4种调用https服务的方式

8366

浏览: 799334 次
性别:
来自: 西安

最近访客更多访客>>

hzm7512

dd533

891379133

it_cailiao

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

博客分类：

point

Socket Linux Exchange RedHat XML

以前在网厅的时候，请求计费的账单开始使用的是httpclient,后来因为性能问题，换成了使用socket 发送http请求的方式，由于计费服务器端使用了redirect ，因此还需要从响应报文中得到Location 中的url,再次发送一次http请求才能完成整个业务逻辑！

Https 资源在访问的时候会让你输入用户名和密码

1.使用linux 的curl命令

[root@xhuvm03 ~]# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list

 <Users>
  <User>
    <isAdmin>1</isAdmin>
    <id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
    <name>tcloudadmin</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
  <User>
    <isAdmin>1</isAdmin>
    <id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
    <name>gaoyang</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
  <User>
    <isAdmin>1</isAdmin>
    <id>2d393438-9c8f-4704-8dfd-9f00fb7d7d18</id>
    <name>teststorage</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
</Users>
[root@xhuvm03 ~]#

-k/--insecure Allow connections to SSL sites without certs (H)

--basic Use HTTP Basic Authentication (H)

-u/--user <user[:password]> Set server user and password

-d/--data <data> HTTP POST data (H)

-H/--header <line> Custom header to pass to server (H)

方式2: 使用socket发送http请求字符串到https 服务上

curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.***/api/account.list -v

使用-v 选项可以看到http请求的过程和内容，可以作为我们拼 Http 请求字符串的依据

[root@xlhu-linux ~]# curl -k --basic --user "tcloudadmin:tcloud123" --data "" --header 'Content-Type: application/xml' https://123.124.189.196/api/account.list -v
* About to connect() to 123.124.189.xxx port 443
*   Trying 123.124.189.xxx... connected
* Connected to 123.124.189.xxx (123.124.189.xxx) port 443
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* SSLv2, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
*        start date: 2010-02-03 02:13:59 GMT
*        expire date: 2020-02-01 02:13:59 GMT
*        common name: CloudLego (does not match '123.124.189.xxx')
*        issuer: /C=TW/ST=Taipei City/L=Taipei/O=Trend Micro/OU=CloudLego/CN=CloudLego
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* Server auth using Basic with user 'tcloudadmin'
> POST /api/account.list HTTP/1.1
> Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: 123.124.189.xxx
> Accept: */*
> Content-Type: application/xml
> Content-Length: 0
> 
< HTTP/1.1 200 OK
< Date: Sun, 16 Jan 2011 11:40:25 GMT
< Server: Apache/2.2.15 (Fedora)
< Vary: Authorization
< Content-Type: text/xml; charset=utf-8
< Connection: close
< Transfer-Encoding: chunked
<Users>
  <User>
    <isAdmin>1</isAdmin>
    <id>f1ebe39d-d0b6-4292-b3cd-774bf945bf63</id>
    <name>tcloudadmin</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
  <User>
    <isAdmin>1</isAdmin>
    <id>653d60c5-dc7b-488a-a861-1c67873057fd</id>
    <name>gaoyang</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
  <User>
    <isAdmin>0</isAdmin>
    <id>2a228769-3b2d-4d26-b2c8-697c86f78b65</id>
    <name>test1234</name>
    <groupId>ce2666d0-6c95-47f3-a908-cadf333a214e</groupId>
  </User>
  <User>
    <isAdmin>1</isAdmin>
    <id>543ae799-df16-438d-9071-6618f5c09ba3</id>
    <name>test123</name>
    <groupId>be2e0f3a-7684-4b8e-b04d-6ee75aa3d099</groupId>
  </User>
  <User>
    <isAdmin>0</isAdmin>
    <id>3bbc0f32-4490-49fd-8944-751ae28c1073</id>
    <name>elaster-demo</name>
    <groupId>fb86fe86-210a-4242-b157-fce26ba41545</groupId>
  </User>
  <User>
    <isAdmin>0</isAdmin>
    <id>bd2636fa-b92e-47e8-b658-e540e9307839</id>
    <name>test11</name>
    <groupId>a2b2179a-8f96-420a-be59-1cc5d12394e3</groupId>
  </User>
  <User>
    <isAdmin>0</isAdmin>
    <id>4867561a-9566-4740-a3ce-4bf78289490c</id>
    <name>gavin</name>
    <groupId>237b3b70-5d13-4325-a5aa-83a28aabb693</groupId>
  </User>
</Users>
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
[root@xlhu-linux ~]#

这种方式调用要求掌握Http协议的请求格式，如果请求协议的格式错误，则不能得到正确的返回结果！

必须要知道的：

报文都由5个成员组成，其中请求报文的结构如下:
1、第1成员:请求行(Request-Line)或状态行(Status-line)
2、第2成员:通用头(General-Header)
3、第2成员:请求头(Request-Header)
4、第4成员:实体头(Entity-Header)
5、第5成员:实体主体(Entiry-Body)

b. 每个请求行都要以回车换行结尾

c. 协议结束的标志是 2个换行

c. 如果返回的响应有 location 字段，也就是重定向了需要我们根据location 字段重新发起请求

下面是一个socket 拼接 http请求字符串的例子

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.Socket;

import javax.net.ssl.SSLSocketFactory;


public class SocketHttpsClient
{
    public static void main(String[] args)  throws Exception
    {
    	String url="https://123.124.189.xxx:443/api/vm.list";
    	SSLSocketFactory ssf = (SSLSocketFactory) SSLSocketFactory.getDefault();
    	String reqMsg=getFirestRequestMsg(url);
		Socket socket=null;
		try {
			System.out.println("请求消息："+reqMsg);
			 socket = ssf.createSocket("123.124.189.xxx", 443);   
			
