本文从spring cloud netflix zuul里头摘出httpclient访问https/http的源码,展示一下怎么用httpclient去访问https。

newConnectionManager

protected PoolingHttpClientConnectionManager newConnectionManager(boolean sslHostnameValidationEnabled) {
        try {
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, new TrustManager[] { new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates,
                                               String s) throws CertificateException {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates,
                                               String s) throws CertificateException {
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            } }, new SecureRandom());

            RegistryBuilder<ConnectionSocketFactory> registryBuilder = RegistryBuilder
                    .<ConnectionSocketFactory> create()
                    .register("http", PlainConnectionSocketFactory.INSTANCE);
            if (sslHostnameValidationEnabled) {
                registryBuilder.register("https",
                        new SSLConnectionSocketFactory(sslContext));
            }
            else {
                registryBuilder.register("https", new SSLConnectionSocketFactory(
                        sslContext, NoopHostnameVerifier.INSTANCE));
            }
            final Registry<ConnectionSocketFactory> registry = registryBuilder.build();

            PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
            connectionManager
                    .setMaxTotal(200);
            connectionManager.setDefaultMaxPerRoute(20);
            return connectionManager;
        }
        catch (Exception ex) {
            throw new RuntimeException(ex);
        }
    }

其中sslHostnameValidationEnabled指定要不要检验ssl,如果不校验,则是使用NoopHostnameVerifier

@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class NoopHostnameVerifier implements HostnameVerifier {

    public static final NoopHostnameVerifier INSTANCE = new NoopHostnameVerifier();

    @Override
    public boolean verify(final String s, final SSLSession sslSession) {
        return true;
    }

    @Override
    public final String toString() {
        return "NO_OP";
    }

}

newClient

final RequestConfig requestConfig = RequestConfig.custom()
                .setSocketTimeout(60000)
                .setConnectTimeout(60000)
                .setCookieSpec(CookieSpecs.IGNORE_COOKIES).build();
        HttpClientBuilder httpClientBuilder = HttpClients.custom();
        httpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
        HttpClient httpclient = httpClientBuilder.setConnectionManager(newConnectionManager(false))
                .useSystemProperties().setDefaultRequestConfig(requestConfig)
                .setRetryHandler(new DefaultHttpRequestRetryHandler(0, false))
                .setRedirectStrategy(new RedirectStrategy() {
                    @Override
                    public boolean isRedirected(HttpRequest request,
                                                HttpResponse response, HttpContext context)
                            throws ProtocolException {
                        return false;
                    }

                    @Override
                    public HttpUriRequest getRedirect(HttpRequest request,
                                                      HttpResponse response, HttpContext context)
                            throws ProtocolException {
                        return null;
                    }
                }).build();

request

HttpRequest httpRequest = new BasicHttpRequest("GET","/api/data");
        HttpHost httpHost = new HttpHost("demo.com.cn",-1,"https");
        try{
            return httpClient.execute(httpHost, httpRequest);
//            System.out.println(response.getEntity().getContent());
        }catch (Exception e){
            e.printStackTrace();
        }

小结

  • 使用NoopHostnameVerifier不去验证ssl,但是可能存在风险
  • 构造X509TrustManager

codecraft
11.9k 声望2k 粉丝

当一个代码的工匠回首往事时,不因虚度年华而悔恨,也不因碌碌无为而羞愧,这样,当他老的时候,可以很自豪告诉世人,我曾经将代码注入生命去打造互联网的浪潮之巅,那是个很疯狂的时代,我在一波波的浪潮上留下...