使用安全套接字层,您可以在客户端和
服务器之间建立安全连接.它有助于保护敏感信息,如信用卡号,用户名,密码,别针等.
您可以使用 HttpClient创建自己的SSL上下文,使连接更安全/b>库.
按照以下步骤使用HttpClient库自定义SSLContext :
SSLContextBuilder 是SSLContext对象的构建器.使用 SSLContexts 类的 custom()方法创建其对象.
//Creating SSLContextBuilder object SSLContextBuilder SSLBuilder = SSLContexts.custom();
在路径 Java_home_directory/jre/lib/security/,你可以找到一个名为cacerts的文件.将其保存为密钥库文件(扩展名为.jks).使用 SSLContextBuilder 类的 loadTrustMaterial()方法加载密钥库文件及其密码(默认为 changeit ).
//Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file, "changeit".toCharArray());SSLContext对象表示安全套接字协议实现.使用 build()方法构建SSLContext.
//Building the SSLContext SSLContext sslContext = SSLBuilder.build();
SSLConnectionSocketFactory 是TSL的分层套接字工厂和SSL连接.使用此方法,您可以使用受信任证书列表验证Https服务器并验证给定的Https服务器.
您可以通过多种方式创建它.根据您创建 SSLConnectionSocketFactory 对象的方式,您可以允许所有主机,仅允许自签名
证书,仅允许特定协议等.
仅允许特定协议,通过传递SSLContext对象创建 SSLConnectionSocketFactory 对象,表示需要支持的协议的字符串数组,表示密码套件的字符串数组需要支持和一个HostnameVerifier对象到它的构造函数.
new SSLConnectionSocketFactory(sslcontext, new String[]{"TLSv1"}, null,
SSLConnectionSocketFactory.getDefaultHostnameVerifier());要允许所有主机,通过传递SSLContext对象和来创建 SSLConnectionSocketFactory 对象NoopHostnameVerifier 对象.
//Creating SSLConnectionSocketFactory SSLConnectionSocketFactory object SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
使用 custom()创建HttpClientBuilder对象 HttpClients 类的方法.
//Creating HttpClientBuilder HttpClientBuilder clientbuilder = HttpClients.custom();
将SSLConnectionSocketFactory对象设置为 HttpClientBuilder 使用 setSSLSocketFactory()方法.
//Setting the SSLConnectionSocketFactory clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
通过调用构建 CloseableHttpClient 对象 build()方法.
//Building the CloseableHttpClient CloseableHttpClient httpclient = clientbuilder.build();
HttpGet 类表示HTTP GET请求使用URI检索给定服务器的
的信息.
通过传递表示URI的字符串来实例化HttpGet类来创建HTTP GET请求.
//Creating the HttpGet request
HttpGet httpget = new HttpGet("https://example.com/");使用执行()执行请求方法.
//Executing the request HttpResponse httpresponse = httpclient.execute(httpget);
以下示例演示了SSLContrext :
import java.io.File;
import javax.net.ssl.SSLContext;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.util.EntityUtils;
public class ClientCustomSSL {
public final static void main(String[] args) throws Exception {
//Creating SSLContextBuilder object
SSLContextBuilder SSLBuilder = SSLContexts.custom();
//Loading the Keystore file
File file = new File("mykeystore.jks");
SSLBuilder = SSLBuilder.loadTrustMaterial(file,
"changeit".toCharArray());
//Building the SSLContext usiong the build() method
SSLContext sslcontext = SSLBuilder.build();
//Creating SSLConnectionSocketFactory object
SSLConnectionSocketFactory sslConSocFactory = new SSLConnectionSocketFactory(sslcontext, new NoopHostnameVerifier());
//Creating HttpClientBuilder
HttpClientBuilder clientbuilder = HttpClients.custom();
//Setting the SSLConnectionSocketFactory
clientbuilder = clientbuilder.setSSLSocketFactory(sslConSocFactory);
//Building the CloseableHttpClient
CloseableHttpClient httpclient = clientbuilder.build();
//Creating the HttpGet request
HttpGet httpget = new HttpGet("https://example.com/");
//Executing the request
HttpResponse httpresponse = httpclient.execute(httpget);
//printing the status line
System.out.println(httpresponse.getStatusLine());
//Retrieving the HttpEntity and displaying the no.of bytes read
HttpEntity entity = httpresponse.getEntity();
if (entity != null) {
System.out.println(EntityUtils.toByteArray(entity).length);
}
}输出结果:
HTTP/1.1 200 OK 1270
