首页 > 其他分享 >调用https请求,绕过证书校验;信任所有证书

调用https请求,绕过证书校验;信任所有证书

时间:2024-01-11 14:47:42浏览次数:24  
标签:http String 证书 校验 httpPost https org import public

https是http的增强版,使用了SSL/TLS证书验证;我们在请求https的过程中要在代码中设置证书的配置,以确保正常调用https。

下面是设置与调用的代码样例:

import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
import com.ylink.gjj.isp.bots.core.bank.MonyGainBusloanRepay.util.CommonUtils;
import com.ylink.gjj.isp.bots.core.bank.MonyGainBusloanRepay.util.SM2Utils;
import com.ylink.gjj.isp.bots.core.bank.MonyGainBusloanRepay.util.SM4Util;
import com.ylink.sky.cache.helper.CacheHelper;
import org.apache.http.HttpResponse;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.client.config.RequestConfig;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.HttpClientUtils;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.protocol.HTTP;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.net.ssl.*;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class HttpClientUtil {

private static final Logger LOG = LoggerFactory.getLogger(HttpClientUtil.class);

/**
* 发送https请求共用体
*/
public static final String public_key = CacheHelper.getPropsValue("botsheader", "public_key");

public static final String private_key = CacheHelper.getPropsValue("botsheader", "private_key");

public static String sendHttpsPost(String reqPath, String postData) {
LOG.info("HttpClientUtil.sendHttpsPost url="+reqPath+"postData=" + postData);
HttpResponse response = null;
String result = "0";
HttpPost httpPost = null;
try {
String time = String.valueOf(System.currentTimeMillis());
String sm4KeyBak = private_key.concat(time);
String sm4Key = CommonUtils.hashString(sm4KeyBak);
String sm4Request = SM4Util.encodeText(postData, sm4Key);
String sign = SM2Utils.sign(sm4Request, private_key);
byte[] sm4RequestBytes = sm4Request.getBytes(StandardCharsets.UTF_8);

String charsetName = "utf-8";
HttpClient httpsClient = getHttpsClient();
httpPost = new HttpPost(reqPath);
httpPost.setHeader("Accept", "application/json");
httpPost.addHeader("Content-type", "application/json;charset=UTF-8");
httpPost.addHeader("bizKey", Base64.encode(public_key.getBytes()));
httpPost.addHeader("timestamp", time);
httpPost.addHeader("sign", sign);
httpPost.setProtocolVersion(HttpVersion.HTTP_1_0);
httpPost.addHeader(HTTP.CONN_DIRECTIVE, HTTP.CONN_CLOSE);
LOG.info("HttpClientUtil.sendHttpsPost bizKey:"+Base64.encode(public_key.getBytes())+"; timestamp:"+time+"; sign"+sign+"; sm4Request"+sm4Request);
//设定请求连接超时相关
RequestConfig requestConfig = RequestConfig.custom().setConnectionRequestTimeout(10000).setSocketTimeout(60 * 1000).setConnectTimeout(10000).build();
httpPost.setConfig(requestConfig);
//添加参数
httpPost.setEntity(new StringEntity(sm4Request, Charset.forName(charsetName)));
response = httpsClient.execute(httpPost);
result = EntityUtils.toString(response.getEntity(), charsetName);
LOG.info("请求返回结果:"+ result);
if( result == null ||"".equals(result)){
result = "0";
}
// 关闭连接
} catch (Exception e) {
LOG.error("接口地址:"+reqPath + " ,IOException,异常原因: "+ e.getMessage());
LOG.error(e.getMessage());
}finally {
try {
if (response != null) {
HttpClientUtils.closeQuietly(response);
}
if (httpPost != null) {
httpPost.releaseConnection();
}
}catch (Exception e){
LOG.error("httpPostReq关闭流异常,异常原因:"+e.toString());
}
}
return result;
}


public static HttpClient getHttpsClient() {
HttpClient httpClient = null;
SSLContext context;
try {
context = SSLContext.getInstance("SSL");
context.init(null, new TrustManager[] {new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
throws CertificateException {
}

@Override
public void checkServerTrusted(X509Certificate[] paramArrayOfX509Certificate, String paramString)
throws CertificateException {
}

@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}

}}, new SecureRandom());

X509HostnameVerifier verifier = new X509HostnameVerifier() {
@Override
public void verify(String s, SSLSocket sslSocket) throws IOException {
}

@Override
public void verify(String s, X509Certificate x509Certificate) throws SSLException {
}

@Override
public void verify(String s, String[] strings, String[] strings1) throws SSLException {
}

