httpshttpclient證書

㈠ 如何httpclient訪問https

很多情況下，需要通過程序抓取網頁或者調用介面獲取數據。使用apache的httpClient是一個最常用的開源的java第三方工具包。那麼如何訪問https的地址呢？

工具/原料
jdk
httpclent.jar
IDE(eg.Eclipse)或者文本編輯器 有一個就可以
方法/步驟
下載httpclient
網路一下：apache httpclient，還是看截圖吧
HttpClient4.3.x如何請求https的通用方法
HttpClient4.3.x如何請求https的通用方法
HttpClient4.3.x如何請求https的通用方法

㈡ 用java做一個httpClient 發送https 的get請求，需要證書驗證的那種，求大神指點一下！

你那個 SSLSocketFactory(ks) 是自己的類？

你有用過 KeyManager.init (...)? 和 TrustManager.init(...) ?

想要在連接建立過程上互動式的彈出確認對話框來的話需要我們自己提供一個 KeyManager 和 TrustManager 的實現類，這有點復雜，你可以看一個 Sun 的 X509KeyManager 是怎麼做的，默認地情況下它是從自動搜索匹配的 subject ，我們需要用自己提供的方式彈出確認的過程還不是全自動，另外一個賬戶可能有多個數字證書，比如支付寶我們就有多個簽發時間不一樣的數字證書，在連接建立時 IE 會提示我們選擇其中的一個來使用，銀行的 U 盾在安裝多張數字證書時也會提示我們選擇其中一個對應到你正在使用的銀行卡號的那張證書。

㈢ httpclient支持https嗎

支持，
默認情況下，如果你訪問的https站點頒發者證書存在於jre的cacerts中，直接用就可以;
如果你訪問的https站點不是內置頒發者：如12xx6那個XX網站的https。。。那就得費點功夫

簡單理解： 請用瀏覽器訪問那個https url，如果沒警告，一般情況下直接用就可的

㈣ HttpClient 怎麼忽略證書驗證訪問https

您好，我來為您解答：
自定義一個SSLSocketFactory，忽略證書的驗證。
如果我的回答沒能幫助您，請繼續追問。

㈤ 無視Https證書是不是正確的Java Http Client

無視Https證書是不是正確的Java Http Client
www.MyException.Cn 網友分享於：2013-11-10 瀏覽：5次
無視Https證書是否正確的Java Http Client

需要保證通訊的端到端安全，大家一致認為Https方式最適合，但需要評估性能代價。

採取ajp connector貌似無法直接使用httpd2進行load balance了，而且proxy模式的性能實在是讓人心寒；jk connector如果tomcat不配ssl，據說需要forward一下，還沒有搞定。

為了測試性能，寫了個可以無視Https證書是否正確都能連接的Java Http Client。以為很簡單的一段代碼，繞是邁過了兩個小門檻，才搞定的。code可以拿出來曬一曬了。

運行環境jdk1.6，不需要其它類庫。

package test;

import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
* 無視Https證書是否正確的Java Http Client
*
* <p>
* <a href="HttpsUtil.java.html"><i>View Source</i></a>
* </p>
*
* @author <a href="mailto:[email protected]">LiYan</a>
*
* @create Sep 10, 2009 9:59:35 PM
* @version $Id$
*/
public class HttpsUtil {

/**
* 忽視證書HostName
*/
private static HostnameVerifier ignoreHostnameVerifier = new HostnameVerifier() {
public boolean verify(String s, SSLSession sslsession) {
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
}
};

/**
* Ignore Certification
*/
private static TrustManager = new X509TrustManager() {

private X509Certificate[] certificates;

@Override
public void checkClientTrusted(X509Certificate certificates[],
String authType) throws CertificateException {
if (this.certificates == null) {
this.certificates = certificates;
System.out.println("init at checkClientTrusted");
}

