四种调用https服务的方式
4种调用https服务的方式
以前在网厅的时候,请求计费的账单开始使用的是httpclient,后来因为性能问题,换成了使用socket 发送http请求的方式,由于计费服务器端使用了redirect ,因此还需要从响应报文中得到Location 中的url,再次发送一次http请求才能完成整个业务逻辑!
Https 资源在访问的时候会让你输入用户名和密码
1.使用linux 的curl命令
[root@xhuvm03 ~]# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list
<Users>
<User>
<isAdmin>1</isAdmin>
<id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
<name>tcloudadmin</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
<name>gaoyang</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>2d393438-9c8f-4704-8dfd-9f00fb7d7d18</id>
<name>teststorage</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
</Users>
[root@xhuvm03 ~]#
-k/--insecure Allow connections to SSL sites without certs (H)
--basic Use HTTP Basic Authentication (H)
-u/--user <user[:password]> Set server user and password
-d/--data <data> HTTP POST data (H)
-H/--header <line> Custom header to pass to server (H)
方式2: 使用socket发送http请求字符串到https 服务上
curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list -v
使用-v 选项可以 看到http请求的过程和内容,可以作为我们拼 Http 请求字符串的依据
[root@xlhu-linux ~]# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.196/api/account.list -v
* About to connect() to 123.124.189.xxx port 443
* Trying 123.124.189.xxx... connected
* Connected to 123.124.189.xxx (123.124.189.xxx) port 443
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
* start date: 2010-02-03 02:13:59 GMT
* expire date: 2020-02-01 02:13:59 GMT
* common name: CloudLego (does not match '123.124.189.xxx')
* issuer: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'tcloudadmin'
> POST /api/account.list HTTP/1.1
> Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 123.124.189.xxx
> Accept: */*
> Content-Type: application/xml
> Content-Length: 0
>
< HTTP/1.1 200 OK
< Date: Sun, 16 Jan 2011 11:40:25 GMT
< Server: Apache/2.2.15 (Fedora)
< Vary: Authorization
< Content-Type: text/xml; charset=utf-8
< Connection: close
< Transfer-Encoding: chunked
<Users>
<User>
<isAdmin>1</isAdmin>
<id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
<name>tcloudadmin</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
<name>gaoyang</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>2a228769-3b2d-4d26-b2c8-697c86f78b65</id>
<name>test1234</name>
<groupId>ce2666d0-6c95-47f3-a908-cadf333a214e</groupId>
</User>
<User>
<isAdmin>1</isAdmin>
<id>543ae799-df16-438d-9071-6618f5c09ba3</id>
<name>test123</name>
<groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>3bbc0f32-4490-49fd-8944-751ae28c1073</id>
<name>elaster-demo</name>
<groupId>fb86fe86-210a-4242-b157-fce26ba41545</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>bd2636fa-b92e-47e8-b658-e540e9307839</id>
<name>test11</name>
<groupId>a2b2179a-8f96-420a-be59-1cc5d12394e3</groupId>
</User>
<User>
<isAdmin>0</isAdmin>
<id>4867561a-9566-4740-a3ce-4bf78289490c</id>
<name>gavin</name>
<groupId>237b3b70-5d13-4325-a5aa-83a28aabb693</groupId>
</User>
</Users>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
[root@xlhu-linux ~]#
这种方式调用要求 掌握Http协议的请求 格式,如果请求协议的格式错误,则不能得到正确的返回结果!
必须要知道的:
a.
