我尝试了几种使用httpclient,urlconnection等访问休息服务的常用方法,但无济于事。
我已经阅读了无数关于如何执行此操作的Stack Overflow文章,在我的eclipse mobilefirst / RSA环境中无效。我使用mobilefirst 7.1.1和RSA 9.1.1运行jdk 1.7。
根据我的阅读,你必须设置SSLContext与tls1.2服务器通信...因为相同的代码在其他服务器上工作正常。我只有一种方法可以让你设置SSLContext,而ClientHTTPBuilder就是这样。
所以这里有几个例子:
此示例适用于此网址...但不适用于使用tls1.2的网站
URL url = new URL("https://wikipedia.org");
URLConnection urlConnection = url.openConnection();
InputStream in = urlConnection.getInputStream();
str = getStringByBufferedReader(in);
第二个例子:
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, null, null);
HttpClientBuilder clientBuilder = HttpClientBuilder.create().setSslcontext(context);
HttpGet request = new HttpGet(baseURL);
request.addHeader("Authorization", basicAuthorization);
request.addHeader("Accept", "text/plain");
CloseableHttpClient httpClient = clientBuilder.build();
CloseableHttpResponse httpResponse = httpClient.execute(request);
两种连接类型都会出现以下错误:
Exception in Test method = javax.net.ssl.SSLException: Received fatal alert: protocol_version
我也导入了证书。我也试过jdk 1.8无济于事。
答案 0 :(得分:0)
JRE7中的TLS解析为TLSv1。将协议明确设置为TLSv1.2:
SSLContext context = SSLContext.getInstance("TLSv1.2");
否则您的HttpClientBuilder示例就可以了。
修改
如果要禁用主机名检查(在生产系统中这是个坏主意):
Apache httpclient< 4.3:
package hello;
import java.net.URI;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
public class client {
public static void main(String args[]) throws Exception {
// System.setProperty("javax.net.debug", "ssl:handshake:verbose");
SSLSocketFactory socketFactory = null ;
// Set benevolent host name verifier
socketFactory = new SSLSocketFactory( "TLS" , null /* Keystore*/ ,
null /* keystore passwd */ ,null /* trusts store */ , null ,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER ) ;
Scheme sch = new Scheme("https", 443, socketFactory);
DefaultHttpClient httpClient = new DefaultHttpClient() ;
httpClient.getConnectionManager().getSchemeRegistry().register(sch);
HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/"));
// request.addHeader("Authorization", basicAuthorization);
// request.addHeader("Accept", "text/plain");
CloseableHttpResponse httpResponse = httpClient.execute(request);
System.out.println(httpResponse.getStatusLine());
httpClient.close();
}
}
使用Apache httpclient> = 4.3:
package hello;
import java.net.URI;
import java.util.Arrays;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import sun.security.ssl.SSLSocketFactoryImpl;
public class client {
public static void main(String args[]) throws Exception {
// System.setProperty("javax.net.debug", "ssl:handshake:verbose");
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null);
SSLConnectionSocketFactory sslCF = new SSLConnectionSocketFactory(context, new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// or add your own test here
return true;
}
});
CloseableHttpClient httpClient = HttpClientBuilder
.create()
.setSSLSocketFactory(sslCF)
.build();
HttpGet request = new HttpGet(new URI("https://www.wikipedia.org/"));
// request.addHeader("Authorization", basicAuthorization);
// request.addHeader("Accept", "text/plain");
CloseableHttpResponse httpResponse = httpClient.execute(request);
System.out.println(httpResponse.getStatusLine());
}
}
答案 1 :(得分:0)
我能够在主类中用一行来修复它:
System.setProperty("https.protocols", "SSLv3,TLSv1,TLSv1.1,TLSv1.2");