数/** (non-Javadoc)** @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String,*      int, java.net.InetAddress, int)*/public Socket createSocket(String host, int port, InetAddress clientHost,int clientPort) throws IOException, UnknownHostException {return getSSLContext().getSocketFactory().createSocket(host, port,clientHost, clientPort);}/** (non-Javadoc)** @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String,*      int, java.net.InetAddress, int,*      org.apache.commons.httpclient.params.HttpConnectionParams)*/public Socket createSocket(final String host, final int port,final InetAddress localAddress, final int localPort,final HttpConnectionParams params) throws IOException,UnknownHostException, ConnectTimeoutException {if (params == null) {throw new IllegalArgumentException("Parameters may not be null");}int timeout = params.getConnectionTimeout();if (timeout == 0) {return createSocket(host, port, localAddress, localPort);} else {return ControllerThreadSocketFactory.createSocket(this, host, port,localAddress, localPort, timeout);}}/** (non-Javadoc)** @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)*/public Socket createSocket(String host, int port) throws IOException,UnknownHostException {return getSSLContext().getSocketFactory().createSocket(host, port);}/** (non-Javadoc)** @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)*/public Socket createSocket(Socket socket, String host, int port,boolean autoClose) throws IOException, UnknownHostException {return getSSLContext().getSocketFactory().createSocket(socket, host,port, autoClose);}
}

3.httpclient实现的方式很简单，只要声明MySecureProtocolSocketFactory加入就可以了Protocol

import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.protocol.Protocol;
import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
/** 利用HttpClient进行post请求的工具类*/
public class HttpClientUtil {public static String doGet(String url) throws Exception {//声明ProtocolSocketFactory fcty = new MySecureProtocolSocketFactory();//加入相关的https请求方式Protocol.registerProtocol("https", new Protocol("https", fcty, 443));//发送请求即可【后续请求可参考其他工具类完成，跳过认证只需要配置上面的声明就可以了】org.apache.commons.httpclient.HttpClient httpclient = new org.apache.commons.httpclient.HttpClient();GetMethod httpget = new GetMethod(url);System.out.println("======url:" + url);try {httpclient.executeMethod(httpget);return httpget.getResponseBodyAsString();} catch (Exception ex) {ex.printStackTrace();throw new Exception(ex.getMessage());} finally {httpget.releaseConnection();}}}

总结

只要声明MySecureProtocolSocketFactory加入Protocol，然后就可以实现认证跳过了