文檔只測(cè)試了https-post 江锨、https-get (非webservice)接口實(shí)現(xiàn)方式
webservice接口:
如果將證書導(dǎo)入jdk中不行鉴象,建議另起服務(wù)調(diào)用境输。暫時(shí)沒有辦法喇伯。
思路:
在NC掉用中間服務(wù) 中間服務(wù)調(diào)用第三方https-webservice接口
中間服務(wù)器使用jdk1.8及以上
調(diào)用服務(wù)前增加 放棄驗(yàn)證(用于axis)
AxisProperties.setProperty("axis.socketSecureFactory",
"org.apache.axis.components.net.SunFakeTrustSocketFactory");
如果上面方法不行瞻讽,我也不知道怎么解決。如果有好的方法可以告訴一下筷频。
第一種方式 :
將證書導(dǎo)入jdk中或加載證書
第二種方式:放棄對(duì)證書的校驗(yàn)
1.https 協(xié)議如果是tlsv1 導(dǎo)入下面三個(gè)jar
commons-logging-1.2.jar
org.apache.httpcomponents.httpclient_4.2.1.jar
org.apache.httpcomponents.httpcore_4.2.1.jar
2.下面兩個(gè)類是調(diào)用工具
package nc.bs.println.utils;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;
/**
* 繞過https證書認(rèn)證的方法
*/
public class SSLClient extends DefaultHttpClient{
public SSLClient() throws Exception{
super();
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
// SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,new X509HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
// TODO Auto-generated method stub
return true;
}
@Override
public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {
// TODO Auto-generated method stub
}
@Override
public void verify(String arg0, X509Certificate arg1) throws SSLException {
// TODO Auto-generated method stub
}
@Override
public void verify(String arg0, SSLSocket arg1) throws IOException {
// TODO Auto-generated method stub
}
});
ClientConnectionManager ccm = this.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
}
}
調(diào)用方法
package nc.bs.println.utils;
import java.nio.charset.Charset;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;
/**
* 調(diào)用https接口工具類
*/
public class CRMHttpConnection{
public static void main(String[] args) {
String url="url";
String json ="json";
sendPost(json,url);
}
/**
* 發(fā)送 post請(qǐng)求
*/
@SuppressWarnings("resource")
public static String sendPost(String json, String URL) {
//System.setProperty("javax.net.debug","ssl");
String obj = null;
// 創(chuàng)建默認(rèn)的httpClient實(shí)例.
HttpClient httpclient = null;
// 創(chuàng)建httppost
HttpPost httppost = new HttpPost(URL);
// httppost.addHeader("Content-type", "application/json; charset=utf-8");
httppost.setHeader("Accept", "application/json");
httppost.setHeader("x-zop-ns", "budget");
httppost.setHeader("accept", "*/*");
httppost.setHeader("connection", "Keep-Alive");
httppost.setHeader("user-agent","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
httppost.setHeader("Content-Type","application/json;charset=utf-8");
try {
httpclient = new SSLClient();
StringEntity s = new StringEntity(json, Charset.forName("UTF-8")); // 對(duì)參數(shù)進(jìn)行編碼蚌成,防止中文亂碼
s.setContentEncoding("UTF-8");
httppost.setEntity(s);
HttpResponse response = httpclient.execute(httppost);
// 獲取相應(yīng)實(shí)體
HttpEntity entity = response.getEntity();
if (entity != null) {
obj = EntityUtils.toString(entity, "UTF-8");
}
} catch (Exception e) {
e.printStackTrace();
}
return obj.toString();
}
}
如果是tlsv1.2 如果是tlsv1.1 則在上面的基礎(chǔ)上
將 local_policy.jar 和 US_export_policy.jar 覆蓋到 ufjdk/jre/lib/security(NC服務(wù)所用的JDK) 文件夾下
jar下載地址
https://www.oracle.com/java/technologies/javase-jce7-downloads.html
上面兩個(gè)jar是 jdk1.7使用的。如果是1.5凛捏、1.6的jdk需要
