【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证

单向验证：

第一步：生成密钥：

在单向验证中，首先需要生成一个密钥。以下是生成密钥的命令：

keytool -genkey -alias mykey -keyalg RSA -keystore d:/key/testkeykeytool -export -file d:/key/testkey.crt -alias mykey -keystore d:/key/testkey

由于是在本地进行测试，请修改本地的hosts文件，路径为C:WindowsSystem32driversetchosts，添加以下内容：

# localhost name resolution is handled within DNS itself.#    127.0.0.1       localhost#    ::1             localhost127.0.0.1 www.xiaochangwei.com

这样就可以通过域名进行访问。

第二步：配置Tomcat

在Tomcat的配置文件中，找到并启用HTTPS连接器。以下是基本的配置：

请注意，这段代码默认是注释掉的，需要手动取消注释。根据需要可以修改默认的端口，默认端口为8443。

在非Windows环境下，可能会遇到找不到密钥或密钥强度不足的问题，导致Tomcat无法正常启动或页面无法访问。解决方法如下：

为密钥文件添加后缀，以便非Windows环境识别。增加密钥的复杂度。

完整配置如下：

第三步：发布项目

项目已经成功发布，且端口可用。测试端口情况：

从测试结果看，端口可以正常访问，证明部署成功。

参考资料：https://www.php.cn/link/813c26fc0c3bf64573a10eafb3f8e5ee

双向验证

在双向验证中，需要生成服务器和客户端的证书，并进行相互信任配置。以下是相关的命令：

为服务器生成证书keytool -genkey -v -alias server -keyalg RSA -keystore d:key2server.keystore -validity 36500
为客户端生成证书keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:key2client.key.p12
导入客户端证书让服务器信任客户端证书
先把客户端证书导出为cer文件格式keytool -export -alias client -keystore d:key2client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:key2client.key.cer
将客户端cer导入到服务器证书库keytool -import -v -file d:key2client.key.cer -keystore d:key2server.keystore
查看安装结果keytool -list -keystore d:key2server.keystore
让客户端信任服务器证书
把服务器证书导出为cer文件keytool -keystore d:key2server.keystore -export -alias server -file d:key2server.cer
在客户端安装服务器证书选择受信任的根证书颁发机构
配置Tomcat

HTTP接口的调用本质上是通过地址建立连接，获取返回信息或发送请求数据，完成业务逻辑后关闭连接。可以使用原生态的接口调用方式或采用RESTful风格进行调用。如果需要调用多个HTTP接口，建议使用RESTful进行统一管理，使代码更加清晰。

