A recent requirement requires the Web server app to request an interface for an external Internet server over HTTPS, using the following code at the beginning of the local test:
String Businesscode = "SH30580";
Generatexml XML = new Generatexml ();
String xmlcontent = xml.writexmlstring (Businesscode);
Create the Sslcontext object and initialize it with the trust manager that we specified.
Sslcontext Sslcontext = sslcontext.getinstance ("SSL", "Sunjsse");
Sslcontext.init (NULL, new trustmanager[] {new X509TRUSTFORMSL ()},new java.security.SecureRandom ());
Get the Sslsocketfactory object from the above Sslcontext object
Sslsocketfactory SSF = Sslcontext.getsocketfactory ();
Create a URL object
URL myurl = new URL ("Https://211.144.221.138/mslws/Services/rsa/RsaWebService.svc/security/validateagencyqualification");
System.setproperty ("java.protocol.handler.pkgs", "Javax.net.ssl");
hostnameverifier HV = new Hostnameverifier () {
public boolean verify (String Urlhostname, sslsession session) {
return true;
}
};
Httpsurlconnection.setdefaulthostnameverifier (HV);
Create a Httpsurlconnection object and set its Sslsocketfactory object
Proxy proxy = new Proxy (proxy.type.http,new inetsocketaddress ("10.38.194.30", 8080));//Because the server uses an agent on the internet, Set the IP and port number of the proxy
Httpsurlconnection httpsconn = (httpsurlconnection) myurl.openconnection ();
Httpsconn.setrequestproperty ("Proxy-authorization", "Basic" + New Sun.misc.BASE64Encoder (). Encode ("User name: Password".) GetBytes ()));//set user name and password
Httpsconn.setsslsocketfactory (SSF);
Submit as Post
Httpsconn.setrequestmethod ("POST");
Setting the connection output
Httpsconn.setdoinput (TRUE);
Httpsconn.setdooutput (TRUE);
The Post request cannot use the cache
Httpsconn.setusecaches (FALSE);
Httpsconn.setrequestproperty ("Content-type", "Application/xml");
Httpsconn.connect ();
Get output stream
OutputStream OS = Httpsconn.getoutputstream ();
Set the output stream character set
Os.write (Xmlcontent.getbytes ("UTF-8"));
Os.flush ();
Os.close ();
Gets the input stream of the connection to read the response content
InputStreamReader INSR = new InputStreamReader (Httpsconn.getinputstream ());
Reads the response content of the server and displays
int respint = Insr.read ();
while (respint! =-1) {
System.out.print ((char) respint);
Respint = Insr.read ();
}
Import Java.io.FileInputStream;
Import Java.security.KeyStore;
Import java.security.cert.CertificateException;
Import Java.security.cert.X509Certificate;
Import Javax.net.ssl.TrustManager;
Import Javax.net.ssl.TrustManagerFactory;
Import Javax.net.ssl.X509TrustManager;
public class X509TRUSTFORMSL implements X509trustmanager {
/*
* The default X509trustmanager returned by SunX509. We ' ll delegate
* Decisions to it, and fall back to the logic in this class if the
* Default X509trustmanager doesn ' t trust it.
*/
X509trustmanager Sunjssex509trustmanager;
X509TRUSTFORMSL () throws Exception {
Create a "default" JSSE X509trustmanager.
KeyStore KS = keystore.getinstance ("JKS");
Ks.load (New FileInputStream ("D:\\jssecacerts"),
"Changeit". ToCharArray ());
Trustmanagerfactory TMF =
Trustmanagerfactory.getinstance ("SunX509");//, "Sunjsse"
Tmf.init (KS);
TrustManager TMS [] = Tmf.gettrustmanagers ();
/*
* Iterate over the returned trustmanagers
* For the instance of X509trustmanager. If found,
* Use this as our "default" trust manager.
*/
for (int i = 0; i < tms.length; i++) {
if (Tms[i] instanceof X509trustmanager) {
Sunjssex509trustmanager = (X509trustmanager) tms[i];
Return
}
}
/*
* Find Some other-initialize, or else we have a to fail the
* constructor.
*/
throw new Exception ("couldn ' t initialize");
}
/*
* Delegate to the default trust manager.
