首页 > 编程语言 >程序引用信任库方式发起https请求

程序引用信任库方式发起https请求

时间:2022-10-29 11:00:08浏览次数:68  
标签:10 39 http 请求 引用 https apache org main

一、前言

OS:Windows10 64

Tomcat:Tomcat 7.0

证书格式:.jks格式证书,因为该示例为tomcat方式

 

二、Tomcat相关配置

1、首先你的应用服务器是tomcat的话,需要使用jks证书,没有可以自签证书。自签证书方式可参考【Windows下自签jks格式证书】。

 

2、在tomcat目录下新建【cert】目录,将.jks格式证书放在该文件夹下(此步操作的目的是为了方便单应用服务情况下,证书管理的方便)。

 

3、配置【server.xml】,在该配置文件中添加如下配置信息:

<Connector port="设置https访问端口,默认443,可自定义"
               protocol="org.apache.coyote.http11.Http11Protocol"
               SSLEnabled="true"
               scheme="https"
               secure="true"
               keystoreFile="jks文件的存放全路径"
               keystorePass="证书密码"
               clientAuth="false"
               SSLProtocol="TLSv1.1+TLSv1.2+TLSv1.3"
               ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256"/>

 

4、启动tomcat服务。

 

三、HTTPS访问程序及程序请求发起

1、没有引用证书信任库,直接发起https请求,会报如下错误信息:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
    at com.example.utils.RequestUtil.sendPost(RequestUtil.java:32)
    at com.example.utils.RequestUtil.main(RequestUtil.java:24)

 

2、导入证信任,并查看证书导入的是否正确(通过证书指纹对比校验证书是否导入正确)。

# 导入.crt或者.cer证书到信任文件中,统一管理
命令:keytool -import -alias ca_cert_test -file cert.crt -keystore cacerts.truststore
输出:输入密钥库口令:
再次输入新口令:
所有者: OU=HangZhou, L=HangZhou, ST=ZheJiang, C=CN
发布者: OU=HangZhou, L=HangZhou, ST=ZheJiang, C=CN
序列号: 4af0e8374167c39db8e3a09bd8990fb56cafca0
有效期开始日期: Fri Oct 28 19:58:48 CST 2022, 截止日期: Sun Nov 27 19:58:48 CST 2022
证书指纹:
         MD5: 66:C7:F4:7E:A2:F8:7E:D1:59:FC:7C:CD:73:E5:18:D7
         SHA1: 99:3D:83:1F:0B:DA:E9:9A:51:78:21:A6:C9:51:72:A4:2F:58:C2:18
         SHA256: 34:41:08:54:7B:A1:96:17:DE:67:26:56:88:ED:39:84:1F:E0:0E:DA:04:40:6A:D4:B3:48:13:D1:0D:34:16:DB
         签名算法名称: SHA256withRSA
         版本: 3

扩展:

#1: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#2: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
]

#3: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  IPAddress: 192.168.1.102
]

是否信任此证书? [否]:  y
证书已添加到密钥库中

#查看导入的证书信息是否正确
命令:keytool -list -keystore cacerts.truststore -storepass 密码
输出:

密钥库类型: JKS
密钥库提供方: SUN


您的密钥库包含 1 个条目


ca_cert_test, 2022-10-29, trustedCertEntry,
证书指纹 (SHA1): 99:3D:83:1F:0B:DA:E9:9A:51:78:21:A6:C9:51:72:A4:2F:58:C2:18



 

 

 

3、请求程序引用配置好的信任库文件,然后进行https请求,操作如下:

