日日操夜夜添-日日操影院-日日草夜夜操-日日干干-精品一区二区三区波多野结衣-精品一区二区三区高清免费不卡

公告:魔扣目錄網為廣大站長提供免費收錄網站服務,提交前請做好本站友鏈:【 網站目錄:http://www.ylptlb.cn 】, 免友鏈快審服務(50元/站),

點擊這里在線咨詢客服
新站提交
  • 網站:51998
  • 待審:31
  • 小程序:12
  • 文章:1030137
  • 會員:747

HttpClient高級進階-SSL簡介SSLPeerUnverifiedException配置通用的SSL(HttpClient <4.3)配置通用的SSL(HttpClient 4.4及更高

發布時間:2023-07-03 02:40:36 作者:網友整理

簡介

本文將展示如何使用“全部接受”SSL支持配置Apache HttpClient 4。目標很簡單 - 使用沒有有效證書的HTTPS URL。

SSLPeerUnverifiedException

如果不使用HttpClient配置SSL ,以下測試(使用HTTPS URL)將失?。?/p> 

public class RestClientLiveManualTest {
 
 @Test(expected = SSLPeerUnverifiedException.class)
 public void test() 
 throws ClientProtocolException, IOException {
 
 CloseableHttpClient httpClient = HttpClients.createDefault();
 String urlOverHttps
 ="https://localhost:8082/httpclient-simple)";
HttpGet getMethod = new HttpGet(urlOverHttps);
 
 HttpResponse response = httpClient.execute(getMethod);
 assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
 }
}

異常報錯為:

JAVAx.net.ssl.SSLPeerUnverifiedException: peer not authenticated
 at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:397)
 at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126)
 ...


javax.net.ssl.SSLPeerUnverifiedException,該報錯產生原因,當無法有效為URL建立信任鏈的時候。

配置通用的SSL(HttpClient <4.3)

現在讓我們將HTTPClient配置為信任所有證書,無論其有效性如何:

@Test
public final void test() 
 throws GeneralSecurityException {
 HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
 CloseableHttpClient httpClient = (CloseableHttpClient) requestFactory.getHttpClient();
 
 TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
 SSLSocketFactory sf = new SSLSocketFactory(acceptingTrustStrategy, ALLOW_ALL_HOSTNAME_VERIFIER);
 httpClient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 8443, sf));
 
 ResponseEntity<String> response = new RestTemplate(requestFactory).
 exchange(urlOverHttps, HttpMethod.GET, null, String.class);
 assertThat(response.getStatusCode().value(), equalTo(200));
}

隨著acceptingTrustStrategy 配置了 true的測試通過,client能夠消費的HTTPS URL。

配置通用的SSL(HttpClient 4.4及更高版本)

使用新的HTTPClient,現在我們有了一個增強的,重新設計的默認SSL主機名驗證程序。此外,通過引入
SSLConnectionSocketFactory和RegistryBuilder,可以輕松構建SSLSocketFactory。所以我們可以編寫上面的測試用例,如:

@Test
public final void test()
 throws GeneralSecurityException {
 TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
 SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
 SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, 
 NoopHostnameVerifier.INSTANCE);
 
 Registry<ConnectionSocketFactory> socketFactoryRegistry = 
 RegistryBuilder.<ConnectionSocketFactory> create()
 .register("https", sslsf)
 .register("http", new PlainConnectionSocketFactory())
 .build();
 
 BasicHttpClientConnectionManager connectionManager = 
 new BasicHttpClientConnectionManager(socketFactoryRegistry);
 CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf)
 .setConnectionManager(connectionManager).build();
 
 HttpComponentsClientHttpRequestFactory requestFactory = 
 new HttpComponentsClientHttpRequestFactory(httpClient);
 ResponseEntity<String> response = new RestTemplate(requestFactory)
 .exchange(urlOverHttps, HttpMethod.GET, null, String.class);
 assertThat(response.getStatusCode().value(), equalTo(200));
}

使用SSL 的Spring RestTemplate(HttpClient <4.3)

現在我們已經了解了如何配置具有SSL支持的原始HttpClient,讓我們來看看更高級別的方式-Spring RestTemplate。

如果未配置SSL,則以下測試將按預期會拋異常:

@Test(expected = ResourceAccessException.class)
public void test() {
 String urlOverHttps 
 = "https://localhost:8443/httpclient-simple/api/bars/1";
 ResponseEntity<String> response 
 = new RestTemplate().exchange(urlOverHttps, HttpMethod.GET, null, String.class);
 assertThat(response.getStatusCode().value(), equalTo(200));
}

那么讓我們配置SSL:

@Test
public void test() 
 throws GeneralSecurityException {
 HttpComponentsClientHttpRequestFactory requestFactory 
 = new HttpComponentsClientHttpRequestFactory();
 DefaultHttpClient httpClient
 = (DefaultHttpClient) requestFactory.getHttpClient();
 TrustStrategy acceptingTrustStrategy = (cert, authType) -> true
 SSLSocketFactory sf = new SSLSocketFactory(
 acceptingTrustStrategy, ALLOW_ALL_HOSTNAME_VERIFIER);
 httpClient.getConnectionManager().getSchemeRegistry()
 .register(new Scheme("https", 8443, sf));
 
 String urlOverHttps ="https://localhost:8443/httpclient-simple/api/bars/1";
 ResponseEntity<String> response = new RestTemplate(requestFactory).
 exchange(urlOverHttps, HttpMethod.GET, null, String.class);
 assertThat(response.getStatusCode().value(), equalTo(200));
}

這與我們為原始HttpClient配置SSL的方式非常相似 - 我們使用SSL支持配置請求工廠,然后我們實例化通過此預配置工廠的模板。

帶有SSL 的Spring RestTemplate(HttpClient 4.4)

我們可以使用相同的方式配置我們的RestTemplate:

@Test
public void test() 
throws ClientProtocolException, IOException {
 CloseableHttpClient httpClient
 = HttpClients.custom()
 .setSSLHostnameVerifier(new NoopHostnameVerifier())
 .build();
 HttpComponentsClientHttpRequestFactory requestFactory 
 = new HttpComponentsClientHttpRequestFactory();
 requestFactory.setHttpClient(httpClient);
 
 ResponseEntity<String> response 
 = new RestTemplate(requestFactory).exchange(
 urlOverHttps, HttpMethod.GET, null, String.class);
 assertThat(response.getStatusCode().value(), equalTo(200));
}

總結

本教程討論了如何為Apache HttpClient配置SSL,以便它能夠使用任何HTTPS URL,而不管證書是什么。還說明了Spring RestTemplate的相同配置。

然而,一個重要的事情是,這種策略完全忽略了證書檢查 - 這使得它不安全,只能在有意義的地方使用。

分享到:
標簽:HttpClient
用戶無頭像

網友整理

注冊時間:

網站:5 個   小程序:0 個  文章:12 篇

  • 51998

    網站

  • 12

    小程序

  • 1030137

    文章

  • 747

    會員

趕快注冊賬號,推廣您的網站吧!
最新入駐小程序

數獨大挑戰2018-06-03

數獨一種數學游戲,玩家需要根據9

答題星2018-06-03

您可以通過答題星輕松地創建試卷

全階人生考試2018-06-03

各種考試題,題庫,初中,高中,大學四六

運動步數有氧達人2018-06-03

記錄運動步數,積累氧氣值。還可偷

每日養生app2018-06-03

每日養生,天天健康

體育訓練成績評定2018-06-03

通用課目體育訓練成績評定