https HttpsURLConnection请求的单向认证
2019独角兽企业重金招聘Python工程师标准>>>
参考链接
android httpClient(https/http)的优化构建方式一
android httpClient(https/http)的优化构建方式二
Java https请求 HttpsURLConnection
php使用curl库进行ssl双向认证
OpenSSL生成根证书CA及签发子证书
Java使用SSLSocket通信
android 让webview支持https 双向认证(SSL)(一)
android 让webview支持https 双向认证(SSL)(二)
webview的自定义SSL认证配置(p12证书)
Https访问的相关知识中,主要分为单项验证和双向验证,双向验证在单项验证的基础上构建而成
关于单项验证,如果要细分的话,分为证书验证和普通验证(忽略验证),因为这项验证针对客户端,所以客户端有能力控制是否需要验证
忽略验证的方式
主要如下继承X509TrustManager和HostnameVerifier
public class SSLTrustManager implements javax.net.ssl.TrustManager,javax.net.ssl.X509TrustManager ,HostnameVerifier{public java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {return true;}public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {return true;}public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)throws java.security.cert.CertificateException {return;}@Overridepublic boolean verify(String urlHostName, SSLSession session) { //允许所有主机return true;}//封装
public static HttpURLConnection connect(String strUrl) throws Exception {javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];javax.net.ssl.TrustManager tm = new SSLTrustManager();trustAllCerts[0] = tm;javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");sc.init(null, trustAllCerts, null);javax.net.ssl.HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());HttpsURLConnection.setDefaultHostnameVerifier((HostnameVerifier) tm);URL url = new URL(strUrl);HttpURLConnection urlConn = (HttpURLConnection) url.openConnection();return urlConn;}}
双向证书验证方式
如下,这里采用双向验证
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;public class HttpsPost {/*** 获得KeyStore.* @param keyStorePath* 密钥库路径* @param password* 密码* @return 密钥库* @throws Exception*/public static KeyStore getKeyStore(String password, String keyStorePath)throws Exception {// 实例化密钥库KeyStore ks = KeyStore.getInstance("JKS");// 获得密钥库文件流FileInputStream is = new FileInputStream(keyStorePath);// 加载密钥库ks.load(is, password.toCharArray());// 关闭密钥库文件流is.close();return ks;}/*** 获得SSLSocketFactory.* @param password* 密码* @param keyStorePath* 密钥库路径* @param trustStorePath* 信任库路径* @return SSLSocketFactory* @throws Exception*/public static SSLContext getSSLContext(String password,String keyStorePath, String trustStorePath) throws Exception {// 实例化密钥库KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());// 获得密钥库KeyStore keyStore = getKeyStore(password, keyStorePath);// 初始化密钥工厂keyManagerFactory.init(keyStore, password.toCharArray());// 实例化信任库TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());// 获得信任库KeyStore trustStore = getKeyStore(password, trustStorePath);// 初始化信任库trustManagerFactory.init(trustStore);// 实例化SSL上下文SSLContext ctx = SSLContext.getInstance("TLS");// 初始化SSL上下文ctx.init(keyManagerFactory.getKeyManagers(),trustManagerFactory.getTrustManagers(), null);// 获得SSLSocketFactoryreturn ctx;}/*** 初始化HttpsURLConnection.* @param password* 密码* @param keyStorePath* 密钥库路径* @param trustStorePath* 信任库路径* @throws Exception*/public static void initHttpsURLConnection(String password,String keyStorePath, String trustStorePath) throws Exception {// 声明SSL上下文SSLContext sslContext = null;// 实例化主机名验证接口HostnameVerifier hnv = new MyHostnameVerifier();try {sslContext = getSSLContext(password, keyStorePath, trustStorePath);} catch (GeneralSecurityException e) {e.printStackTrace();}if (sslContext != null) {HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());}HttpsURLConnection.setDefaultHostnameVerifier(hnv);}/*** 发送请求.* @param httpsUrl* 请求的地址* @param xmlStr* 请求的数据*/public static void post(String httpsUrl, String xmlStr) {HttpsURLConnection urlCon = null;try {urlCon = (HttpsURLConnection) (new URL(httpsUrl)).openConnection();urlCon.setDoInput(true);urlCon.setDoOutput(true);urlCon.setRequestMethod("POST");urlCon.setRequestProperty("Content-Length",String.valueOf(xmlStr.getBytes().length));urlCon.setUseCaches(false);//设置为gbk可以解决服务器接收时读取的数据中文乱码问题urlCon.getOutputStream().write(xmlStr.getBytes("gbk"));urlCon.getOutputStream().flush();urlCon.getOutputStream().close();BufferedReader in = new BufferedReader(new InputStreamReader(urlCon.getInputStream()));String line;while ((line = in.readLine()) != null) {System.out.println(line);}} catch (MalformedURLException e) {e.printStackTrace();} catch (IOException e) {e.printStackTrace();} catch (Exception e) {e.printStackTrace();}}/*** 测试方法.