报文都由5个成员组成,其中请求报文的结构如下:
1、第1成员:请求行(Request-Line)或状态行(Status-line)
2、第2成员:通用头(General-Header)
3、第2成员:请求头(Request-Header)
4、第4成员:实体头(Entity-Header)
5、第5成员:实体主体(Entiry-Body)
b. 每个请求行都要以 回车换行结尾
c. 协议结束的标志是 2个换行
c. 如果返回的 响应有 location 字段,也就是重定向了 需要我们根据location 字段重新发起请求
下面是 一个socket 拼接 http请求字符串的 例子
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.Socket;
import javax.net.ssl.SSLSocketFactory;
public class SocketHttpsClient
{
public static void main(String[] args) throws Exception
{
String url="https://123.124.189.xxx:443/api/vm.list";
SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
String reqMsg=getFirestRequestMsg(url);
Socket socket=null;
try {
System.out.println("请求消息:"+reqMsg);
socket = ssf.createSocket("123.124.189.xxx", 443);
PrintWriter tOut = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream())));
tOut.write(reqMsg);
tOut.println();
tOut.flush();
System.out.println("消息发送成功!等待返回结果。。。");
BufferedReader tIn = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String tLine = null;
StringBuilder sb=new StringBuilder();
while ((tLine = tIn.readLine()) != null) {
sb.append(tLine).append("\n");
}
System.out.println("返回内容:"+sb.toString());
} catch (Exception e) {
System.out.println(e);
throw e;
}finally{
if(socket!=null){
socket.close();
}
}
}
private static String getFirestRequestMsg(String url){
StringBuilder reqMsg = new StringBuilder("")
.append("POST ").append("/api/vm.list").append(" HTTP/1.1").append("\r\n")
.append("Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz").append("\r\n")
.append("User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5").append("\r\n")
.append("Host: ").append("123.124.189.xxx").append("\r\n")
.append("Accept: */*").append("\r\n")
.append("Content-Type: application/xml").append("\r\n")
.append("Content-Length: 0").append("\r\n")
.append("\r\n")
.append("\r\n");
return reqMsg.toString();
}
}
3. 使用HttpClient,首先直接访问 https://123.124.189.xxx/api/account.list ,使用firefox 的firebug插件拦截http请求和响应
package cn.com.xinli.test.httpclient;
import java.io.InputStream;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;
public class TestHttps {
/**
* 参考
* http://wanglei0119.iteye.com/blog/607046
*/
/**
* @param args
*/
public static void main(String[] args) {
HttpClient httpclient = new HttpClient();
PostMethod postMethod = new PostMethod("https://123.124.189.xxx:443/api/vm.list");
NameValuePair[] data = {};
try {
postMethod.addRequestHeader("Content-Type","application/xml");
postMethod.addRequestHeader("Authorization", "basic dGNsb3VkYWRtaW46dGNsb3VkMTIz");
postMethod.setRequestBody(data);
httpclient.executeMethod(postMethod);
InputStream insr = postMethod.getResponseBodyAsStream();
int respInt = insr.read();
while (respInt != -1) {
System.out.print((char) respInt);
respInt = insr.read();
}
} catch (Exception e) {
System.out.println(e.getLocalizedMessage());
} finally {
postMethod.releaseConnection();
}
}
}
运行这段代码 会报一个错误 unable to find valid certification path to requested target
这个文章有解决方案 :
http://wanglei0119.iteye.com/blog/607046
当使用 正确生成的cert 后 httpclient 可以调用到https的服务了
方式4 :还是使用httpclient ,使用 httpclient的 X509TrustManager 类,这种调用方式不需要客户端制作证书,很方便!
package com.platform.vmo.elasterAgent.elaster;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;
public class HttpClinetTest {
public static void main(String[] args) throws Exception{
// First create a trust manager that won't care.
X509TrustManager trustManager = new X509TrustManager() {
public void checkClientTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Don't do anything.
}
public void checkServerTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
// Don't do anything.
}
public X509Certificate[] getAcceptedIssuers() {
// Don't do anything.
return null;
}
};
// Now put the trust manager into an SSLContext.
SSLContext sslcontext = SSLContext.getInstance("SSL");
sslcontext.init(null, new TrustManager[] { trustManager }, null);
// Use the above SSLContext to create your socket factory
// (I found trying to extend the factory a bit difficult due to a
// call to createSocket with no arguments, a method which doesn't
// exist anywhere I can find, but hey-ho).
SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", sf, 443));
String requset ="https://180.168.35.140/api/vm.list";
HttpPost httpPost = new HttpPost(requset);
String result = "";
// Execute HTTP request
httpPost.setHeader("Authorization", "basic " + "dGNsb3VkYWRtaW46dGNsb3VkMTIz");
httpPost.setHeader("Content-type", "application/xml");
StringEntity reqEntity;
reqEntity = new StringEntity("");
httpPost.setEntity(reqEntity);
HttpResponse response = httpclient.execute(httpPost);
HttpEntity resEntity = response.getEntity();
InputStreamReader reader = new InputStreamReader(resEntity.getContent());
char[] buff = new char[1024];
int length = 0;
while ((length = reader.read(buff)) != -1) {
result += new String(buff, 0, length);
}
httpclient.getConnectionManager().shutdown();
System.out.println(">>>:"+result);
}
}