在调用HTTPS接口时，如果对方项目使用双向验证，则需要提供证书和密码等信息。以下是绕过HTTPS验证的参考代码：

import java.io.IOException;import java.net.Socket;import java.net.UnknownHostException;import java.security.KeyManagementException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;import org.apache.http.HttpVersion;import org.apache.http.client.HttpClient;import org.apache.http.conn.ClientConnectionManager;import org.apache.http.conn.scheme.PlainSocketFactory;import org.apache.http.conn.scheme.Scheme;import org.apache.http.conn.scheme.SchemeRegistry;import org.apache.http.conn.ssl.SSLSocketFactory;import org.apache.http.impl.client.DefaultHttpClient;import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;import org.apache.http.params.BasicHttpParams;import org.apache.http.params.HttpConnectionParams;import org.apache.http.params.HttpParams;import org.apache.http.params.HttpProtocolParams;import org.apache.http.protocol.HTTP;
public class HttpsClient {static public HttpClient newHttpsClient() {try {KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());trustStore.load(null, null);SSLSocketFactory sf = new MySSLSocketFactory(trustStore);sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);HttpParams params = new BasicHttpParams();HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);HttpConnectionParams.setConnectionTimeout(params, 10000);HttpConnectionParams.setSoTimeout(params, 10000);SchemeRegistry registry = new SchemeRegistry();registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));registry.register(new Scheme("https", sf, 443));ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);return new DefaultHttpClient(ccm, params);} catch (Exception e) {return new DefaultHttpClient();}}
private static class MySSLSocketFactory extends SSLSocketFactory {    SSLContext sslContext = SSLContext.getInstance("TLS");    public MySSLSocketFactory(KeyStore truststore)            throws NoSuchAlgorithmException, KeyManagementException,            KeyStoreException, UnrecoverableKeyException {        super(truststore);        TrustManager tm = new X509TrustManager() {            public void checkClientTrusted(X509Certificate[] chain, String authType)                    throws CertificateException {            }            public void checkServerTrusted(X509Certificate[] chain, String authType)                    throws CertificateException {            }            public X509Certificate[] getAcceptedIssuers() {                return null;            }        };        sslContext.init(null, new TrustManager[] { tm }, null);    }    @Override    public Socket createSocket(Socket socket, String host, int port, boolean autoClose)            throws IOException, UnknownHostException {        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);    }    @Override    public Socket createSocket() throws IOException {        return sslContext.getSocketFactory().createSocket();    }}
}
受此启发，在使用RESTful风格进行HTTP接口调用时，可以通过修改初始化的HttpClient来实现。以下是RESTful风格的HTTP接口调用示例代码，注意需要引入RestTemplate（在spring-web.jar中）：
package com.xxx.rpc.restclient.utils;
import java.io.IOException;import java.net.Socket;import java.net.UnknownHostException;import java.security.KeyManagementException;import java.security.KeyStore;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.UnrecoverableKeyException;import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import java.text.SimpleDateFormat;import java.util.Date;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;import org.apache.http.client.HttpClient;import org.apache.http.conn.ClientConnectionManager;import org.apache.http.conn.scheme.PlainSocketFactory;import org.apache.http.conn.scheme.Scheme;import org.apache.http.conn.scheme.SchemeRegistry;import org.apache.http.conn.ssl.SSLSocketFactory;import org.apache.http.impl.client.DefaultHttpClient;import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;import org.slf4j.Logger;import org.slf4j.LoggerFactory;import org.springframework.http.HttpEntity;import org.springframework.http.HttpHeaders;import org.springframework.http.HttpStatus;import org.springframework.http.ResponseEntity;import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;import org.springframework.util.StringUtils;import org.springframework.web.client.RestTemplate;
@SuppressWarnings("deprecation")public class HttpClientUtils {private static Logger logger = LoggerFactory.getLogger(HttpClientUtils.class);
private static String HTTP_PROTOCOL = "https://";public static ResponseEntity Execute(FrontInfo frontInfo) {    HttpClient httpClient = null;    try {        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());        trustStore.load(null, null);        SSLSocketFactory sf = new MySSLSocketFactory(trustStore);        sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);        SchemeRegistry registry = new SchemeRegistry();        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), Integer.valueOf(frontInfo.getPort())));        registry.register(new Scheme("https", sf, Integer.valueOf(frontInfo.getPort())));        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);        httpClient = new DefaultHttpClient(ccm);    } catch (Exception e) {        logger.info("httpclient创建错误.");    }    HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);    httpComponentsClientHttpRequestFactory.setConnectTimeout(120 * 1000);    httpComponentsClientHttpRequestFactory.setReadTimeout(120 * 1000);    RestTemplate rt = new RestTemplate(httpComponentsClientHttpRequestFactory);    String url = HttpClientUtils.generateUrl(frontInfo);    HttpEntity requestEntity = HttpClientUtils.generateHttpEntity(frontInfo);    try {        System.out.println("httpMethod = " + frontInfo.getHttpMethod());        System.out.println("url = " + url);        System.out.println("requestEntity = " + requestEntity);        ResponseEntity responseEntity =                rt.exchange(url, frontInfo.getHttpMethod(), requestEntity, String.class);        logger.debug("responseEntity = [{}].", responseEntity);        System.out.println("responseEntity = " + responseEntity);        return responseEntity;    } catch (Exception e) {        System.out.println("info: " + e.getMessage());        logger.debug("error info:  = [{}].", e.getMessage());        return generateRespWhenException(e);    }}
}
由于这是商业项目的代码，这里仅展示部分代码。通过这个示例可以完全掌握RESTful相关技术。需要解释的是：
frontInfo是一个通用的参数对象，用于确保接口调用方式统一，包含各接口需要的参数名等，如IP、端口、URL、方法、用户名等。generateUrl方法根据通用参数对象及条件生成具体的URL，如https://www.php.cn/link/b7c341015338340fc8cc5c21e0473579。generateHttpEntity方法根据具体业务需求增加一些通用的头信息。exchange方法执行具体的请求，返回ResponseEntity，然后根据具体业务返回，进行解析。调用后解析返回信息大致如下，解析其中的body：
JSONObject object = JSONObject.parseObject(response.getBody().toString());JSONObject userJson = JSONObject.parseObject(object.getString("user"));String uuid = userJson.getString("id");
至此，RESTful使用方式介绍完毕。
以上就是【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证的详细内容，更多请关注创想鸟其它相关文章！
                                                        
版权声明：本文内容由互联网用户自发贡献，该文观点仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。

如发现本站有涉嫌抄袭侵权/违法违规的内容， 请发送邮件至 chuangxiangniao@163.com 举报，一经查实，本站将立刻删除。

发布者：程序猿，转转请注明出处：https://www.chuangxiangniao.com/p/112022.html