			PrintWriter tOut = new PrintWriter(new BufferedWriter(new OutputStreamWriter(socket.getOutputStream())));
		      tOut.write(reqMsg);
		      tOut.println();
		      tOut.flush();
		      System.out.println("消息发送成功!等待返回结果。。。");

		      BufferedReader tIn = new BufferedReader(new InputStreamReader(socket.getInputStream()));
		      String tLine = null;
		      StringBuilder sb=new StringBuilder();
		      while ((tLine = tIn.readLine()) != null) {
		        sb.append(tLine).append("\n");
		      }
		      System.out.println("返回内容："+sb.toString());
		  
		} catch (Exception e) {
			System.out.println(e);
			throw e;
		}finally{
			if(socket!=null){
				socket.close();
			}
		}
	}
	private static String getFirestRequestMsg(String url){
		StringBuilder reqMsg = new StringBuilder("")
		.append("POST ").append("/api/vm.list").append(" HTTP/1.1").append("\r\n")
		.append("Authorization: Basic dGNsb3VkYWRtaW46dGNsb3VkMTIz").append("\r\n")
		.append("User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5").append("\r\n")
		.append("Host: ").append("123.124.189.xxx").append("\r\n")
		.append("Accept: */*").append("\r\n")
		.append("Content-Type: application/xml").append("\r\n")
		.append("Content-Length: 0").append("\r\n")
		.append("\r\n")
		.append("\r\n");
		return reqMsg.toString();
	}
	
}

3. 使用HttpClient,首先直接访问 https://123.124.189.xxx/api/account.list ，使用firefox 的firebug插件拦截http请求和响应

package cn.com.xinli.test.httpclient;
import java.io.InputStream;

import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.NameValuePair;
import org.apache.commons.httpclient.methods.PostMethod;

 

public class TestHttps {

 
/**
 * 参考
 * http://wanglei0119.iteye.com/blog/607046
 */
    /**

     * @param args

     */

    public static void main(String[] args) {
    
    	HttpClient httpclient = new HttpClient();    
    	PostMethod postMethod = new PostMethod("https://123.124.189.xxx:443/api/vm.list");
    	NameValuePair[] data = {};

       try {

           postMethod.addRequestHeader("Content-Type","application/xml");

           postMethod.addRequestHeader("Authorization", "basic dGNsb3VkYWRtaW46dGNsb3VkMTIz");

           postMethod.setRequestBody(data);
   
           httpclient.executeMethod(postMethod);
           InputStream insr = postMethod.getResponseBodyAsStream();
           int respInt = insr.read();

            while (respInt != -1) {

                 System.out.print((char) respInt);

                 respInt = insr.read();
            }

       } catch (Exception e) {

           System.out.println(e.getLocalizedMessage());

       } finally {

           postMethod.releaseConnection();

       }
    }
}

运行这段代码会报一个错误 unable to find valid certification path to requested target

这个文章有解决方案：

http://wanglei0119.iteye.com/blog/607046

当使用正确生成的cert 后 httpclient 可以调用到https的服务了

方式4 ：还是使用httpclient ,使用 httpclient的 X509TrustManager 类，这种调用方式不需要客户端制作证书，很方便！

package com.platform.vmo.elasterAgent.elaster;
import java.io.InputStreamReader;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.DefaultHttpClient;

public class HttpClinetTest {
	public static void main(String[] args) throws Exception{
		// First create a trust manager that won't care.
		X509TrustManager trustManager = new X509TrustManager() {
			public void checkClientTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {
				// Don't do anything.
			}

			public void checkServerTrusted(X509Certificate[] chain,
					String authType) throws CertificateException {
				// Don't do anything.
			}

			public X509Certificate[] getAcceptedIssuers() {
				// Don't do anything.
				return null;
			}

		};
		// Now put the trust manager into an SSLContext.
		SSLContext sslcontext = SSLContext.getInstance("SSL");
		sslcontext.init(null, new TrustManager[] { trustManager }, null);

		// Use the above SSLContext to create your socket factory
		// (I found trying to extend the factory a bit difficult due to a
		// call to createSocket with no arguments, a method which doesn't
		// exist anywhere I can find, but hey-ho).
		SSLSocketFactory sf = new SSLSocketFactory(sslcontext);
		sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

		DefaultHttpClient httpclient = new DefaultHttpClient();
		httpclient.getConnectionManager().getSchemeRegistry().register(new Scheme("https", sf, 443));
		
		
		String requset ="https://180.168.35.140/api/vm.list";
		HttpPost httpPost = new HttpPost(requset);
		String result = "";
		// Execute HTTP request
		httpPost.setHeader("Authorization",	"basic " + "dGNsb3VkYWRtaW46dGNsb3VkMTIz"); 
		httpPost.setHeader("Content-type", "application/xml");

			StringEntity reqEntity;
		
			reqEntity = new StringEntity("");
			httpPost.setEntity(reqEntity);
			HttpResponse response = httpclient.execute(httpPost);
			HttpEntity resEntity = response.getEntity();
			InputStreamReader reader = new InputStreamReader(resEntity.getContent());

			char[] buff = new char[1024];
			int length = 0;
			while ((length = reader.read(buff)) != -1) {
				result += new String(buff, 0, length);
			}
			httpclient.getConnectionManager().shutdown();
			
			System.out.println(">>>:"+result);
		
		
		
		
	}
}

InstallCert.java.zip (2.6 KB)
下载次数: 83

分享到：

玩了一下 ssl-explorer vpn（未完待续) | 使用Ubuntu当桌面了

2011-01-05 23:45
浏览 8717
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论