Java HttpClient中的SSL
我使用的是apache公共版的HttpClient api(公共HttpClient),实现起来似乎很简单。例如,以简单的方式指定代理,在读取网页内容(http或https)时没有区别 如果我将HttpClient版本升级到4.5.x,我发现很难实现同样的要求。我基本上想在代码中做一些事情 我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作Java HttpClient中的SSL,java,apache-httpclient-4.x,Java,Apache Httpclient 4.x,我使用的是apache公共版的HttpClient api(公共HttpClient),实现起来似乎很简单。例如,以简单的方式指定代理,在读取网页内容(http或https)时没有区别 如果我将HttpClient版本升级到4.5.x,我发现很难实现同样的要求。我基本上想在代码中做一些事情 我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作 First if you are consuming service
First if you are consuming service you need to ask or download ssl certificate from server, Generated certificate will not work.
After that in you https call you need to pass this certificate.
It is not recommended but you can also bypass ssl by following code snippet. Benefit of that is if in future certificate will change you don't need to change this in your client application.
private static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
// builder.sslSocketFactory(getSSLConfig(MyApplication.getAppContext()).getSocketFactory()); //commented to check ssl with certificate
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
OkHttpClient okHttpClient = builder.build();
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作
First if you are consuming service you need to ask or download ssl certificate from server, Generated certificate will not work.
After that in you https call you need to pass this certificate.
It is not recommended but you can also bypass ssl by following code snippet. Benefit of that is if in future certificate will change you don't need to change this in your client application.
private static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
// builder.sslSocketFactory(getSSLConfig(MyApplication.getAppContext()).getSocketFactory()); //commented to check ssl with certificate
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
OkHttpClient okHttpClient = builder.build();
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
为了您自己的利益,您应该知道在建立安全的出站连接时应用程序应该使用哪些信任/密钥材料。SSL工作不需要生成新的密钥库。可以简单地使用Java运行时附带的信任材料