@Override
public boolean verify(String s, SSLSession sslSession) {
return false;
}
};

SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(context,verifier);
httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
} catch (Exception e) {
LOG.error(e.getMessage());
}
return httpClient;
}

}

 

标签:http,String,证书,校验,httpPost,https,org,import,public
From: https://www.cnblogs.com/lc-66/p/17958531

相关文章

  • RestSharp Body Raw, https 支持
    publicstaticIRestResponseRestPost(stringurl,objectbodyRawObj){varrequest=newRestRequest(Method.POST);request.Timeout=30000;request.RequestFormat=DataFormat.Json;request.AddBody(bodyRawObj);//BodyRaw......
  • 北汇信息获得一汽研发总院颁发的外部实验室认可证书
    2024新年伊始,一汽研发总院在经过充分和系统性考核之后,给北汇信息颁发了外部实验室认可证书。此次是继2021年7月,北汇信息获得一汽红旗(中国一汽智能网联开发院)的“车载以太网测试认证”之后的一次重大认可项目扩项。 2023年上半年,一汽红旗再次开展了外部实验室的考核。经过严......
  • k8s集群证书过期怎么办
    记录一次集群更新证书过程,因为集群证书已经更新了,以下只记录操作过程了。参考:https://blog.csdn.net/Harry_z666/article/details/1280151751、集群情况版本:v1.23.6部署方式:kubeadm部署由于使用kubeadm部署,证书有效期为一年,到期后证书失效。2、master更新集群证书#1、ma......
  • 腾讯云如何申请免费ssl证书以及如何使用
    一、申请证书 1.登录控制台https://console.cloud.tencent.com/ssl 2.点击申请免费证书 3.填写相关信息,注意网站用什么域名就写什么不要只写一级域名 4.去域名购买服务商设置域名解析 这些内容刚才的申请后跳转的页面会有,对应填写即可稍等待一会,几秒十几秒,点击域名......
  • 在Linux中处理HTTPS请求
    随着互联网的发展,数据传输的安全性变得越来越重要。HTTPS,全称为安全超文本传输协议(HypertextTransferProtocolSecure),是互联网上应用最广泛的安全传输协议。在Linux系统中处理HTTPS请求,通常涉及到配置Web服务器软件(如Apache或Nginx)来支持SSL/TLS加密。1.安装和配置Web服务器软件......
  • 分享苹果共享证书 - 持续更新中...
     声明:所有苹果共享证书均来自网络整理共享日期:2024-01-09共享证书:ANBANGINSURANCELTD.下载地址:https://www.sharesign.cn/cert.html 共享日期:2024-01-07共享证书:VIETNAMPOSTSANDTELECOMMUNICATIONSGROUP-HOCHIMINHCITYTELECOMBRANCH下载地址:https://www.......
  • PMI-ACP敏捷证书对工作有什么帮助?项目经理必看!
    很多人拿到了PMP®证书,工作了几年后又准备去考ACP®证,ACP®证对项目管理是有什么很大的帮助嘛,要不然为啥那么多人去考呢?今天给大家简单地分析一下。  PMP®与ACP®的区别是? PMI-ACP®和PMP®都是由美国项目管理协会(PMI)发起的专业人士资格认证考试,发起的年份不一样,认证的专业也不......
  • 安全认证 | CISP证书学习需要多长时间?
    在网络信息安全这个领域,CISP证书作为国内广泛认可的专业资质,正逐渐成为信息安全从业者的必备证书。那么,CISP证书学习需要多长时间?2024年CISP报考条件以及费用又是怎样的呢?下面将为您一一解答!01CISP证书学习需要多长时间?根据相关规定,申请CISP证书的个人必须完成国家信息安全测评中......
  • Zabbix6.x监控SSL证书到期时间
    前言随着公司项目不断增多,随之开发使用的系统也越来越多,需要对域名SSL证书进行监控,以防止服务不可用。环境准备服务器:centos7.9安装依赖:yuminstallbcgccgcc-c++openssl-yzabbix:6.x脚本准备出于安全策略,服务并没有开放443端口,因此需要2个参数:域名和端口号#!/bin/shhost=......
  • adfs证书更新
    adfs更换服务通信证书1.将pfx证书安装到所有adfs服务器上,位置:证书\计算机\个人2.右击证书>所有任务>管理私钥>添加,将ADFS部署过程中添加的ADFS服账户赋权,读取权限即可查看adfs服务,可以看到所用的服务账户3.通过powershell命令设置新证书:dircert:\LocalMachine\My#获取新证书......