文档只测试了https-post 、https-get （非webservice）接口实现方式

webservice接口：

如果将证书导入jdk中不行，建议另起服务调用。暂时没有办法。

思路：

1. 在NC掉用中间服务 中间服务调用第三方https-webservice接口

2. 中间服务器使用jdk1.8及以上

3. 调用服务前增加 放弃验证（用于axis）

AxisProperties.setProperty("axis.socketSecureFactory",

        "org.apache.axis.components.net.SunFakeTrustSocketFactory");

如果上面方法不行，我也不知道怎么解决。如果有好的方法可以告诉一下。

第一种方式 ：

将证书导入jdk中或加载证书

第二种方式：放弃对证书的校验

1.https 协议如果是tlsv1 导入下面三个jar

commons-logging-1.2.jar
org.apache.httpcomponents.httpclient_4.2.1.jar
org.apache.httpcomponents.httpcore_4.2.1.jar

2.下面两个类是调用工具

package nc.bs.println.utils;

import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.DefaultHttpClient;


/** 
 * 绕过https证书认证的方法
 */
public class SSLClient extends DefaultHttpClient{  

    public SSLClient() throws Exception{  

        super();  

        SSLContext ctx = SSLContext.getInstance("TLS");  
        
        X509TrustManager tm = new X509TrustManager() {  

                @Override  

                public void checkClientTrusted(X509Certificate[] chain,  

                        String authType) throws CertificateException {  

                }  

                @Override  

                public void checkServerTrusted(X509Certificate[] chain,  

                        String authType) throws CertificateException {  

                }  

                @Override  

                public X509Certificate[] getAcceptedIssuers() {  

                    return null;  

                }  

        };  

        ctx.init(null, new TrustManager[]{tm}, null);  

//        SSLSocketFactory ssf = new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  
        SSLSocketFactory ssf = new SSLSocketFactory(ctx,new X509HostnameVerifier() {
            
            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                // TODO Auto-generated method stub
                  return true;
            }
            
            @Override
            public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {
                // TODO Auto-generated method stub
                
            }
            
            @Override
            public void verify(String arg0, X509Certificate arg1) throws SSLException {
                // TODO Auto-generated method stub
                
            }
            
            @Override
            public void verify(String arg0, SSLSocket arg1) throws IOException {
                // TODO Auto-generated method stub
                
            }
        });  

        ClientConnectionManager ccm = this.getConnectionManager();  

        SchemeRegistry sr = ccm.getSchemeRegistry();  

        sr.register(new Scheme("https", 443, ssf));  

    }  

}  

调用方法

package nc.bs.println.utils;

import java.nio.charset.Charset;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.util.EntityUtils;

/** 
 * 调用https接口工具类 
 */ 
public  class CRMHttpConnection{
    
    public static void main(String[] args) {
        String url="url";
        String json ="json";
        sendPost(json,url);
    }
    
    /**
     * 发送 post请求
     */
    @SuppressWarnings("resource")
    public static String sendPost(String json, String URL) {
//System.setProperty("javax.net.debug","ssl");
        String obj = null;
        // 创建默认的httpClient实例.
        HttpClient httpclient = null;
        // 创建httppost
        HttpPost httppost = new HttpPost(URL);
//      httppost.addHeader("Content-type", "application/json; charset=utf-8");
        httppost.setHeader("Accept", "application/json");
        httppost.setHeader("x-zop-ns", "budget");
        httppost.setHeader("accept", "*/*");
        httppost.setHeader("connection", "Keep-Alive");
        httppost.setHeader("user-agent","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)");
        httppost.setHeader("Content-Type","application/json;charset=utf-8");
        try {
            httpclient = new SSLClient();
            StringEntity s = new StringEntity(json, Charset.forName("UTF-8")); // 对参数进行编码，防止中文乱码
            s.setContentEncoding("UTF-8"); 
            httppost.setEntity(s);
            HttpResponse response = httpclient.execute(httppost);
            // 获取相应实体
            HttpEntity entity = response.getEntity();
            if (entity != null) {
                obj = EntityUtils.toString(entity, "UTF-8");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return obj.toString();
    }
}

如果是tlsv1.2 如果是tlsv1.1 则在上面的基础上

将 local_policy.jar 和 US_export_policy.jar 覆盖到 ufjdk/jre/lib/security（NC服务所用的JDK） 文件夹下
jar下载地址
https://www.oracle.com/java/technologies/javase-jce7-downloads.html
上面两个jar是 jdk1.7使用的。如果是1.5、1.6的jdk需要

1.5
jar下载地址
https://www.oracle.com/java/technologies/java-archive-downloads-java-plat-downloads.html#jce_policy-6-oth-JPR

1.6
https://www.oracle.com/java/technologies/java-archive-downloads-java-plat-downloads.html#jce_policy-6-oth-JPR