*/
public void checkclienttrusted (x509certificate[] chain, String authtype)
Throws Certificateexception {
try {
Sunjssex509trustmanager.checkclienttrusted (chain, authtype);
} catch (Certificateexception excep) {
Do any special handling here, or Rethrow exception.
}
}
/*
* Delegate to the default trust manager.
*/
public void checkservertrusted (x509certificate[] chain, String authtype)
Throws Certificateexception {
try {
Sunjssex509trustmanager.checkservertrusted (chain, authtype);
} catch (Certificateexception excep) {
/*
* Possibly pop up a dialog box asking whether to trust the
* Cert chain.
*/
}
}
/*
* Merely pass this through.
*/
Public x509certificate[] Getacceptedissuers () {
return Sunjssex509trustmanager.getacceptedissuers ();
}
}
Eclipse test is fine, but posted to WebSphere error, said no support Sunjsse, checked for half a day, Originally IBM does not support the Sun Company's JDK in the Jsse.jar package, the online said to have their own additions, there are also said to add the certificate where, perhaps because I stupid, engaged in the majority of days, p with no, finally realized the following methods:
public static void Main (String args[]) throws exception{
Create the Sslcontext object and initialize it with the trust manager that we specified.
Sslcontext Sslcontext = sslcontext.getinstance ("SSL", "Sunjsse");
Sslcontext.init (NULL, new trustmanager[] {new Trustanytrustmanager ()},new java.security.SecureRandom ());
Get the Sslsocketfactory object from the above Sslcontext object
Sslsocketfactory SSF = Sslcontext.getsocketfactory ();
Create a URL object
URL myurl = new URL ("Https://211.144.221.138/mslws/Services/rsa/RsaWebService.svc/security/validateagencyqualification");
String Businesscode = "SH30580";
Generatexml XML = new Generatexml ();
String xmlcontent = xml.writexmlstring (Businesscode);
Create a Httpsurlconnection object and set its Sslsocketfactory object
Proxy proxy = new Proxy (proxy.type.http,new inetsocketaddress ("10.38.194.30", 8080));
Httpsurlconnection httpsconn = (httpsurlconnection) myurl.openconnection ();
Httpsconn.setrequestproperty ("Proxy-authorization", "Basic" + New Sun.misc.BASE64Encoder (). Encode ("Dajiang: Abcd1234 ". GetBytes ()));
Httpsconn.setsslsocketfactory (SSF);
Httpsconn.sethostnameverifier (New Trustanyhostnameverifier ());
Submit as Post
Httpsconn.setrequestmethod ("POST");
Setting the connection output
Httpsconn.setdoinput (TRUE);
Httpsconn.setdooutput (TRUE);
The Post request cannot use the cache
Httpsconn.setusecaches (FALSE);
Httpsconn.setrequestproperty ("Content-type", "Application/xml");
Httpsconn.connect ();
Get output stream
OutputStream OS = Httpsconn.getoutputstream ();
Set the output stream character set
Os.write (Xmlcontent.getbytes ("UTF-8"));
Os.flush ();
Os.close ();
Gets the input stream of the connection to read the response content
InputStreamReader INSR = new InputStreamReader (Httpsconn.getinputstream ());
Reads the response content of the server and displays
int respint = Insr.read ();
while (respint! =-1) {
System.out.print ((char) respint);
Respint = Insr.read ();
}
}
/*
* For connection to HTTPS use
*/
private static class Trustanytrustmanager implements X509trustmanager {
public void checkclienttrusted (x509certificate[] chain, String authtype) throws Certificateexception {
}
public void checkservertrusted (x509certificate[] chain, String authtype) throws Certificateexception {
}
Public java.security.cert.x509certificate[] Getacceptedissuers () {
return new java.security.cert.x509certificate[] {};
}
public void checkclienttrusted (java.security.cert.x509certificate[] arg0, String arg1)
Throws Java.security.cert.CertificateException {
}
public void checkservertrusted (java.security.cert.x509certificate[] arg0, String arg1)
Throws Java.security.cert.CertificateException {
}
}
private static class Trustanyhostnameverifier implements Hostnameverifier {
public boolean verify (String hostname, sslsession session) {
return true;
}
}
According to this method, finally link success, Big Stone landed ~!
Considerations for HTTPS request protocol in WebSphere Application server (server uses Internet on proxy)