轻松把玩HttpClient之配置ssl，采用绕过证书验证实现https

上篇文章说道httpclient不能直接访问https的资源，这次就来模拟一下环境，然后配置https测试一下。在前面的文章中，分享了一篇自己生成并在tomcat中配置ssl的文章《Tomcat配置SSL》，大家可以据此来在本地配置https。我已经配置好了，效果是这样滴：

可以看到已经信任该证书（显示浅绿色小锁），浏览器可以正常访问。现在我们用代码测试一下：

public static void main(String[] args) throws ParseException, IOException, KeyManagementException, NoSuchAlgorithmException, HttpProcessException {
    String url = "https://sso.tgb.com:8443/cas/login";
    String body = send(url, null, "utf-8");
    System.out.println("交易响应结果：");
    System.out.println(body);
    System.out.println("-----------------------------------");
}

发现抛出了异常，我知道的有两种方案（也许还有我不知道的方案），这里介绍第一种方案，也是用的比较多的方案——绕过证书验证。直接看代码吧：

/**
 * 绕过验证
 *
 * @return
 * @throws NoSuchAlgorithmException
 * @throws KeyManagementException
 */
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
    SSLContext sc = SSLContext.getInstance("SSLv3");

    // 实现一个X509TrustManager接口，用于绕过验证，不用修改里面的方法
    X509TrustManager trustManager = new X509TrustManager() {
        @Override
        public void checkClientTrusted(
                java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                String paramString) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(
                java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                String paramString) throws CertificateException {
        }

        @Override
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }
    };

    sc.init(null, new TrustManager[] { trustManager }, null);
    return sc;
}

然后修改原来的send方法：

/**
 * 模拟请求
 *
 * @param url       资源地址
 * @param map   参数列表
 * @param encoding  编码
 * @return
 * @throws NoSuchAlgorithmException
 * @throws KeyManagementException
 * @throws IOException
 * @throws ClientProtocolException
 */
public static String send(String url, Map<String,String> map,String encoding) throws KeyManagementException, NoSuchAlgorithmException, ClientProtocolException, IOException {
    String body = "";
    //采用绕过验证的方式处理https请求
    SSLContext sslcontext = createIgnoreVerifySSL();

       // 设置协议http和https对应的处理socket链接工厂的对象
       Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
           .register("http", PlainConnectionSocketFactory.INSTANCE)
           .register("https", new SSLConnectionSocketFactory(sslcontext))
           .build();
       PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
       HttpClients.custom().setConnectionManager(connManager);

       //创建自定义的httpclient对象
    CloseableHttpClient client = HttpClients.custom().setConnectionManager(connManager).build();
/       CloseableHttpClient client = HttpClients.createDefault();

    //创建post方式请求对象
    HttpPost httpPost = new HttpPost(url);

    //装填参数
    List<NameValuePair> nvps = new ArrayList<NameValuePair>();
    if(map!=null){
        for (Entry<String, String> entry : map.entrySet()) {
            nvps.add(new BasicNameValuePair(entry.getKey(), entry.getValue()));
        }
    }
    //设置参数到请求对象中
    httpPost.setEntity(new UrlEncodedFormEntity(nvps, encoding));

    System.out.println("请求地址："+url);
    System.out.println("请求参数："+nvps.toString());

    //设置header信息
    //指定报文头【Content-type】、【User-Agent】
    httpPost.setHeader("Content-type", "application/x-www-form-urlencoded");
    httpPost.setHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)");

    //执行请求操作，并拿到结果（同步阻塞）
    CloseableHttpResponse response = client.execute(httpPost);
    //获取结果实体
    HttpEntity entity = response.getEntity();
    if (entity != null) {
        //按指定编码转换结果实体为String类型
        body = EntityUtils.toString(entity, encoding);
    }
    EntityUtils.consume(entity);
    //释放链接
    response.close();
       return body;
}

现在再进行测试，发现果然通了。

下篇介绍另一种方案，应对自己生成的证书，敬请期待。

转自 http://blog.csdn.net/xiaoxian8023