# 请求程序
private static final String TRUSTSTORE_PATH="证书信任文件的全路径";
    private static final String TRUSTSTORE_PWD="密码";

    public static void main(String[] args) throws Exception {
        String url="https://192.168.1.102:8099/tt/test";
        String params="{\"测试\":\"测试tt\"}";
        sendPost(url,params);
    }

    public static void sendPost(String url,String params) throws Exception{
        System.setProperty("javax.net.ssl.trustStore",TRUSTSTORE_PATH);
        System.setProperty("javax.net.ssl.trustStorePassword",TRUSTSTORE_PWD);
        CloseableHttpClient client= HttpClients.createDefault();
        HttpPost post=new HttpPost(url);
        StringEntity entity=new StringEntity(params,"UTF-8");
        post.setEntity(entity);
        CloseableHttpResponse response=client.execute(post);
        if(response.getStatusLine().getStatusCode()==200){
            String body= EntityUtils.toString(response.getEntity());
            System.err.println("请求响应的响应体内容:"+body);
        }
    }
10:39:00.512 [main] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
10:39:00.537 [main] DEBUG org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
10:39:00.541 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://192.168.1.102:8099][total kept alive: 0; route allocated: 0 of 2; total allocated: 0 of 20]
10:39:00.578 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 0][route: {s}->https://192.168.1.102:8099][total kept alive: 0; route allocated: 1 of 2; total allocated: 1 of 20]
10:39:00.582 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://192.168.1.102:8099
10:39:00.590 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to /192.168.1.102:8099
10:39:00.590 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to /192.168.1.102:8099 with timeout 0
10:39:00.622 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
10:39:00.622 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
10:39:00.623 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
10:39:00.716 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
10:39:00.716 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
10:39:00.716 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
10:39:00.717 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: OU=HangZhou, L=HangZhou, ST=ZheJiang, C=CN
10:39:00.717 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [192.168.1.102]
10:39:00.717 [main] DEBUG org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: OU=HangZhou, L=HangZhou, ST=ZheJiang, C=CN
10:39:00.722 [main] DEBUG org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 192.168.1.102:59949<->192.168.1.102:8099
10:39:00.722 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request POST /tt/test HTTP/1.1
10:39:00.723 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
10:39:00.724 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> POST /tt/test HTTP/1.1
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Length: 21
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Content-Type: text/plain; charset=UTF-8
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Host: 192.168.1.102:8099
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Connection: Keep-Alive
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_131)
10:39:00.726 [main] DEBUG org.apache.http.headers - http-outgoing-0 >> Accept-Encoding: gzip,deflate
10:39:00.726 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "POST /tt/test HTTP/1.1[\r][\n]"
10:39:00.726 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Length: 21[\r][\n]"
10:39:00.726 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Content-Type: text/plain; charset=UTF-8[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Host: 192.168.1.102:8099[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_131)[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "[\r][\n]"
10:39:00.727 [main] DEBUG org.apache.http.wire - http-outgoing-0 >> "{"[0xe6][0xb5][0x8b][0xe8][0xaf][0x95]":"[0xe6][0xb5][0x8b][0xe8][0xaf][0x95]tt"}"
10:39:00.735 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "HTTP/1.1 200 OK[\r][\n]"
10:39:00.735 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
10:39:00.735 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Content-Length: 0[\r][\n]"
10:39:00.735 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "Date: Sat, 29 Oct 2022 02:39:00 GMT[\r][\n]"
10:39:00.735 [main] DEBUG org.apache.http.wire - http-outgoing-0 << "[\r][\n]"
10:39:00.742 [main] DEBUG org.apache.http.headers - http-outgoing-0 << HTTP/1.1 200 OK
10:39:00.742 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Server: Apache-Coyote/1.1
10:39:00.742 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Content-Length: 0
10:39:00.743 [main] DEBUG org.apache.http.headers - http-outgoing-0 << Date: Sat, 29 Oct 2022 02:39:00 GMT
10:39:00.753 [main] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
10:39:00.754 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 0][route: {s}->https://192.168.1.102:8099] can be kept alive indefinitely
10:39:00.754 [main] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-0: set socket timeout to 0
10:39:00.754 [main] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 0][route: {s}->https://192.168.1.102:8099][total kept alive: 1; route allocated: 1 of 2; total allocated: 1 of 20]
请求响应的响应体内容:
Disconnected from the target VM, address: '127.0.0.1:59939', transport: 'socket'

Process finished with exit code 0

 

 

四、友情提示

1、keytool命令为jdk自带命令,jdk配置好全局变量即可。

标签:10,39,http,请求,引用,https,apache,org,main
From: https://www.cnblogs.com/lightbc/p/16834119.html

相关文章