设计方案

自建CA证书,java实现通过OkHttpClient发送htt

2021-03-08  本文已影响0人  曼昱的小蓝毛巾

1、实现步骤

1.1 环境准备

image.png image.png
<!-- 将客户端公钥导入的服务端jdk信任库 -->
keytool -import -alias sslTestClient_01 -file F:\ghj\prooooject\jar\test\client\sslTestClient_01.cer -keystore 'C:\Program Files\Java\jdk1.8.0_261\jre\lib\security\cacerts' -storepass changeit –v

<!-- 将服务端公钥导入到客户端的jdk信任库 -->
keytool -import -alias sslTestServer_01 -file F:\ghj\prooooject\jar\test\server\sslTestServer_01.cer -keystore 'C:\Program Files\Java\jdk1.8.0_261\jre\lib\security\cacerts' -storepass changeit –v

2、 代码实现


import okhttp3.Call;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

import javax.net.ssl.*;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.*;
import java.security.cert.CertificateException;

/**
 * @program: test
 * @description:
 * @author: Guanzi
 * @created: 2021/03/08 21:13
 */
public class HttpsUtils {

    private final static String TEST_URL = "https://192.168.1.127:8000/test/version";
    private final static String CLIENT_CA_PATH = "F:\\ghj\\prooooject\\jar\\test\\20210308\\180\\client\\sslTestClient_01.p12";
    private final static String KEY_STORE_TYPE = "PKCS12";
    private final static String TRUST_KEY_STORE_TYPE = "JKS";
    private final static String KEY_STORE_PWD = "test.123456";
    private final static String JRE_PATH = "C:\\Program Files\\Java\\jdk1.8.0_261\\jre\\lib\\security\\cacerts";
    private final static String DEFAULT_PWD = "changeit";

    /**
     * 初始化HTTPS实例(需要校验CA)
     */
    private static volatile OkHttpClient client;

    /**
     * ssl socket工厂(需要校验CA)
     */
    private static SSLSocketFactory sslSocketFactory = null;
    private static X509TrustManager trustManager = null;
    private static SSLContext  sslContext = null;


    public static void main(String[] args) throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        // 初始化
        httpsInit();
        // 发送请求方法1
        firstSendHttps();
        // 发送请求方法2
        // secondSendHttps();
    }

    /**
     * 方法 1
     * @return
     * @throws IOException
     */
    public static String firstSendHttps() throws IOException {
        SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext,
                SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
        try {
            HttpGet httpget = new HttpGet(TEST_URL);
            log.info("executing req:" + httpget.getRequestLine());
            CloseableHttpResponse response = httpclient.execute(httpget);
            try {
                HttpEntity entity = response.getEntity();
                if (entity != null) {
                    String res = EntityUtils.toString(entity);
                    log.info(res);
                    JSONObject datas = JSONObject.parseObject(res);
                    return datas.toJSONString();
                }
            } finally {
                response.close();
            }
        } catch (ClientProtocolException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } finally {
            httpclient.close();
        }
        return "";
    }

   /**
     * 方法 2
     * 此方法需要引入jar包。
     * <dependency>
     *   <groupId>com.squareup.okhttp3</groupId>
     *   <artifactId>okhttp</artifactId>
     *   <version>3.3.0</version>
     * </dependency>
     * @return
     * @throws IOException
     */
    public static String secondSendHttps() throws IOException {
        client = new OkHttpClient.Builder()
                .sslSocketFactory(sslSocketFactory,trustManager)
                .hostnameVerifier((String hostname, SSLSession session) -> true)
                .build();
        Request request = new Request.Builder().url(TEST_URL).build();
        Call call = client.newCall(request);
        Response response = call.execute();
        if(response.body() != null)
        {
            String result = response.body().string();
            //处理result
            log.info("okhttp req res:" + result);
            return result;
        }
        return "";
    }

    /**
     * 初始化方法。
     * @throws KeyStoreException
     * @throws IOException
     * @throws CertificateException
     * @throws NoSuchAlgorithmException
     * @throws UnrecoverableKeyException
     * @throws KeyManagementException
     */
    public static void httpsInit() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException, KeyManagementException {
        // 客户端证书类型
        KeyStore clientStore = KeyStore.getInstance(KEY_STORE_TYPE);
        // 加载客户端证书,即p12文件。
        clientStore
                .load(new FileInputStream(CLIENT_CA_PATH),
                        KEY_STORE_PWD.toCharArray());
        // 创建密钥管理工厂实例
        KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        // 初始化客户端密钥库
        kmf.init(clientStore, KEY_STORE_PWD.toCharArray());
        KeyManager[] kms = kmf.getKeyManagers();
        // 创建信任库管理工厂实例
        TrustManagerFactory tmf = TrustManagerFactory
                .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        // 信任库类型
        KeyStore trustStore = KeyStore.getInstance(TRUST_KEY_STORE_TYPE);
        // 加载信任库,即服务端公钥,jre安装目录。
        trustStore.load(new FileInputStream(JRE_PATH),
                DEFAULT_PWD.toCharArray());
        // 初始化信任库
        tmf.init(trustStore);
        TrustManager[] tms = tmf.getTrustManagers();
        // 建立连接,这里传TLS或SSL其实都可以的
        sslContext = SSLContext.getInstance("TLS");
        // 初始化SSLContext
        sslContext.init(kms, tms, new SecureRandom());
        try {
            sslSocketFactory = sslContext.getSocketFactory();
        } catch (Exception e) {
            e.printStackTrace();
        }
        trustManager = (X509TrustManager) tms[0];
        return;
    }

}

3、测试

image.png
上一篇下一篇

猜你喜欢

热点阅读