java 主动信任证书

SSLContext sslcontext = SSLContexts.custom().loadKeyMaterial(keyStore, mid.toCharArray()).loadTrustMaterial(keyStore, new TrustStrategy() {
// 信任所有
public boolean isTrusted(java.security.cert.X509Certificate[] chain, String authType) {
return true;
}
}).build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext, new String[] { "TLSv1" },
null, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

包: https://files.cnblogs.com/files/xiluhua/httpclient-4.3.3.zip

完整代码:

package com.taiping.dianshang.payment.service.wechat.fromWechat;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map; import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.springframework.stereotype.Component; import com.taiping.dianshang.constant.ConstantTool;
import com.taiping.facility.cache.container.CacheContainer;
import com.taiping.facility.tool.FileStreamTool;
import com.taiping.facility.tool.LogTool;
import com.taiping.facility.tool.MapTool;
import com.taiping.facility.tool.PropertyFileTool; /**
*
* @author xilh
* @since 20200409
*/
@Component
public class HttpclientImpl_ssl { /**
* @author xilh
* @since 20200324
*/
@SuppressWarnings({ "unchecked", "deprecation" })
public String post(String url, Object obj, Map<String, Object> httpclientParams) throws Exception {
HttpPost httpPost = null;
String responseMsg = null;
Map<String, Object> map = (Map<String, Object>)obj;
String trans = MapTool.getStringFromMap(map, "trans");
String packet = MapTool.getStringFromMap(map, "packet"); DefaultHttpClient httpclient = new DefaultHttpClient();
// 代理的设置
String value = CacheContainer.getSystemParameterValue("internet.proxy");
if (LogTool.isLocal) {
value = PropertyFileTool.get("internet.proxy");
}
LogTool.info(this.getClass(), trans+", proxy: "+value);
String[] arr = value.split(":");
HttpHost proxy = new HttpHost(arr[0], Integer.valueOf(arr[1]));
httpclient.getParams().setParameter(ConnRoutePNames.DEFAULT_PROXY, proxy); try {
// Secure Protocol implementation.
SSLContext ctx = SSLContext.getInstance("TLS");
// Implementation of a trust manager for X509 certificates
X509TrustManager tm = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] xcs, String string) throws CertificateException {
} public void checkServerTrusted(X509Certificate[] xcs, String string) throws CertificateException {
} public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = httpclient.getConnectionManager();
// register https protocol in httpclient's scheme registry
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
httpclient = new DefaultHttpClient(ccm, httpclient.getParams());
// String auth = CacheContainer.getSysParamValue("authorization.token.18", true);
// appKey :"TPJJ" appSecret: "yMJlPH9RnjxpqhyysxaIXYT82U1Sh32q"
//装配post请求参数
httpPost = new HttpPost(url);
httpPost.setHeader("Content-Type","application/json;charset=UTF-8");
// List<BasicNameValuePair> list = new ArrayList<BasicNameValuePair>();
// list.add(new BasicNameValuePair("appKey", "TPJJ"));
// list.add(new BasicNameValuePair("appSecret", "yMJlPH9RnjxpqhyysxaIXYT82U1Sh32q"));
// list.add(new BasicNameValuePair("tokenExpireDay", "7"));
httpPost.setEntity(new StringEntity((String)packet,"application/json", ConstantTool.UTF8));
HttpResponse response = httpclient.execute(httpPost); HttpEntity entity = response.getEntity();
byte buffer[] = FileStreamTool.read(entity.getContent());
LogTool.info(this.getClass(), trans+", buffer size: "+buffer.length);
if (buffer != null && buffer.length > 0) {
responseMsg = new String(buffer, ConstantTool.UTF8);
}
LogTool.info(this.getClass(), trans+", responseMsg: "+responseMsg);
System.out.println();
} catch (Exception e) {
LogTool.error(this.getClass(), e);
} finally{
if (httpPost != null) {
// 关闭请求
httpPost.releaseConnection();
}
} return responseMsg;
} }

  

05-20 04:07