Apache Httpclient 简明教程
Apache HttpClient - Custom SSL Context
使用安全套接层,您可以在客户端和服务器之间建立安全连接。它有助于保护敏感信息,如信用卡号、用户名、密码、pin 码等。
您可以使用 HttpClient 库创建自己的 SSL 上下文,以使连接更安全。
按照以下步骤使用 HttpClient 库自定义 SSLContext:
Step 1 - Create SSLContextBuilder object
SSLContextBuilder 是 SSLContext 对象的构建器。使用 SSLContexts 类的 custom() 方法创建该对象的实例。
//Creating SSLContextBuilder object
SSLContextBuilder SSLBuilder = SSLContexts.custom();
Step 2 - Load the Keystore
在路径 Java_home_directory/jre/lib/security/ 中,你可以找到一个名为 cacerts 的文件。将其保存为你的密钥存储文件(扩展名为 .jks)。使用 SSLContextBuilder 类的 loadTrustMaterial() 方法加载密钥存储文件及其密码(默认情况下密码为 changeit )。
//Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file, "changeit".toCharArray());
Step 3 - build an SSLContext object
SSLContext 对象表示安全套接字协议的实现。使用 build() 方法构建一个 SSLContext。
//Building the SSLContext
SSLContext sslContext = SSLBuilder.build();
Step 4 - Creating SSLConnectionSocketFactory object
SSLConnectionSocketFactory 是 TSL 和 SSL 连接的分层套接字工厂。使用它,你可以使用受信任的证书列表验证 Https 服务器并对给定的 Https 服务器进行身份验证。
你可以通过很多方法创建它。根据创建 SSLConnectionSocketFactory 对象的方式,你可以允许所有主机、仅允许自签名证书、仅允许特定协议等。
To allow only particular protocols ,通过向其构造函数传递 SSLContext 对象、表示需要支持的协议的字符串数组、表示需要支持的密码套件的字符串数组和一个 HostnameVerifier 对象来创建 SSLConnectionSocketFactory 对象。
new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1"}, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());
To allow all hosts, 通过传递 SSLContext 对象和 NoopHostnameVerifier 对象来创建 SSLConnectionSocketFactory 对象。
//Creating SSLConnectionSocketFactory SSLConnectionSocketFactory object
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
Step 5 - Create an HttpClientBuilder object
使用 HttpClients 类的 custom() 方法创建一个 HttpClientBuilder 对象。
//Creating HttpClientBuilder
HttpClientBuilder clientbuilder = HttpClients.custom();
Step 6 - Set the SSLConnectionSocketFactory object
使用 setSSLSocketFactory() 方法将 SSLConnectionSocketFactory 对象设置为 HttpClientBuilder 。
//Setting the SSLConnectionSocketFactory
clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
Step 7 - Build the CloseableHttpClient object
通过调用`@ {s9}`方法来构建`@ {s8}`对象。
//Building the CloseableHttpClient
CloseableHttpClient httpclient = clientbuilder.build();
Step 8 - Create an HttpGet object
HttpGet 类表示使用 URI 检索给定服务器信息的 HTTP GET 请求。
通过实例化 HttpGet 类来创建 HTTP GET 请求,并传入一个表示 URI 的字符串。
//Creating the HttpGet request
HttpGet httpget = new HttpGet("https://example.com/");
Step 9 - Execute the request
使用 execute() 方法执行请求。
//Executing the request
HttpResponse httpresponse = httpclient.execute(httpget);
Example
以下示例演示了 SSLContrext 的自定义:
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class ClientCustomSSL {
public final static void main(String[] args) throws Exception {
//Creating SSLContextBuilder object
SSLContextBuilder SSLBuilder = SSLContexts.custom();
//Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file,
"changeit".toCharArray());
//Building the SSLContext usiong the build() method
SSLContext sslcontext = SSLBuilder.build();
//Creating SSLConnectionSocketFactory object
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
//Creating HttpClientBuilder
HttpClientBuilder clientbuilder = HttpClients.custom();
//Setting the SSLConnectionSocketFactory
clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
//Building the CloseableHttpClient
CloseableHttpClient httpclient = clientbuilder.build();
//Creating the HttpGet request
HttpGet httpget = new HttpGet("https://example.com/");
//Executing the request
HttpResponse httpresponse = httpclient.execute(httpget);
//printing the status line
System.out.println(httpresponse.getStatusLine());
//Retrieving the HttpEntity and displaying the no.of bytes read
HttpEntity entity = httpresponse.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toByteArray(entity).length);
}
}
}