Warning: file_get_contents(/data/phpspider/zhask/data//catemap/9/java/313.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Java HttpClient中的SSL_Java_Apache Httpclient 4.x - Fatal编程技术网
Fatal编程技术网
  • java/
  • Java HttpClient中的SSL

Java HttpClient中的SSL

java

Java HttpClient中的SSL,java,apache-httpclient-4.x,Java,Apache Httpclient 4.x,我使用的是apache公共版的HttpClient api(公共HttpClient),实现起来似乎很简单。例如,以简单的方式指定代理,在读取网页内容(http或https)时没有区别 如果我将HttpClient版本升级到4.5.x,我发现很难实现同样的要求。我基本上想在代码中做一些事情 我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作 First if you are consuming service

我使用的是apache公共版的HttpClient api(公共HttpClient),实现起来似乎很简单。例如,以简单的方式指定代理,在读取网页内容(http或https)时没有区别

如果我将HttpClient版本升级到4.5.x,我发现很难实现同样的要求。我基本上想在代码中做一些事情

我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作

First if you are consuming service you need to ask or download ssl certificate from server, Generated certificate will not work.
After that in you https call you need to pass this certificate.

It is not recommended but you can also bypass ssl by following code snippet. Benefit of that is if in future certificate will change you don't need to change this in your client application.

private static OkHttpClient getUnsafeOkHttpClient() {
        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    }
            };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
//            builder.sslSocketFactory(getSSLConfig(MyApplication.getAppContext()).getSocketFactory()); //commented to check ssl with certificate
            builder.sslSocketFactory(sslSocketFactory);
            builder.hostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });
            OkHttpClient okHttpClient = builder.build();
            return okHttpClient;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
我的问题是,在HttpClient 4.5.x的例子中,为什么我们需要SSL/KeyStore?我需要做什么来生成一个新的密钥库以使其工作

First if you are consuming service you need to ask or download ssl certificate from server, Generated certificate will not work.
After that in you https call you need to pass this certificate.

It is not recommended but you can also bypass ssl by following code snippet. Benefit of that is if in future certificate will change you don't need to change this in your client application.

private static OkHttpClient getUnsafeOkHttpClient() {
        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    }
            };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
//            builder.sslSocketFactory(getSSLConfig(MyApplication.getAppContext()).getSocketFactory()); //commented to check ssl with certificate
            builder.sslSocketFactory(sslSocketFactory);
            builder.hostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });
            OkHttpClient okHttpClient = builder.build();
            return okHttpClient;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
为了您自己的利益,您应该知道在建立安全的出站连接时应用程序应该使用哪些信任/密钥材料。SSL工作不需要生成新的密钥库。可以简单地使用Java运行时附带的信任材料