}

@Override
public void checkServerTrusted(X509Certificate[] ax509certificate,
String s) throws CertificateException {
if (this.certificates == null) {
this.certificates = ax509certificate;
System.out.println("init at checkServerTrusted");
}

// for (int c = 0; c < certificates.length; c++) {
// X509Certificate cert = certificates[c];
// System.out.println(" Server certificate " + (c + 1) + ":");
// System.out.println(" Subject DN: " + cert.getSubjectDN());
// System.out.println(" Signature Algorithm: "
// + cert.getSigAlgName());
// System.out.println(" Valid from: " + cert.getNotBefore());
// System.out.println(" Valid until: " + cert.getNotAfter());
// System.out.println(" Issuer: " + cert.getIssuerDN());
// }

}

@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}

};

public static byte[] doGet(String urlString) {

ByteArrayOutputStream buffer = new ByteArrayOutputStream(512);
try {

URL url = new URL(urlString);

/*
* use ignore host name verifier
*/
HttpsURLConnection.setDefaultHostnameVerifier(ignoreHostnameVerifier);
HttpsURLConnection connection = (HttpsURLConnection) url
.openConnection();

// Prepare SSL Context
TrustManager[] tm = { };
SSLContext sslContext = SSLContext.getInstance("SSL", "SunJSSE");
sslContext.init(null, tm, new java.security.SecureRandom());

// 從上述SSLContext對象中得到SSLSocketFactory對象
SSLSocketFactory ssf = sslContext.getSocketFactory();
connection.setSSLSocketFactory(ssf);

InputStream reader = connection.getInputStream();
byte[] bytes = new byte[512];
int length = reader.read(bytes);

do {
buffer.write(bytes, 0, length);
length = reader.read(bytes);
} while (length > 0);

// result.setResponseData(bytes);
System.out.println(buffer.toString());
reader.close();

connection.disconnect();
} catch (Exception ex) {
ex.printStackTrace();
} finally {
}
return buffer.toByteArray();
}

public static void main(String[] args) {
String urlString = "https://www.google.com/adsense/";
String output = new String(HttpsUtil.getMethod(urlString));
System.out.println(output);
}
}

㈥ Java的HttpClient如何去支持無證書訪問https

項目里需要訪問其他介面，通過http/https協議。我們一般是用HttpClient類來實現具體的http/https協議介面的調用。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=http://www.xxx.com/xxx;

// Init a HttpMethod
HttpMethod get = new GetMethod(url);
get.setDoAuthentication(true);
get.getParams().setParameter(HttpMethodParams.RETRY_HANDLER, new DefaultHttpMethodRetryHandler(1, false));

// Call http interface
try {
client.executeMethod(get);

// Handle the response from http interface
InputStream in = get.getResponseBodyAsStream();
SAXReader reader = new SAXReader();
Document doc = reader.read(in);
} finally {
// Release the http connection
get.releaseConnection();
}

以上代碼在通過普通的http協議是沒有問題的，但如果是https協議的話，就會有證書文件的要求了。一般情況下，是這樣去做的。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=https://www.xxx.com/xxx;

if (url.startsWith("https:")) {
System.setProperty("javax.net.ssl.trustStore", "/.sis.cer");
System.setProperty("javax.net.ssl.trustStorePassword", "public");
}

於是，這里就需要事先生成一個.sis.cer的文件，生成這個文件的方法一般是先通過瀏覽器訪問https://，導出證書文件，再用JAVA keytool command 生成證書

