The first method: the security certificate download and import-----------The traditional method, the advantage is high security, the disadvantage is that if the site replacement certificate, you have to re-download and import, not flexible
sudo keytool-import-noprompt-trustcacerts-alias ctsite-file/users/zhanghao/desktop/sslvpn.cer-keystore/library/ Java/javavirtualmachines/jdk1.8.0_40.jdk/contents/home/jre/lib
The second method: the non-trusted certificate connection, their own implementation of the certification of the site through the-----------a different way, the advantage is flexible, do not worry about the site certificate replacement or expiration caused system problems, the disadvantage is a little risk (in fact can be ignored), recommend the second method, the concrete implementation of the case as follows :
In the micro-bo real-name authentication needs to communicate with the third-party platform HTTPS, the other side because of the replacement of the website security certificate, resulting in the pass system connection failure, through the study found that the original method ( Using org.codehaus.xfire.transport.http.EasySSLProtocolSocketFactory) does not apply to the new security certificate Validation specification, so it is improved by becomes an unconditional trust pass when you make an HTTPS connection to a certificate-free web site to avoid future system problems due to security certificate replacement.
Original connection mode: (using Org.codehaus.xfire.transport.http.EasySSLProtocolSocketFactory)
Explanation of Easysslprotocolsocketfactory (online source), Keywords: self-registration certificate, should not be used in production environment
Protocolsocketfactory easy = new Easysslprotocolsocketfactory ();
Protocol Protocol = new Protocol ("https", easy, 443);
Protocol.registerprotocol ("https", Protocol);
Example of constructing httpclient
HttpClient HttpClient = new HttpClient ();
Httpclient.gethostconfiguration (). Sethost ("auth.cnidrz.cn", 443, protocol);
Httpclient.getparams (). Setparameter (Httpmethodparams.http_content_charset, "UTF-8");
Create an instance of the Get method
GetMethod GetMethod = new GetMethod (URL);
try{
Executive GetMethod
Bindpersonalid_directaction.trustallhttpscertificates ();//Do it first. This makes the site trusted
int statusCode = Httpclient.executemethod (GetMethod);
if (statusCode! = HTTPSTATUS.SC_OK) {
System.err.println ("Method failed:"
+ Getmethod.getstatusline ());
}
Read content
temp_id = Getmethod.getresponsebodyasstring ();
}catch (Exception e) {
E.printstacktrace ();
throw new Exception ("Authentication failed, Reason: [Authentication system Exception].");
}finally{
Release connection
Getmethod.releaseconnection ();
}
Existing connection mode: (Adopt implement X509trustmanager interface method)
HttpClient HttpClient = new Defaulthttpclient (); To create a default HttpClient instance
X509trustmanager XTM = new X509trustmanager () {//Create TrustManager
public void checkclienttrusted (x509certificate[] chain, String authtype) throws Certificateexception {}
public void checkservertrusted (x509certificate[] chain, String authtype) throws Certificateexception {}
Public x509certificate[] Getacceptedissuers () {return null;}
};
try {
TLS1.0 and SSL3.0 basically do not have much difference, can be roughly understood as TLS is the successor of SSL, but they use the same sslcontext
Sslcontext CTX = sslcontext.getinstance ("SSL"); -----------------Note: The test found that this must be an "SSL" instance instead of "TLS", the reason is unclear
Use TrustManager to initialize the context, TrustManager is only used by SSL sockets
Ctx.init (NULL, new TRUSTMANAGER[]{XTM}, NULL);
Create Sslsocketfactory
Sslsocketfactory socketfactory = new Sslsocketfactory (CTX);
Register sslsocketfactory with Schemeregistry on our httpclient
Httpclient.getconnectionmanager (). Getschemeregistry (). Register (New Scheme ("https", Socketfactory, 443));
Httpclient.getparams (). Setparameter (Httpmethodparams.http_content_charset, "UTF-8");
To create an instance of the HttpGet method
HttpGet httpget = new HttpGet (URL); Create HttpPost
HttpResponse response = Httpclient.execute (HttpGet);
Perform
if (Response.getstatusline (). Getstatuscode () = = 200)
{
Read content
httpentity entity = response.getentity (); Get response Entity
if (null! = entity) {
temp_id = entityutils.tostring (Entity, "UTF-8");
}
}else{
System.out.println ("Get temp_id, the authentication platform has an internal error!! ");
}
}catch (Exception e) {
E.printstacktrace ();
throw new Exception ("Authentication failed, Reason: [Authentication system Exception].");
}finally{
Release connection
Httpclient.getconnectionmanager (). Shutdown (); Close the connection and release the resource
}
PKIX Path Building failed problem when HTTPS connection occurs