在Java中发布到HTTPS

时间:2016-07-15 16:35:08

标签: post https

我想通过请求正文发布到网址https://host:0101。我用非ssl,http做了这个,但是用https有问题。 我有信任存储(JKS)和密钥库(PKCS12)的完整路径,它们的密码作为.properties文件中的属性。

我必须做的是:

public sendPost () throws Exception {
  SSLContext sslContext = getContext();
  SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
  CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(factory).build();

  HttpPost post = new HttpPost("https://host:0101/post");
  StringEntity entity = new StringEntity(jsonData);
  post.setEntity(entity);
  response=client.execute(request);
  responseCode = response.getStatusLine().getStatusCode();
}

public SSLContext getContext() throws Exception {
  KeyStore keyStore = KeyStore.getInstance("JKS");
  FileInputStream instream = new FileInputStream(new File(PATH_TO_KEYSTORE));
  try {
    keyStore.load(instream, "password".toCharArray());

  }finally {instream.close()}
    return SSLContexts.custom().loadTrustMaterial(keyStore).build();
}

我正在通过运行Junit测试来测试它,以便在部署之前验证它是否有效。

@Test
public void test() throws Exception {
  int responseCode = entityUnderTest.sendPost();
  assertEquals(200, responseCode);
}

错误在response=client.execute(request);

HttpHostConnectException
Failed: Connection Refused 

4 个答案:

答案 0 :(得分:0)

该服务是否可通过HTTP S 获得?当您的服务可用性出现问题时,会发生连接拒绝错误。

这可能是由很多问题造成的:

  • 您的服务未运行
  • 您的服务无法通过HTTPS提供
  • 代理/路由错误(您的测试系统是否到达主机和端口?)

如果身份验证出现问题,您将收到不同的消息(例如:SSLPeerUnverifiedException,SSLHandshakeException)。

答案 1 :(得分:0)

这对我有用..试试吧

这是post方法

public static CookieManager msCookieManager = null;
private boolean isPinBuild=false;

public static String[] post(Context context, String Url, List<NameValuePair> values, List<NameValuePair> header_list)
        throws ConnectTimeoutException {

    String[] result = { "", "" };
    try {
        URL url = new URL(Url);
        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        Log.i("TAG_URL : ", Url);

        if (isPinBuild) {
            KeyPinStore keystore = KeyPinStore.getInstance(context);
            javax.net.ssl.SSLSocketFactory factory = keystore.getContext().getSocketFactory();
            SSLSocket socket = (SSLSocket)factory.createSocket();
            socket.setEnabledCipherSuites(new String[]{"RC4-MD5", "DES-CBC-SHA", "DES-CBC3-SHA"});
            socket.setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
            socket.setSoTimeout(60000);
            urlConnection.setSSLSocketFactory(factory);
        } else {
            KeyUnPinStore keystore = KeyUnPinStore.getInstance(context);
            javax.net.ssl.SSLSocketFactory factory = keystore.getContext().getSocketFactory();
            SSLSocket socket = (SSLSocket)factory.createSocket();
            socket.setEnabledCipherSuites(new String[]{"RC4-MD5", "DES-CBC-SHA", "DES-CBC3-SHA"});
            socket.setEnabledProtocols(new String[] {"TLSv1.1", "TLSv1.2"});
            socket.setSoTimeout(60000);
            urlConnection.setSSLSocketFactory(factory);
        }
        HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.STRICT_HOSTNAME_VERIFIER;
        urlConnection.setRequestMethod("POST");
        urlConnection.setConnectTimeout(connection_timeout);
        urlConnection.setHostnameVerifier(hostnameVerifier);
        urlConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

        for (NameValuePair header : header_list) {
            urlConnection.addRequestProperty(header.getName(), header.getValue());
        }

        if (msCookieManager == null) {
            msCookieManager = new CookieManager();
        }

        if (msCookieManager != null && msCookieManager.getCookieStore().getCookies().size() > 0) {
            urlConnection.setRequestProperty(COOKIE, TextUtils.join(";", msCookieManager.getCookieStore().getCookies()));
        }
        Log.i("TAG_POST_COOKIE : ", msCookieManager.getCookieStore().getCookies().toString());

        String postData = "";
        for (NameValuePair value : values) {
            postData = postData + value.getName() + "=" + URLEncoder.encode(value.getValue(), "UTF-8") + "&";
        }
        if (!TextUtils.isEmpty(postData) && postData.length() > 2) {
            postData = postData.substring(0, postData.length() - 1);
        }

        Log.i("TAG_POSTDATA : ", postData);

        urlConnection.setUseCaches(false);
        urlConnection.setDoInput(true);
        urlConnection.setDoOutput(true);

        urlConnection.setFixedLengthStreamingMode(postData.getBytes().length);
        PrintWriter out = new PrintWriter(urlConnection.getOutputStream());
        out.print(postData);
        out.close();

        // always check HTTP response code first
        int responseCode = urlConnection.getResponseCode();
        result[0] = responseCode + "";

        if (responseCode == HttpURLConnection.HTTP_OK) {
            // Get Response
            InputStream is = urlConnection.getInputStream();
            BufferedReader rd = new BufferedReader(new InputStreamReader(is));
            String line;
            StringBuffer response = new StringBuffer();
            while ((line = rd.readLine()) != null) {
                response.append(line);
                response.append('\r');
            }
            rd.close();

            Map<String, List<String>> headerFields = urlConnection.getHeaderFields();
            List<String> cookiesHeader = headerFields.get(COOKIES_HEADER);

