Ssl Apache HttpClient自签名证书
自签名证书是指未经证书颁发机构(CA)签名的证书。JAVA存储了大部分CA的证书(这里是jre/lib/security/cacerts),因此,如果您想使用CA签名的证书连接到https站点,则没有专门的代码。(http调用的代码相同) 所以基本上Ssl Apache HttpClient自签名证书,ssl,apache-httpclient-4.x,self-signed,Ssl,Apache Httpclient 4.x,Self Signed,自签名证书是指未经证书颁发机构(CA)签名的证书。JAVA存储了大部分CA的证书(这里是jre/lib/security/cacerts),因此,如果您想使用CA签名的证书连接到https站点,则没有专门的代码。(http调用的代码相同) 所以基本上 CloseableHttpClient httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet(https_url); httpclient.execute(h
CloseableHttpClient httpclient = HttpClients.createDefault();
HttpGet httpGet = new HttpGet(https_url);
httpclient.execute(httpGet)
-Djavax.net.ssl.trustStore=/Users/amodpandey/.keystore
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setSslcontext(SSLContexts.custom().loadTrustMaterial(new File(Thread.currentThread().getContextClassLoader().getResource("keystore").getFile())).build())
.setSSLHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
})
.build();
.setConnectionManager(connectionManager)
Files.copy(ClassLoader.getSystemResourceAsStream("keystore"), Paths.get(URI.create("file:/tmp/keystore")),
StandardCopyOption.REPLACE_EXISTING);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder
.<ConnectionSocketFactory>create()
.register(
"https",
new SSLConnectionSocketFactory(SSLContextBuilder.create()
.loadTrustMaterial(new File("/tmp/keystore")).build(),
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})).register("http", PlainConnectionSocketFactory.INSTANCE).build();
PoolingHttpClientConnectionManager connectionManager =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setConnectionManager(connectionManager)
.build();
Files.copy(ClassLoader.getsystemresourceastream(“keystore”)、path.get(URI.create(“file:/tmp/keystore”),
StandardCopyOption。替换_现有);
注册表socketFactoryRegistry=
注册表生成器
.create()
.登记(
“https”,
新的SSLConnectionSocketFactory(SSLContextBuilder.create())
.loadTrustMaterial(新文件(“/tmp/keystore”)).build(),
新主机名验证程序(){
@凌驾
公共布尔验证(字符串主机名、SSLSession会话){
返回true;
}
})).register(“http”,PlainConnectionSocketFactory.INSTANCE).build();
PoolighttpClientConnectionManager连接管理器=
新的PoollightTPClientConnectionManager(socketFactoryRegistry);
可关闭的httpClient httpClient=
HttpClientBuilder.create()
.setConnectionManager(connectionManager)
.build();
- -Djavax.net.debug=all debug选项对于查看正在使用的证书非常有用
- SSLContext使用File,如果我们计划将证书和代码打包到一个Jar中,那么我们需要创建一个文件将其传递给File对象(它不适用于Jar中的文件) Files.copy(ClassLoader.getsystemresourceastream(“keystore”)、path.get(URI.create(“file:/tmp/utskeystore”)、StandardCopyOption.REPLACE_EXISTING)
Files.copy(ClassLoader.getSystemResourceAsStream("keystore"), Paths.get(URI.create("file:/tmp/keystore")),
StandardCopyOption.REPLACE_EXISTING);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder
.<ConnectionSocketFactory>create()
.register(
"https",
new SSLConnectionSocketFactory(SSLContextBuilder.create()
.loadTrustMaterial(new File("/tmp/keystore")).build(),
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})).register("http", PlainConnectionSocketFactory.INSTANCE).build();
PoolingHttpClientConnectionManager connectionManager =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setConnectionManager(connectionManager)
.build();