https认证和httpclient远程调度https的接口的方法

证书认证和Httpclient远程调度调度的方法
一．证书认证建立
1.0 服务认证命令
keytool -genkey -v -alias server -keyalg RSA -keystore /opt/yht/aaa/tomcat.keystore -validity 36500

 

你的名字与姓氏是什么（填当前部署的IP地址）否则远程调度会出错
2.0 客户端认证的命令
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore /opt/yht/aaa/client.key.p12

 

(可是能够绕过https认证，就能够不须要客户端认证，若是要认证就得生成客户端认证)
网上的方法
为服务器生成证书
keytool -genkey -v -alias server -keyalg RSA -keystore d:\key2\server.keystore -validity 36500

为客户端生成证书
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:\key2\client.key.p12

导入客户端证书
让服务器信任客户端证书
1.先把客户端证书处处为cer文件格式
keytool -export -alias client -keystore d:\key2\client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:\key2\client.key.cer

2.将客户端cer导入到服务器证书库
keytool -import -v -file d:\key2\client.key.cer -keystore d:\key2\server.keystore
3.查看安装结果
keytool -list -keystore d:\key2\server.keystore

让客户端信任服务器证书
1.把服务器证书处处为cer文件
keytool -keystore d:\key2\server.keystore -export -alias server -file d:\key2\server.cer

2.在客户端安装服务器证书
选择受信任的根证书颁发机构
配置tomcat
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile="D:\\key2\\server.keystore" keystorePass="123456"
truststoreFile="D:\\key2\\server.keystore" truststorePass="123456" />
二．Httpclient远程调度的方法
package com.gh.client.tools;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;

/**
* 用 http 进行get post的请求进行传值
*
* @author yht
*
*/
public class HttpclientMethodTools {
/**
* 绕过验证
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sc = SSLContext.getInstance("SSLv3");
// 实现一个X509TrustManager接口，用于绕过验证，不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}

@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sc.init(null, new TrustManager[] { trustManager }, null);
return sc;
}

/** * 进行post 请求 * * @param url * 传递的url参数 * @param msgbody * 传递信息结构 * @return * @throws NoSuchAlgorithmException * @throws KeyManagementException */ public static Map<String, Object> methPost(String url, Map<String, String> msgbody) throws KeyManagementException, NoSuchAlgorithmException { // 返回结果对象 Map<String, Object> resultobject = new HashMap<String, Object>(); // 是否请求成功后的状态码 2000 表示成功 2001 表示失败 int statuscode = 2000; // 采用绕过验证的方式处理https请求 SSLContext sslcontext = createIgnoreVerifySSL(); // 设置协议http和https对应的处理socket连接工厂的对象 Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create() .register("http", PlainConnectionSocketFactory.INSTANCE) .register("https", new SSLConnectionSocketFactory(sslcontext)).build(); PoolingHttpClientConnectionManager connManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry); HttpClients.custom().setConnectionManager(connManager); // 建立自定义的httpclient对象 CloseableHttpClient httpclient = HttpClients.custom().setConnectionManager(connManager).build(); // 实例化httpClient // CloseableHttpClient httpclient = HttpClients.createDefault(); // 实例化post方法 HttpPost httpPost = new HttpPost(url); // 指定报文头Content-type、User-Agent httpPost.setHeader("Content-type", "application/x-www-form-urlencoded"); httpPost.setHeader("User-Agent", "Mozilla/5.0 (Windows NT 6.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2"); // 处理参数 List<NameValuePair> nvps = new ArrayList<NameValuePair>(); Set<String> keySet = msgbody.keySet(); for (String key : keySet) { nvps.add(new BasicNameValuePair(key, msgbody.get(key))); } // 结果 CloseableHttpResponse response = null; String content = ""; try { // 提交的参数 UrlEncodedFormEntity uefEntity = new UrlEncodedFormEntity(nvps, "UTF-8"); // 将参数给post方法 httpPost.setEntity(uefEntity); // 执行post方法 response = httpclient.execute(httpPost); if (response.getStatusLine().getStatusCode() == 200) { content = EntityUtils.toString(response.getEntity(), "utf-8"); } else { statuscode = 2001; } } catch (UnsupportedEncodingException e) { e.printStackTrace(); statuscode = 2001; } catch (ClientProtocolException e) { e.printStackTrace(); statuscode = 2001; } catch (IOException e) { e.printStackTrace(); statuscode = 2001; } finally { try { if (response != null) { response.close(); } if (httpclient != null) { httpclient.close(); } } catch (IOException e) { e.printStackTrace(); } } resultobject.put("statuscode", statuscode); resultobject.put("content", content); return resultobject; }}