HttpClient 实现https访问

一，java使用 keytool工具创建证书

CMD窗口中运行 "keytool -genkey -alias "别名" -keyalg RSA -validity "有效时间" -keystore "生成证书路径"

二，配制tomcat支持ssl

在tomcat的config server.xml中打开 Connector结点

  <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
              &nbsp;maxThreads="150" scheme="https" secure="true"
               keystoreFile="yourPath/xx.keystore" keystorePass="yourPwd"
               clientAuth="false" sslProtocol="TLS" />

这里注意下，在tomcat6下

 protocol="HTTP/1.1 "   
<!-- 改为 -->
&nbsp;protocol="org.apache.coyote.http11.Http11Protocol"

否则起动会报错。

三，工程中web.xml配制

上两部己实现了ssl的访问 https://localst (443为https默认端口所以不用加端口号)就己是ssl安全通道中，但是我们还是可以通过http://localhost:port 访问，这里要让它http时自动成https

<security-constraint>
  <web-resource-collection>
   <web-resource-name>SSL</web-resource-name>
   <url-pattern>/xxx/*</url-pattern>
  </web-resource-collection>
  <user-data-constraint>
   <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

在url-pattern中配制的是你要拦截的请求路径，比如只想对login模块强制转成https，则可配 /login/*

四，此时让tomcat支持https己全部配制完成，浏览器第一次访问时因为是自己制作的证书可以会有安全信任问题，要添加例外。想要httpclient发送https的请求，则还需如下的步骤

五，从浏览器中导出让才的证书(crt,pem后缀都可以)然后用keytool工具导入keystore，命令如下：

keytool -import -alias "localhost" -file xxx.crt -keystore ooo.keystore

xxx.crt ： 刚从浏览器导出的证书

ooo.keystore ：命令生成的keystore文件

六，java代码 (不得不说httpclient3和4版本在使用上差异还很大，用习惯了3总感觉4并不太顺手)

public static String sendSSLRequest(String requestUrl) { 
    long responseLength = 0; // 响应长度
    String responseContent = null; // 响应内容
    HttpClient httpClient = new DefaultHttpClient(); // 创建默认的httpClient实例
    KeyStore trustStore = null; 
    InputStream fis = null; 
    HttpGet httpGet = null; 
    HttpResponse response = null; 
    try { 
        trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); 
        fis = HttpsBaseAction.class.getClassLoader().getResourceAsStream( 
                "my.keystore"); 
        trustStore.load(fis, "pwd".toCharArray()); // 加载KeyStore

        SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore); // 创建Socket工厂,将trustStore注入
        Scheme sch = new Scheme("https", 443, socketFactory); // 创建Scheme
        httpClient.getConnectionManager().getSchemeRegistry().register(sch); // 注册Scheme
        httpGet = new HttpGet(requestUrl); // 创建HttpGet

        Header headers[] = { new BasicHeader("myheader", "value") }; 
        httpGet.setHeaders(headers); // 设置头信息
         // 设置请求参数,get好像只能在url那里用?xx=xx传参(暂时没找到到别的可传参方法)

        // 如用post传参如下
        List<NameValuePair> formparams = new ArrayList<NameValuePair>();   
        formparams.add(new BasicNameValuePair("prameName", "value"));   
        UrlEncodedFormEntity uefEntity;   
        uefEntity = new UrlEncodedFormEntity(formparams,  HTTP.UTF_8);   
                    HttpPost post = new HttpPost(requestUrl); 
        post.setEntity(uefEntity); 
        post.setHeader("myheader", "value"); 
     
                    // response = httpClient.execute(post); // 执行POST请求
        response = httpClient.execute(httpGet); // 执行GET请求
        HttpEntity entity = response.getEntity(); // 获取响应实体
        if (null != entity) { 
            responseLength = entity.getContentLength(); 
            responseContent = EntityUtils.toString(entity, "UTF-8"); 
            EntityUtils.consume(entity); // Consume response content
        } 

        System.out.println("请求地址: " + httpGet.getURI()); 
        System.out.println("响应状态: " + response.getStatusLine()); 
        System.out.println("响应长度: " + responseLength); 
        System.out.println("响应内容: " + responseContent); 
    } catch (Exception e) { 
        e.printStackTrace(); 
    } finally { 
        try { 
            fis.close(); 
        } finally { 
            httpClient.getConnectionManager().shutdown(); // 关闭连接,释放资源
            return responseContent; 
        } 
    } 
}