* @param args* @throws Exception*/public static void main(String[] args) throws Exception {// 密码String password = "123456";// 密钥库String keyStorePath = "tomcat.keystore";// 信任库String trustStorePath = "tomcat.keystore";// 本地起的https服务String httpsUrl = "https://localhost:8443/service/httpsPost";// 传输文本String xmlStr = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><fruitShop><fruits><fruit><kind>萝卜</kind></fruit><fruit><kind>菠萝</kind></fruit></fruits></fruitShop>";HttpsPost.initHttpsURLConnection(password, keyStorePath, trustStorePath);// 发起请求HttpsPost.post(httpsUrl, xmlStr);}
}
单向证书验证
public static KeyStore getHttpsKeyStore(){InputStream ins = null;try {ins = new FileInputStream("srca.cer"); //读取证书CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //问1Certificate cer = cerFactory.generateCertificate(ins);//创建一个证书库,并将证书导入证书库KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); //问2keyStore.load(null, null);keyStore.setCertificateEntry("trust", cer);return keyStore;} catch (Exception e) {e.printStackTrace();} finally {if(ins!=null){try {ins.close();} catch (IOException e) {e.printStackTrace();}}}return null;}
public void initSSLContext()
{SSLContext sslContext = SSLContext.getInstance("TLS");TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(getHttpsKeyStore());sslContext.init( null, trustManagerFactory.getTrustManagers(), new SecureRandom());HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {@Overridepublic boolean verify(String hostname, SSLSession sslsession) {if("localhost".equals(hostname)){ return true; } else { return false; } }});
}
转载于:https://my.oschina.net/ososchina/blog/500925
https HttpsURLConnection请求的单向认证相关推荐
- ssl介绍以及双向认证和单向认证原理 (转)
证书介绍 SSL安全证书可以自己生成,也可以通过第三方的CA(Certification Authority)认证中心付费申请颁发. SSL安全证书包括: 1. CA证书,也叫根证书或中间 ...
- ssl介绍以及双向认证和单向认证原理
证书介绍 SSL安全证书可以自己生成,也可以通过第三方的CA(Certification Authority)认证中心付费申请颁发. SSL安全证书包括: 1. CA证书,也叫根证书或中间 ...
- openssl https 单向认证连接成功示例
openssl https 单向认证连接成功示例 研究这个玩意也有几天的时间了,刚学C 因为不熟悉编译折腾了不少时间,终于弄通了,发个随笔给研究openssl https的同学一点提示吧. 环境: = ...
- java实现HTTPS单向认证TLS指定加密套件(文章很详细,好文章!)
1.HTTPS介绍 由于HTTP是明文传输,会造成安全隐患,所以在一些特定场景中,必须使用HTTPS协议,简单来说HTTPS=HTTP+SSL/TLS.服务端和客户端的信息传输都是通过TLS进行加密. ...
- SSL证书配置(https访问接口, 单向认证和双向认证)
拿到SSL证书后, 如何才能解锁更多玩法? 一. SpringBoots项目配置https访问接口(直接配置) SSL协议 配置步骤 1. 获取证书/ 生成证书 2. 放置证书 3. 配置项目 pro ...
- 扯一扯HTTPS单向认证、双向认证、抓包原理、反抓包策略
HTTP(HyperText Transfer Protocol,超文本传输协议)被用于在Web浏览器和网站服务器之间传递信息,在TCP/IP中处于应用层.这里提一下TCP/IP的分层共分为四层:应用 ...
- HTTPS单向认证,双向认证
HTTP(HyperText Transfer Protocol,超文本传输协议)被用于在Web浏览器和网站服务器之间传递信息,在TCP/IP中处于应用层.这里提一下TCP/IP的分层共分为四层:应用 ...
- Https单向认证和双向认证介绍
一.Http HyperText Transfer Protocol,超文本传输协议,是互联网上使用最广泛的一种协议,所有WWW文件必须遵循的标准.HTTP协议传输的数据都是未加密的,也就是明文的,因 ...
- Windows 环境 Tomcat 的 HTTPS 单向认证和双向认证的配置
2019独角兽企业重金招聘Python工程师标准>>> 单向认证,说的是浏览器验证服务器的真实性,双向认证是服务器也验证浏览器用户的真实性. 1.使用keytool生成keystor ...
最新文章
- java solr 实现_Java实现全文检索-Solr后台管理
- 【译】Deep Learning with Knowledge Graphs
- faster rcnn流程
- 调试Android之system.img的来回切换。
- Asp.Net Core WebAPI+PostgreSQL部署在Docker中
- TCP Congestion Control
- python移动端web开发代码_移动web前端开发,前端开发工作总结,移动端页面开发-我主页-一个前端程序猿的博客...
- 设计模式解密(7)- 代理模式
- ABP应用层——参数有效性验证
- Linux四剑客详解——awk
- Dorado7 DataGrid变颜色 自定义渲染
- CPU框架~ 什么是X86 ?~什么是ARM ? 华为鲲鹏云是什么?
- ROS naviagtion analysis: costmap_2d--Costmap2D
- 提取小米手机系统完整包BOOT,及ROOT!
- Birdman Quotes
- 如何在工作中形成自己的方法论(待完善)
- 设置Mathtype的粗斜体
- vue.runtime.esm.js?2b0e:619 [Vue warn]: Error in nextTick: “TypeError: Cannot read properties of und
- HTML5 网页设计基础
- 三极管与恒流源充放电电路