How to use HttpClient to send a request with a client certificate, and how to ignore the checksum of the server-side certificate

Source: Internet
Author: User

Recently to do the client and server-side two-way authentication, in the client to the server to send a request with a certificate here is a bit of a problem, the online example is mostly not very good, so I looked for GitHub on the HttpClient source code example to change a bit, finally figured out

On GitHub I refer to the example in: https://github.com/apache/httpclient/blob/4.5.x/httpclient/src/examples/org/apache/http/ Examples/client/clientcustomssl.java

Next, I'll put my own code (need to import httpclient and other related jar packages), and then explain

Importorg.apache.commons.io.IOUtils;Importorg.apache.http.HttpEntity;ImportOrg.apache.http.client.methods.CloseableHttpResponse;ImportOrg.apache.http.client.methods.HttpGet;Importorg.apache.http.conn.ssl.SSLConnectionSocketFactory;ImportOrg.apache.http.conn.ssl.TrustStrategy;Importorg.apache.http.impl.client.CloseableHttpClient;Importorg.apache.http.impl.client.HttpClients;Importorg.apache.http.ssl.SSLContexts;Importorg.apache.http.util.EntityUtils;ImportJavax.net.ssl.SSLContext;ImportJava.io.File;ImportJava.io.FileInputStream;ImportJava.security.KeyStore;Importjava.security.cert.CertificateException;Importjava.security.cert.X509Certificate;/** Created with Intellij idea * USER: kj a flat * DATE:2016/5/8 * time:1:10 * To change this template use File | Settings | File Template*/ Public classSsldemo { Public Static voidMain (string[] args)throwsException {KeyStore KeyStore= Keystore.getinstance ("PKCS12"); Keystore.load (NewFileInputStream (NewFile ("c:\\users\\administrator\\desktop\\client.pfx")), "123456". ToCharArray ()); Sslcontext Sslcontext=Sslcontexts.custom ()//Ignore validation of server-side certificates. Loadtrustmaterial (NewTruststrategy () {@Override Public BooleanIsTrusted (x509certificate[] chain, String authtype)throwscertificateexception {returnChain.length = = 1; }}). loadkeymaterial (KeyStore,"123456". ToCharArray ()). build (); Sslconnectionsocketfactory sslconnectionsocketfactory=Newsslconnectionsocketfactory (Sslcontext,Newstring[]{"TLSv1"},                NULL, Sslconnectionsocketfactory.getdefaulthostnameverifier ()); Closeablehttpclient httpclient=Httpclients.custom (). Setsslsocketfactory (Sslconnectionsocketfactory). build (); Try{httpget HttpGet=NewHttpGet ("https://192.168.62.130/status.jsp"); System.out.println ("Executing request" +httpget.getrequestline ()); Closeablehttpresponse Response=Httpclient.execute (HttpGet); Try{httpentity entity=response.getentity ();                System.out.println (Response.getstatusline ());                System.out.println (Ioutils.tostring (Entity.getcontent ()));            Entityutils.consume (entity); } finally{response.close (); }        } finally{httpclient.close (); }    }}

The Sslcontexts.custom () method returns a Sslcontextbuilder instance to build Sslcontext, and the following is a list of methods for Sslcontextbuilder:

which
The Loadkeymaterial () overload method is used to load the client certificate
method to implement a trust policy, do not verify the server-side certificate),

When the httpclient is generated, the corresponding sslsocketfactory is specified, and then the GET request and the POST request sent using this httpclient are automatically appended with the certificate information

If we only need to ignore the validation of the server-side certificate, and do not need to send client certificate information, when building sslcontext, only need loadtrustmaterial () do not need loadkeymaterial ()

How clients trust only one server-side certificate information is written in a later article

How to use HttpClient to send a request with a client certificate, and how to ignore the checksum of the server-side certificate

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.