转载请注明出处:
1.http协议请求
使用RestTemplate进行http协议的请求时,不需要考虑证书验证相关问题,以下为使用RestTemplate直接使用的代码示例:
import org.springframework.web.client.RestTemplate;
import org.springframework.http.ResponseEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
public class HttpRestClient {
public static void main(String[] args) {
RestTemplate restTemplate = new RestTemplate();
String url = "http://example.com/api/endpoint"; // 注意这里是HTTP协议
HttpHeaders headers = new HttpHeaders();
// 可以在这里添加请求头,如果需要的话
HttpEntity<?> requestEntity = new HttpEntity<>(headers);
try {
ResponseEntity<String> responseEntity = restTemplate.exchange(
url,
HttpMethod.GET, // 或者使用其他HTTP方法,如POST、PUT等
requestEntity,
String.class // 指定响应体的类型
);
// 处理响应
if (responseEntity.getStatusCode().is2xxSuccessful()) {
String responseBody = responseEntity.getBody();
System.out.println("Response: " + responseBody);
} else {
System.out.println("Request failed with status: " + responseEntity.getStatusCode());
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
2.Https请求信任所有证书:
在Java中,使用RestTemplate
进行HTTP请求时,默认情况下它会验证HTTPS证书的有效性。如果想要忽略HTTPS证书验证(这通常不推荐,因为它会降低安全性),需要自定义一个HttpClient
并设置它忽略SSL证书验证。
以下是一个示例,展示了如何为RestTemplate
创建一个自定义的HttpClient
,该HttpClient
将忽略HTTPS证书验证:
- 创建一个忽略SSL证书验证的
HttpClient
:
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import javax.net.ssl.SSLContext;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
public CloseableHttpClient createTrustingHttpClient() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContexts.custom()
.loadTrustMaterial(null, (chain, authType) -> true) // 信任所有证书
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
return HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
}
** 2.使用自定义的HttpClient
创建RestTemplate
** :
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
public RestTemplate createRestTemplateWithTrustingHttpClient() throws NoSuchAlgorithmException, KeyManagementException {
HttpComponentsClientHttpRequestFactory factory = new HttpComponentsClientHttpRequestFactory();
factory.setHttpClient(createTrustingHttpClient());
return new RestTemplate(factory);
}
** 3.使用RestTemplate
进行请求** :
public void makeRequest() throws NoSuchAlgorithmException, KeyManagementException {
RestTemplate restTemplate = createRestTemplateWithTrustingHttpClient();
String url = "https://example.com/api/endpoint";
RequestEntity<?> requestEntity = RequestEntity.get(URI.create(url)).build();
ResponseEntity<String> responseEntity = restTemplate.exchange(requestEntity, String.class);
// 处理响应...
}
注意 :
-
忽略SSL证书验证会降低你的应用的安全性,因为它容易受到中间人攻击。在生产环境中,你应该始终验证SSL证书。
-
如果确实需要忽略证书验证,确保完全了解相关的安全风险,并在完成后尽快恢复正常的证书验证。
3.自定义加载证书
在Java中使用RestTemplate
进行HTTPS请求时,如果需要加载特定的HTTPS证书,通常需要使用一个自定义的HttpClient
,并配置SSL上下文以加载你的证书。以下是一个使用Apache HttpClient和Spring RestTemplate加载特定HTTPS证书的示例:
- 创建自定义的HttpClient
需要创建一个自定义的HttpClient
,并配置SSL上下文以加载你的证书。
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
public class CustomRestTemplate {
public static RestTemplate createRestTemplateWithCustomSSL() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
// 加载你的证书和私钥
KeyStore keyStore = KeyStore.getInstance("PKCS12");
try (InputStream certStream = new FileInputStream("path/to/your/cert.p12")) {
keyStore.load(certStream, "password".toCharArray()); // 替换为你的证书密码
}
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, "password".toCharArray()); // 替换为你的证书密码
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
SSLContext sslContext = SSLContexts.custom()
.loadKeyMaterial(keyManagerFactory, "password".toCharArray()) // 替换为你的证书密码
.loadTrustMaterial(trustManagerFactory)
.build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.NO_HOSTNAME_VERIFIER);
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
}
在上面的代码中,你需要替换path/to/your/cert.p12
为你的证书文件路径,以及替换password
为你的证书密码。
2.使用自定义的RestTemplate
现在你可以使用上面创建的RestTemplate
实例进行HTTPS请求了。
public class MyService {
private final RestTemplate restTemplate;
public MyService() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException {
this.restTemplate = CustomRestTemplate.createRestTemplateWithCustomSSL();
}
public String makeHttpsRequest(String url) {
return restTemplate.getForObject(url, String.class);
}
}