package com.gcno93.tls.nettyssl;
import javax.net.ssl.*;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.MalformedURLException;
import java.net.Socket;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
public class HttpsURLConnectionUtil {
public static String sentRequest(String path, HttpMethod method, Map properties,Map params) {
HttpsURLConnection connection = null;
StringBuffer buffer = new StringBuffer();
try{
//信任策略,我自己实现的策略,无需验证服务器的ssl证书
TrustManager[] tm = {new NonValidationVerX509TrustManager()};
//getInstance的第一个参数,具体查看https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#SSLContext
SSLContext sslContext = SSLContext.getInstance("SSL");
//第一个参数:密码仓库,我不需要验证证书,所以不需要,设置为空
//第二个参数:信任策略,传我自己的
//第三个参数:随机数
sslContext.init(null, tm, new SecureRandom());
//创建socket工厂
SSLSocketFactory socketFactory = sslContext.getSocketFactory();
//创建访问的url
URL url = new URL(path);
//获取HttpsURLConnection对象
connection = (HttpsURLConnection) url.openConnection();
//设置socket工厂
connection.setSSLSocketFactory(socketFactory);
//设置请求方式
connection.setRequestMethod(method.toString());
connection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
//设置Property
HttpsURLConnection finalConnection = connection;
if(properties!=null){
for (Map.Entry entry : properties.entrySet()) {
connection.setRequestProperty(entry.getKey(),entry.getValue());
}
}
//设置请求参数
if(params!=null){
try(final OutputStreamWriter outputStream = new OutputStreamWriter(connection.getOutputStream());){
StringBuilder param = new StringBuilder();
for (Map.Entry entry : params.entrySet()) {
if (param.length() > 0) {
param.append("&");
}
param.append(entry.getKey());
param.append("=");
param.append(entry.getValue());
}
System.out.println("param:" + param.toString());
outputStream.write(param.toString());
}
}
//处理结果
if(connection.getResponseCode()==200){
try(InputStream inputStream = connection.getInputStream();){
final byte[] buf = new byte[1024];
int len = 0;
while ((len =inputStream.read(buf) )!=-1){
buffer.append(new String(buf,0,len, StandardCharsets.UTF_8));
}
}
}
} catch (MalformedURLException | NoSuchAlgorithmException | KeyManagementException e) {
throw new RuntimeException("HttpsURLConnection 的SSL 配置异常"+e);
} catch (IOException ioEx) {
throw new RuntimeException("请求失败,原因:"+ ioEx);
} finally {
//关闭资源
if(connection!=null){
connection.disconnect();
}
}
return buffer.toString();
}
public static void main(String[] args)throws Exception{
final String s = HttpsURLConnectionUtil.sentRequest("https://blog.csdn.net/gcno93/article/details/122448520", HttpMethod.GET, null, null);
System.out.println(s);
}
//请求类型 post/get
public static enum HttpMethod{
GET,POST;
}
public static class NonValidationVerX509TrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
System.out.println("不需要验证");
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
}
1.发现的问题
网上很多人多是 implements X509TrustManager,它最终会被包装成AbstractTrustManagerWrapper,我本地测试时,发现还是无法访问javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present,查看源码发现AbstractTrustManagerWrapper走的是
多了一个验证,这个验证好像是验证主机名等一些额外的验证,所以无法通过
后来我发现
继承这个X509ExtendedTrustManager类就可以了
2.你也可以 implements X509TrustManager,上面的代码就是这种
只要添加这个就好
connection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
3.为什么添加这个就可以呢?我看了一下源码总结出来的类图