# $JAVA_HOME/bin/keytool -import -file sis.cer -keystore .sis.cer

但這樣做，一比較麻煩，二來證書也有有效期，過了有效期之後，又需要重新生成一次證書。如果能夠避開生成證書文件的方式來使用https的話，就比較好了。

還好，在最近的項目里，我們終於找到了方法。

// Init a HttpClient
HttpClient client = new HttpClient();
String url=https://www.xxx.com/xxx;

if (url.startsWith("https:")) {
this.supportSSL(url, client);
}

用到了supportSSL(url, client)這個方法，看看這個方法是如何實現的。

private void supportSSL(String url, HttpClient client) {
if(StringUtils.isBlank(url)) {
return;
}
String siteUrl = StringUtils.lowerCase(url);
if (!(siteUrl.startsWith("https"))) {
return;
}

try {
setSSLProtocol(siteUrl, client);
} catch (Exception e) {
logger.error("setProtocol error ", e);
}
Security.setProperty( "ssl.SocketFactory.provider",
"com.tool.util.DummySSLSocketFactory");
}

private static void setSSLProtocol(String strUrl, HttpClient client) throws Exception {

URL url = new URL(strUrl);
String host = url.getHost();
int port = url.getPort();

if (port <= 0) {
port = 443;
}
ProtocolSocketFactory factory = new SSLSocketFactory();
Protocol authhttps = new Protocol("https", factory, port);
Protocol.registerProtocol("https", authhttps);
// set https protocol
client.getHostConfiguration().setHost(host, port, authhttps);
}

在supportSSL方法里，調用了Security.setProperty( "ssl.SocketFactory.provider",
"com.tool.util.DummySSLSocketFactory");
那麼這個com.tool.util.DummySSLSocketFactory是這樣的：
訪問https 資源時,讓httpclient接受所有ssl證書,在weblogic等容器中很有用
代碼如下:
1. import java.io.IOException;
2. import java.net.InetAddress;
3. import java.net.InetSocketAddress;
4. import java.net.Socket;
5. import java.net.SocketAddress;
6. import java.net.UnknownHostException;
7. import java.security.KeyManagementException;
8. import java.security.NoSuchAlgorithmException;
9. import java.security.cert.CertificateException;
10. import java.security.cert.X509Certificate;
11.
12. import javax.net.SocketFactory;
13. import javax.net.ssl.SSLContext;
14. import javax.net.ssl.TrustManager;
15. import javax.net.ssl.X509TrustManager;
16.
17. import org.apache.commons.httpclient.ConnectTimeoutException;
18. import org.apache.commons.httpclient.params.HttpConnectionParams;
19. import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
20.
21. public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {
22. static{
23. System.out.println(">>>>in MySecureProtocolSocketFactory>>");
24. }
25. private SSLContext sslcontext = null;
26.
27. private SSLContext createSSLContext() {
28. SSLContext sslcontext=null;
29. try {
30. sslcontext = SSLContext.getInstance("SSL");
31. sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
32. } catch (NoSuchAlgorithmException e) {
33. e.printStackTrace();
34. } catch (KeyManagementException e) {
35. e.printStackTrace();
36. }
37. return sslcontext;
38. }
39.
40. private SSLContext getSSLContext() {
41. if (this.sslcontext == null) {
42. this.sslcontext = createSSLContext();
43. }
44. return this.sslcontext;
45. }
46.
47. public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
48. throws IOException, UnknownHostException {
49. return getSSLContext().getSocketFactory().createSocket(
50. socket,
51. host,
52. port,
53. autoClose
54. );
55. }
56.
57. public Socket createSocket(String host, int port) throws IOException,
58. UnknownHostException {
59. return getSSLContext().getSocketFactory().createSocket(
60. host,
61. port
62. );
63. }
64.
65.
66. public Socket createSocket(String host, int port, InetAddress clientHost, int clientPort)
67. throws IOException, UnknownHostException {
68. return getSSLContext().getSocketFactory().createSocket(host, port, clientHost, clientPort);
69. }
70.
71. public Socket createSocket(String host, int port, InetAddress localAddress,
72. int localPort, HttpConnectionParams params) throws IOException,
73. UnknownHostException, ConnectTimeoutException {
74. if (params == null) {
75. throw new IllegalArgumentException("Parameters may not be null");
76. }
77. int timeout = params.getConnectionTimeout();
78. SocketFactory socketfactory = getSSLContext().getSocketFactory();
79. if (timeout == 0) {
80. return socketfactory.createSocket(host, port, localAddress, localPort);
81. } else {
82. Socket socket = socketfactory.createSocket();
83. SocketAddress localaddr = new InetSocketAddress(localAddress, localPort);
84. SocketAddress remoteaddr = new InetSocketAddress(host, port);
85. socket.bind(localaddr);
86. socket.connect(remoteaddr, timeout);
87. return socket;
88. }
89. }
90.
91. //自定義私有類
92. private static class TrustAnyTrustManager implements X509TrustManager {
93.
94. public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
95. }
96.
97. public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
98. }
99.
100. public X509Certificate[] getAcceptedIssuers() {
101. return new X509Certificate[]{};
102. }
103. }
104.
105. }