            /*if (cookiesHeader != null) {
                for (String cookie : cookiesHeader) {
                    if (HttpCookie.parse(cookie).get(0).toString().contains(JSESSIONID)) {
                        msCookieManager.getCookieStore().add(null, HttpCookie.parse(cookie).get(0));
                    }
                }
            }*/

            if (!TextUtils.isEmpty(response)) {
                result[0] = HttpConnectionUrl.RESPONSECODE_REQUESTSUCCESS;
                result[1] = response.toString();
                Log.i("TAG_RESPONSE : ", result[1]);
            }

        }

    } catch (UnsupportedEncodingException e) {
        result[0] = HttpConnectionUrl.RESPONSECODE_CONNECTIONTIMEOUT;
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        result[0] = HttpConnectionUrl.RESPONSECODE_CONNECTIONTIMEOUT;
        e.printStackTrace();
    } catch (ConnectTimeoutException e) {
        result[0] = HttpConnectionUrl.RESPONSECODE_CONNECTIONTIMEOUT;
        e.printStackTrace();
    } catch (IOException e) {
        result[0] = HttpConnectionUrl.RESPONSECODE_CONNECTIONTIMEOUT;
        e.printStackTrace();
    } catch (Exception e) {
        result[0] = HttpConnectionUrl.RESPONSECODE_CONNECTIONTIMEOUT;
        e.printStackTrace();
    }
    return result;
}

这里isPinBuild变量用于您是否有任何证书文件。如果您使用任何可信证书,则设置为true。

这里是KeyPinStore类

public class KeyPinStore {
private static Context context = null;
private static KeyPinStore instance = null;
private SSLContext sslContext = SSLContext.getInstance("SSLv3");
//private SSLContext sslContext = SSLContext.getInstance("TLS");
public static synchronized KeyPinStore getInstance(Context mContext) throws CertificateException, IOException, KeyStoreException,
        NoSuchAlgorithmException, KeyManagementException {
    if (instance == null) {
        context = mContext;
        instance = new KeyPinStore();
    }
    return instance;
}

private KeyPinStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    // Load CAs from an InputStream
    // (could be from a resource or ByteArrayInputStream or ...)
    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    // randomCA.crt should be in the Assets directory
    InputStream caInput = new BufferedInputStream(context.getAssets().open("yourCertificate.crt"));


    Certificate ca;
    try {
        ca = cf.generateCertificate(caInput);
        System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
    } finally {
        caInput.close();
    }

    // Create a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    keyStore.setCertificateEntry("ca", ca);

    // Create a TrustManager that trusts the CAs in our KeyStore
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(keyStore);

    // Create an SSLContext that uses our TrustManager
    // SSLContext context = SSLContext.getInstance("TLS");
    sslContext.init(null, tmf.getTrustManagers(), null);
}

public SSLContext getContext() {
    return sslContext;
}

}

和KeyUnpinStore类

public class KeyUnPinStore {

private static Context context = null;
private static KeyUnPinStore instance = null;
private SSLContext sslContext = SSLContext.getInstance("TLS");

public static synchronized KeyUnPinStore getInstance(Context mContext) throws CertificateException, IOException, KeyStoreException,
        NoSuchAlgorithmException, KeyManagementException {
    if (instance == null) {
        context = mContext;
        instance = new KeyUnPinStore();
    }
    return instance;
}

private KeyUnPinStore() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
    // Create a trust manager that does not validate certificate chains
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };

    // Create all-trusting host name verifier
    // Create an SSLContext that uses our TrustManager
    // SSLContext context = SSLContext.getInstance("TLS");
    sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
}

public SSLContext getContext() {
    return sslContext;
}

}

答案 2 :(得分:0)

为什么不尝试使用httpbin?它是一种可以保证工作的外部资源。例如:

import java.io.IOException;
import java.net.URI;

import net.minidev.json.JSONObject;
import net.minidev.json.JSONValue;

import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;

public class Post {

    public static void main(String[] args) throws Exception {

        HttpClient client = new DefaultHttpClient();
        int result = post(client, new URI("https://httpbin.org/post"), (JSONObject)JSONValue.parse("{'answer':42}"));
        System.err.println(result);
    }

    public static int post(HttpClient httpClient, URI url, JSONObject content) throws IOException {
        final HttpPost post = new HttpPost(url);
        post.addHeader("Content-type", ContentType.APPLICATION_JSON.getMimeType());
        post.setEntity(new StringEntity(content.toString(), ContentType.APPLICATION_JSON));

        final HttpResponse response = httpClient.execute(post);
        EntityUtils.consumeQuietly(response.getEntity());

        return response.getStatusLine().getStatusCode();
    }
}

答案 3 :(得分:0)

假设您使用java“keytool”生成了公共/私有密钥对,并且使用了trustStore&amp; keyStores在客户端正确配置&amp;在HOST容器中(如果是Tomcat server.xml)。

在方法:“ sendPost ()”中,您可能希望获得SSL-Connection,如下所示:

try {

String endpoint="https://host:0101/post";
URL url = new URL(endpoint);
HttpsURLConnection conn = getConnection(url, "POST", uname, passwd);
conn.connect();


writeBody(conn);

catch(Exception e) { throw new RuntimeException(e); }
    conn.disconnect();
    }
    catch(Exception e) { throw new RuntimeException(e); }


private void writeBody(HttpsURLConnection conn) {
try {
String pairs = "who=Freddy&what=Avoid Friday nights if possible.";
OutputStream out = conn.getOutputStream();
out.write(pairs.getBytes());
out.flush();
}
catch(Exception e) { throw new RuntimeException(e); }
}