HTTP工具类支持跳过SSL检查 fix #68

ifeilong · Sep 2, 2019 · 2dbe650 · 2dbe650
1 parent bd43e7d
commit 2dbe650
Show file tree

Hide file tree

Showing 4 changed files with 192 additions and 5 deletions.
diff --git a/feilong-net-api/src/main/java/com/feilong/net/entity/ConnectionConfig.java b/feilong-net-api/src/main/java/com/feilong/net/entity/ConnectionConfig.java
@@ -30,7 +30,7 @@ public final class ConnectionConfig{
 
     /** Static instance. */
     // the static instance works for all types
-    public static final ConnectionConfig INSTANCE       = new ConnectionConfig();
+    public static final ConnectionConfig INSTANCE                = new ConnectionConfig();
 
     //---------------------------------------------------------------
 
@@ -90,7 +90,7 @@ public final class ConnectionConfig{
      * 
      * @see TimeInterval#MILLISECOND_PER_MINUTE
      */
-    private int                          connectTimeout = 20 * MILLISECOND_PER_SECONDS;
+    private int                          connectTimeout          = 20 * MILLISECOND_PER_SECONDS;
 
     /**
      * 将读超时设置为指定的超时值,以毫秒为单位.用一个非零值指定在建立到资源的连接后从 Input流读入时的超时时间.
@@ -106,12 +106,24 @@ public final class ConnectionConfig{
      * 
      * @see TimeInterval#MILLISECOND_PER_MINUTE
      */
-    private int                          readTimeout    = 20 * MILLISECOND_PER_SECONDS;
+    private int                          readTimeout             = 20 * MILLISECOND_PER_SECONDS;
 
     //---------------------------------------------------------------
 
     /** 内容的字符集. */
-    private String                       contentCharset = UTF8;
+    private String                       contentCharset          = UTF8;
+
+    /**
+     * 是否关闭 HostnameVerifier essentially turns hostname 校验.
+     * 
+     * <p>
+     * 默认 true 表示关闭
+     * </p>
+     * 
+     * @see org.apache.http.conn.ssl.NoopHostnameVerifier
+     * @since 2.0.0
+     */
+    private boolean                      turnOffHostnameVerifier = true;
 
     //---------------------------------------------------------------
     /**
@@ -138,6 +150,17 @@ public ConnectionConfig(String userName, String password){
         this.password = password;
     }
 
+    /**
+     * Instantiates a new connection config.
+     *
+     * @param turnOffHostnameVerifier
+     *            the turn off hostname verifier
+     * @since 2.0.0
+     */
+    public ConnectionConfig(boolean turnOffHostnameVerifier){
+        super();
+        this.turnOffHostnameVerifier = turnOffHostnameVerifier;
+    }
     //---------------------------------------------------------------
 
     /**
@@ -344,4 +367,35 @@ public String getPassword(){
     public void setPassword(String password){
         this.password = password;
     }
+
+    /**
+     * 是否关闭 HostnameVerifier essentially turns hostname 校验.
+     * 
+     * <p>
+     * 默认 true 表示关闭
+     * </p>
+     *
+     * @return the turnOffHostnameVerifier
+     * @see org.apache.http.conn.ssl.NoopHostnameVerifier
+     * @since 2.0.0
+     */
+    public boolean getTurnOffHostnameVerifier(){
+        return turnOffHostnameVerifier;
+    }
+
+    /**
+     * 是否关闭 HostnameVerifier essentially turns hostname 校验.
+     * 
+     * <p>
+     * 默认 true 表示关闭
+     * </p>
+     *
+     * @param turnOffHostnameVerifier
+     *            the turnOffHostnameVerifier to set
+     * @see org.apache.http.conn.ssl.NoopHostnameVerifier
+     * @since 2.0.0
+     */
+    public void setTurnOffHostnameVerifier(boolean turnOffHostnameVerifier){
+        this.turnOffHostnameVerifier = turnOffHostnameVerifier;
+    }
 }
diff --git a/feilong-net-api/src/main/java/com/feilong/net/ssl/TrustAnyTrustManager.java b/feilong-net-api/src/main/java/com/feilong/net/ssl/TrustAnyTrustManager.java
@@ -26,6 +26,7 @@
  * @author <a href="http://feitianbenyue.iteye.com/">feilong</a>
  * @see "weibo4j.model.MySSLSocketFactory.TrustAnyTrustManager"
  * @see org.apache.commons.net.util.TrustManagerUtils
+ * @see javax.net.ssl.HostnameVerifier
  * @deprecated pls use org.apache.commons.net.util.TrustManagerUtils#getAcceptAllTrustManager()
  */
 @Deprecated
@@ -37,6 +38,16 @@ public class TrustAnyTrustManager implements X509TrustManager{
 
     //---------------------------------------------------------------
 
+    /**
+     * Check client trusted.
+     *
+     * @param x509Certificate
+     *            the x 509 certificate
+     * @param authType
+     *            the auth type
+     * @throws CertificateException
+     *             the certificate exception
+     */
     /*
      * (non-Javadoc)
      * 
@@ -46,6 +57,16 @@ public class TrustAnyTrustManager implements X509TrustManager{
     public void checkClientTrusted(X509Certificate[] x509Certificate,String authType) throws CertificateException{
     }
 
+    /**
+     * Check server trusted.
+     *
+     * @param x509Certificate
+     *            the x 509 certificate
+     * @param authType
+     *            the auth type
+     * @throws CertificateException
+     *             the certificate exception
+     */
     /*
      * (non-Javadoc)
      * 
@@ -55,6 +76,11 @@ public void checkClientTrusted(X509Certificate[] x509Certificate,String authType
     public void checkServerTrusted(X509Certificate[] x509Certificate,String authType) throws CertificateException{
     }
 
