序
本文从spring cloud netflix zuul里头摘出httpclient访问https/http的源码,展示一下怎么用httpclient去访问https。
newConnectionManager
protected PoolingHttpClientConnectionManager newConnectionManager(boolean sslHostnameValidationEnabled) {
try {
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates,
String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
} }, new SecureRandom());
RegistryBuilder<ConnectionSocketFactory> registryBuilder = RegistryBuilder
.<ConnectionSocketFactory> create()
.register("http", PlainConnectionSocketFactory.INSTANCE);
if (sslHostnameValidationEnabled) {
registryBuilder.register("https",
new SSLConnectionSocketFactory(sslContext));
}
else {
registryBuilder.register("https", new SSLConnectionSocketFactory(
sslContext, NoopHostnameVerifier.INSTANCE));
}
final Registry<ConnectionSocketFactory> registry = registryBuilder.build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
connectionManager
.setMaxTotal(200);
connectionManager.setDefaultMaxPerRoute(20);
return connectionManager;
}
catch (Exception ex) {
throw new RuntimeException(ex);
}
}
其中sslHostnameValidationEnabled指定要不要检验ssl,如果不校验,则是使用NoopHostnameVerifier
@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class NoopHostnameVerifier implements HostnameVerifier {
public static final NoopHostnameVerifier INSTANCE = new NoopHostnameVerifier();
@Override
public boolean verify(final String s, final SSLSession sslSession) {
return true;
}
@Override
public final String toString() {
return "NO_OP";
}
}
newClient
final RequestConfig requestConfig = RequestConfig.custom()
.setSocketTimeout(60000)
.setConnectTimeout(60000)
.setCookieSpec(CookieSpecs.IGNORE_COOKIES).build();
HttpClientBuilder httpClientBuilder = HttpClients.custom();
httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
HttpClient httpclient = httpClientBuilder.setConnectionManager(newConnectionManager(false))
.useSystemProperties().setDefaultRequestConfig(requestConfig)
.setRetryHandler(new DefaultHttpRequestRetryHandler(0, false))
.setRedirectStrategy(new RedirectStrategy() {
@Override
public boolean isRedirected(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return false;
}
@Override
public HttpUriRequest getRedirect(HttpRequest request,
HttpResponse response, HttpContext context)
throws ProtocolException {
return null;
}
}).build();
request
HttpRequest httpRequest = new BasicHttpRequest("GET","/api/data");
HttpHost httpHost = new HttpHost("demo.com.cn",-1,"https");
try{
return httpClient.execute(httpHost, httpRequest);
// System.out.println(response.getEntity().getContent());
}catch (Exception e){
e.printStackTrace();
}
小结
- 使用NoopHostnameVerifier不去验证ssl,但是可能存在风险
- 构造X509TrustManager