摘要:序本文從里頭摘出訪問(wèn)的源碼�,展示一下怎么用去訪問(wèn)����。其中指定要不要檢驗(yàn),如果不校驗(yàn),則是使用小結(jié)使用不去驗(yàn)證����,但是可能存在風(fēng)險(xiǎn)構(gòu)造
序
本文從spring cloud netflix zuul里頭摘出httpclient訪問(wèn)https/http的源碼,展示一下怎么用httpclient去訪問(wèn)https�。
newConnectionManager
protected PoolingHttpClientConnectionManager newConnectionManager(boolean sslHostnameValidationEnabled) {
try {
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} }, new SecureRandom());
RegistryBuilder registryBuilder = RegistryBuilder
. create()
.register("http", PlainConnectionSocketFactory.INSTANCE);
if (sslHostnameValidationEnabled) {
registryBuilder.register("https",
new SSLConnectionSocketFactory(sslContext));
}
else {
registryBuilder.register("https", new SSLConnectionSocketFactory(
sslContext, NoopHostnameVerifier.INSTANCE));
}
final Registry registry = registryBuilder.build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
connectionManager
.setMaxTotal(200);
connectionManager.setDefaultMaxPerRoute(20);
return connectionManager;
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
其中sslHostnameValidationEnabled指定要不要檢驗(yàn)ssl,如果不校驗(yàn)�����,則是使用NoopHostnameVerifier
@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class NoopHostnameVerifier implements HostnameVerifier {
public static final NoopHostnameVerifier INSTANCE = new NoopHostnameVerifier();
@Override
public boolean verify(final String s, final SSLSession sslSession) {
return true;
}
@Override
public final String toString() {
return "NO_OP";
}
}
newClient
final RequestConfig requestConfig = RequestConfig.custom()
.setSocketTimeout(60000)
.setConnectTimeout(60000)
.setCookieSpec(CookieSpecs.IGNORE_COOKIES).build();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
HttpClient httpclient = httpClientBuilder.setConnectionManager(newConnectionManager(false))
.useSystemProperties().setDefaultRequestConfig(requestConfig)
.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false))
.setRedirectStrategy(new RedirectStrategy() {
@Override
public boolean isRedirected(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return false;
}
@Override
public HttpUriRequest getRedirect(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return null;
}
}).build();
request
HttpRequest httpRequest = new BasicHttpRequest("GET","/api/data");
HttpHost httpHost = new HttpHost("demo.com.cn",-1,"https");
try{
return httpClient.execute(httpHost, httpRequest);
// System.out.println(response.getEntity().getContent());
}catch (Exception e){
e.printStackTrace();
}
小結(jié)
使用NoopHostnameVerifier不去驗(yàn)證ssl�����,但是可能存在風(fēng)險(xiǎn)
構(gòu)造X509TrustManager
文章版權(quán)歸作者所有���,未經(jīng)允許請(qǐng)勿轉(zhuǎn)載,若此文章存在違規(guī)行為����,您可以聯(lián)系管理員刪除��。
轉(zhuǎn)載請(qǐng)注明本文地址:http://systransis.cn/yun/70185.html