+    /**
+     * Gets the accepted issuers.
+     *
+     * @return the accepted issuers
+     */
     /*
      * (non-Javadoc)
      * 

diff --git a/...-net-httpclient4/src/main/java/com/feilong/net/httpclient4/builder/HttpClientBuilder.java b/...-net-httpclient4/src/main/java/com/feilong/net/httpclient4/builder/HttpClientBuilder.java
@@ -19,6 +19,7 @@
 
 import org.apache.http.client.HttpClient;
 import org.apache.http.conn.socket.LayeredConnectionSocketFactory;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.impl.client.HttpClients;
 
 import com.feilong.net.entity.ConnectionConfig;
@@ -72,7 +73,7 @@ public static HttpClient build(ConnectionConfig connectionConfig){
     public static HttpClient build(ConnectionConfig connectionConfig,LayeredConnectionSocketFactory layeredConnectionSocketFactory){
         org.apache.http.impl.client.HttpClientBuilder customHttpClientBuilder = HttpClients.custom();
 
-        setSSL(layeredConnectionSocketFactory, customHttpClientBuilder);
+        setSSL(connectionConfig, layeredConnectionSocketFactory, customHttpClientBuilder);
         //customHttpClientBuilder.setConnectionManager(connManager);
         //.setDefaultCredentialsProvider(CredentialsProviderBuilder.build(AuthScope.ANY, userName, password))//
 
@@ -85,13 +86,18 @@ public static HttpClient build(ConnectionConfig connectionConfig,LayeredConnecti
     /**
      * 设置 SSL.
      *
+     * @param connectionConfig
+     *            the connection config
      * @param layeredConnectionSocketFactory
      *            the layered connection socket factory
      * @param customHttpClientBuilder
      *            the custom http client builder
+     * @see org.apache.http.conn.ssl.NoopHostnameVerifier
+     * @see javax.net.ssl.HostnameVerifier
      * @since 1.11.4
      */
     private static void setSSL(
+                    ConnectionConfig connectionConfig,
                     LayeredConnectionSocketFactory layeredConnectionSocketFactory,
                     org.apache.http.impl.client.HttpClientBuilder customHttpClientBuilder){
         if (null != layeredConnectionSocketFactory){
@@ -102,5 +108,12 @@ private static void setSSL(
         //这代码比上面简洁
         SSLContext sslContext = com.feilong.net.ssl.SSLContextBuilder.build(SSLProtocol.TLSv12);
         customHttpClientBuilder.setSSLContext(sslContext);
+
+        //---------------------------------------------------------------
+        //since 2.0.0
+        if (connectionConfig.getTurnOffHostnameVerifier()){
+            customHttpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
+        }
     }
+
 }
diff --git a/...net-httpclient4/src/test/java/com/feilong/net/httpclient4/GetResponseStatusCodeTest2.java b/...net-httpclient4/src/test/java/com/feilong/net/httpclient4/GetResponseStatusCodeTest2.java
@@ -0,0 +1,94 @@
+/*
+ * Copyright (C) 2008 feilong
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.feilong.net.httpclient4;
+
+import org.junit.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.feilong.net.entity.ConnectionConfig;
+import com.feilong.net.entity.HttpRequest;
+
+/**
+ *
+ * @author <a href="http://feitianbenyue.iteye.com/">feilong</a>
+ * @version 1.2.1 2015年6月6日 下午11:04:42
+ * @since 1.2.1
+ */
+public class GetResponseStatusCodeTest2{
+
+    /** The Constant log. */
+    private static final Logger LOGGER             = LoggerFactory.getLogger(GetResponseStatusCodeTest2.class);
+
+    //---------------------------------------------------------------
+    private static final String trustStorePath     = "/Users/feilong/workspace/feilong/feilong-net/feilong-net-httpclient4/src/test/resources/amiuat.keystore";
+
+    private static final String trustStorePassword = "amiuat";
+
+    @Test
+    public void test(){
+        //
+        setHttpsCertificates(trustStorePath, trustStorePassword);
+
+        testGetResponseBodyAsString1();
+    }
+
+    @Test
+    public void test222(){
+        //
+        setHttpsCertificates(trustStorePath, trustStorePassword);
+
+        System.clearProperty("javax.net.ssl.trustStore");
+        System.clearProperty("javax.net.ssl.trustStorePassword");
+        // System.clearProperty("java.protocol.handler.pkgs");
+
+        testGetResponseBodyAsString1();
+    }
+
+    public void testGetResponseBodyAsString1(){
+        String uri = "https://cps.wecommerce.com.cn/cps/broker/getToken?storeId=9&secret=991d110bc99aa4c9f151525f49eb6934";
+
+        LOGGER.debug(HttpClientUtil.get(uri));
+    }
+
+    @Test
+    public void testGetResponseBodyAsString122(){
+        String uri = "https://40.73.75.129/api/oms/mall/in";
+        LOGGER.debug(HttpClientUtil.post(uri));
+    }
+
+    @Test
+    public void testGetResponseBodyAsString12222(){
+        String uri = "https://40.73.75.129/api/oms/mall/in";
+        LOGGER.debug(HttpClientUtil.getResponseBodyAsString(new HttpRequest(uri), new ConnectionConfig(false)));
+    }
+
+    /**
+     * 为指定的HTTPS域名或者IP设置本地证书
+     * 
+     * @param trustStorePath
+     *            .keystore 文件所在目录
+     * @param trustStorePassword
+     *            生成 .keystore 文件设置的密码
+     */
+    public static void setHttpsCertificates(String trustStorePath,String trustStorePassword){
+        System.setProperty("javax.net.ssl.trustStore", trustStorePath);
+        System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+        System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+        java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    }
+
+}