RestTemplate添加HTTPS证书全过程解析

目录
  • RestTemplate添加HTTPS证书
    • 证书的下载
    • 证书导入JDK
    • 生成keystore文件
    • 项目中配置
  • RestTemplate访问HTTPS
    • maven
    • 配置
    • 验证

RestTemplate添加HTTPS证书

证书的下载

先通过浏览器将未签名验证的证书保存到本地, 点击 不安全–> 证书–> 详细信息 --> 复制到文件 然后默认选择 起一个文件名 , 保存即可, 比如我将证书保存在了桌面 , 命名为 xx.cer

证书导入JDK

若是想要在项目中用到证书 , 需要先将证书导入到JDK的证书管理里面, 导入命令如下:

对上面的命令做一个解释 此命令是在linux服务器内执行的 , 在执行这个命令的时候就在证书所在的文件夹下打开终端, 然后命名一下别名 , 别名最好和证书名称一致 , 如上, 都叫xx , 另外将上面命令中的JDK路径换成你的实际路径即可

上面命令输入完毕后回车 , 会让你写密码啥的 , 就写 changeit 若是changeit不行就写 changeme 一般的 chageit 就可以了

生成keystore文件

只将证书导入JDK就可以了吗? 我这里验证的是不可以的, 必须还要生成对应的 keystore文件

对上面的命令做一个解释 , 该命令也是在linux下执行的 ,当然windows下也可以的 , 执行的时候也是在证书所在文件夹进行的 , 若是提示权限不够 那就再加sudo , windows就以管理员的身份执行

回车后又会让你输入密码 , 那么就还对应着输入 chageit 即可

执行完毕后会在当前路径下再产生一个xx.keystore文件

项目中配置

将上面上传的xx.keystore 文件文件复制到你的项目的类路径下

将下面的这个restTemplate的配置复制到你的项目中去,其中里面用到了一个httpConverter 这个是做json格式转换的, 和HTTPS没太大关系 , 若是不需要就将它以及相关代码删掉即可

?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

package com.abc.air.config;

import java.io.File;

import java.io.FileInputStream;

import java.io.InputStream;

import java.security.KeyManagementException;

import java.security.KeyStore;

import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.cert.X509Certificate;

import java.util.ArrayList;

import java.util.List;

import org.apache.http.config.Registry;

import org.apache.http.config.RegistryBuilder;

import org.apache.http.conn.socket.ConnectionSocketFactory;

import org.apache.http.conn.socket.PlainConnectionSocketFactory;

import org.apache.http.conn.ssl.NoopHostnameVerifier;

import org.apache.http.conn.ssl.SSLConnectionSocketFactory;

import org.apache.http.impl.client.CloseableHttpClient;

import org.apache.http.impl.client.HttpClients;

import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;

import org.apache.http.ssl.SSLContextBuilder;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.core.io.ClassPathResource;

import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;

import org.springframework.http.converter.HttpMessageConverter;

import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;

import org.springframework.http.converter.xml.MappingJackson2XmlHttpMessageConverter;

import org.springframework.web.client.RestTemplate;

import com.alibaba.fastjson.support.spring.FastJsonHttpMessageConverter;

/**

* Created by ZhaoTengchao on 2019/4/12.

*/

@Configuration

public class RestTemplateConfig {

@Autowired

private FastJsonHttpMessageConverter httpMessageConverter;

@Bean

RestTemplate restTemplate() throws Exception {

HttpComponentsClientHttpRequestFactory factory = new

HttpComponentsClientHttpRequestFactory();

factory.setConnectionRequestTimeout(5 * 60 * 1000);

factory.setConnectTimeout(5 * 60 * 1000);

factory.setReadTimeout(5 * 60 * 1000);

// https

SSLContextBuilder builder = new SSLContextBuilder();

KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

ClassPathResource resource = new ClassPathResource("nonghang.keystore");

InputStream inputStream = resource.getInputStream();

keyStore.load(inputStream, null);

SSLConnectionSocketFactory socketFactory = new SSLConnectionSocketFactory(builder.build(), NoopHostnameVerifier.INSTANCE);

Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()

.register("http", new PlainConnectionSocketFactory())

.register("https", socketFactory).build();

PoolingHttpClientConnectionManager phccm = new PoolingHttpClientConnectionManager(registry);

phccm.setMaxTotal(200);

CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(socketFactory).setConnectionManager(phccm).setConnectionManagerShared(true).build();

factory.setHttpClient(httpClient);

RestTemplate restTemplate = new RestTemplate(factory);

List<HttpMessageConverter<?>> converters = restTemplate.getMessageConverters();

ArrayList<HttpMessageConverter<?>> convertersValid = new ArrayList<>();

for (HttpMessageConverter<?> converter : converters) {

if (converter instanceof MappingJackson2HttpMessageConverter ||

converter instanceof MappingJackson2XmlHttpMessageConverter) {

continue;

}

convertersValid.add(converter);

}

convertersValid.add(httpMessageConverter);

restTemplate.setMessageConverters(convertersValid);

inputStream.close();

return restTemplate;

}

}

到此配置完毕!

RestTemplate访问HTTPS

本文简述一下怎么使用restTemplate来访问https。

maven

?

1

2

3

4

5

<dependency>

<groupId>org.apache.httpcomponents</groupId>

<artifactId>httpclient</artifactId>

<version>4.5.3</version>

</dependency>

这里使用httpclient的factory

配置

?

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

@Bean

public RestTemplate restTemplate() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {

TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()

.loadTrustMaterial(null, acceptingTrustStrategy)

.build();

SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);

CloseableHttpClient httpClient = HttpClients.custom()

.setSSLSocketFactory(csf)

.build();

HttpComponentsClientHttpRequestFactory requestFactory =

new HttpComponentsClientHttpRequestFactory();

requestFactory.setHttpClient(httpClient);

RestTemplate restTemplate = new RestTemplate(requestFactory);

return restTemplate;

}

验证

?

1

2

3

4

5

6

@Test

public void testHttps(){

String url = "https://free-api.heweather.com/v5/forecast?city=CN101080101&key=5c043b56de9f4371b0c7f8bee8f5b75e";

String resp = restTemplate.getForObject(url, String.class);

System.out.println(resp);

}

以上为个人经验,希望能给大家一个参考,也希望大家多多支持服务器之家。

原文链接:https://blog.csdn.net/fengbird/article/details/89462295

本文链接:https://my.lmcjl.com/post/17879.html

展开阅读全文

4 评论

留下您的评论.