public class MySecureProtocolSocketFactory implements SecureProtocolSocketFactory {
static{
System.out.println(">>>>in MySecureProtocolSocketFactory>>");
}
private SSLContext sslcontext = null;

private SSLContext createSSLContext() {
SSLContext sslcontext=null;
try {
sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, new TrustManager[]{new TrustAnyTrustManager()}, new java.security.SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return sslcontext;
}

private SSLContext getSSLContext() {
if (this.sslcontext == null) {
this.sslcontext = createSSLContext();
}
return this.sslcontext;
}

public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
throws IOException, UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
socket,
host,
port,
autoClose
);
}

public Socket createSocket(String host, int port) throws IOException,
UnknownHostException {
return getSSLContext().getSocketFactory().createSocket(
host,
port

然後按如下方式使用HttpClient
Protocol myhttps = new Protocol("https", new MySecureProtocolSocketFactory (), 443);
Protocol.registerProtocol("https", myhttps);
HttpClient httpclient=new HttpClient();

㈦ 怎麼給httpclient 配置https證書

你那個 SSLSocketFactory(ks) 是自己的類？

你有用過 KeyManager.init (...)? 和 TrustManager.init(...) ?

想要在連接建立過程上互動式的彈出確認對話框專來的話需要我們自屬己提供一個 KeyManager 和 TrustManager 的實現類，這有點復雜，你可以看一個 Sun 的 X509KeyManager 是怎麼做的，默認地情況下它是從自動搜索匹配的 subject ，我們需要用自己提供的方式彈出確認的過程還不是全自動，另外一個賬戶可能有多個數字證書，比如支付寶我們就有多個簽發時間不一樣的數字證書，在連接建立時 IE 會提示我們選擇其中的一個來使用，銀行的 U 盾在安裝多張數字證書時也會提示我們選擇其中一個對應到你正在使用的銀行卡號的那張證書。

㈧ httpclient 支持https嗎

直接上代碼，做一個創建client的工具類
public static CloseableHttpClient createSSLClientDefault(){
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
//信任所有
public boolean isTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();

} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
return HttpClients.createDefault();
}

下面就可以通過這個client訪問https的url地址

關鍵代碼：
//上面的工具類
CloseableHttpClient httpClient = HttpClientUtil.createSSLClientDefault();
HttpGet get = new HttpGet();
get.setURI(new URI("你的https://地址"));
httpClient.execute(get）
//...........後續操作

㈨ httpclient4.3 http和https有什麼差別

HTTPS和HTTP的區別
1、HTTPS是加密傳輸協議，HTTP是名文傳輸協議;
2、HTTPS需要用到WoSign等CA簽發的SSL證書，而HTTP不用;
3、HTTPS比HTTP更加安全，對搜索引擎更友好，利於SEO；
4、 HTTPS標准埠443，HTTP標准埠80;
5、 HTTPS基於傳輸層，HTTP基於應用層;
6、 HTTPS在瀏覽器顯示綠色安全鎖，HTTP沒有顯示;