【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证-Windows系列-PHP中文网

单向验证：

第一步：生成密钥：

在单向验证中，首先需要生成一个密钥。以下是生成密钥的命令：

keytool -genkey -alias mykey -keyalg RSA -keystore d:/key/testkey
keytool -export -file d:/key/testkey.crt -alias mykey -keystore d:/key/testkey

登录后复制

【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证

由于是在本地进行测试，请修改本地的hosts文件，路径为C:\Windows\System32\drivers\etc\hosts，添加以下内容：

# localhost name resolution is handled within DNS itself.
#    127.0.0.1       localhost
#    ::1             localhost
127.0.0.1 www.xiaochangwei.com

登录后复制

这样就可以通过域名进行访问。

第二步：配置Tomcat

在Tomcat的配置文件中，找到并启用HTTPS连接器。以下是基本的配置：

<Connector clientAuth="false" keystoreFile="D:\key\testKey" keystorePass="123456" maxThreads="150" port="8448" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" ssLEnabled="true" sslProtocol="TLS"></Connector>

登录后复制

请注意，这段代码默认是注释掉的，需要手动取消注释。根据需要可以修改默认的端口，默认端口为8443。

在非Windows环境下，可能会遇到找不到密钥或密钥强度不足的问题，导致Tomcat无法正常启动或页面无法访问。解决方法如下：

为密钥文件添加后缀，以便非Windows环境识别。
增加密钥的复杂度。

完整配置如下：

<Connector ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA" clientAuth="false" keystoreFile="/opt/apache-tomcat-7.0.64/testkey.keystore" keystorePass="123456" maxThreads="150" port="443" protocol="HTTP/1.1" scheme="https" secure="true" ssLEnabled="true" sslProtocol="TLS"></Connector>

登录后复制

第三步：发布项目

【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证

项目已经成功发布，且端口可用。测试端口情况：

【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证

采风问卷

采风问卷是一款全新体验的调查问卷、表单、投票、评测的调研平台，新奇的交互形式，漂亮的作品，让客户眼前一亮，让创作者获得更多的回复。

查看详情

从测试结果看，端口可以正常访问，证明部署成功。

参考资料：https://www.php.cn/link/813c26fc0c3bf64573a10eafb3f8e5ee

双向验证

在双向验证中，需要生成服务器和客户端的证书，并进行相互信任配置。以下是相关的命令：

为服务器生成证书
keytool -genkey -v -alias server -keyalg RSA -keystore d:\key2\server.keystore -validity 36500
<p>为客户端生成证书
keytool -genkey -v -alias client -keyalg RSA -storetype PKCS12 -keystore d:\key2\client.key.p12</p><p>导入客户端证书让服务器信任客户端证书</p><ol><li><p>先把客户端证书导出为cer文件格式
keytool -export -alias client -keystore d:\key2\client.key.p12 -storetype PKCS12 -storepass 123456 -rfc -file d:\key2\client.key.cer</p></li><li><p>将客户端cer导入到服务器证书库
keytool -import -v -file d:\key2\client.key.cer -keystore d:\key2\server.keystore</p></li><li><p>查看安装结果
keytool -list -keystore d:\key2\server.keystore</p></li></ol><p>让客户端信任服务器证书</p><ol><li><p>把服务器证书导出为cer文件
keytool -keystore d:\key2\server.keystore -export -alias server -file d:\key2\server.cer</p></li><li><p>在客户端安装服务器证书
选择受信任的根证书颁发机构</p></li></ol><p>配置Tomcat
<Connector clientAuth="true" keystoreFile="D:\key2\server.keystore" keystorePass="123456" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" secure="true" ssLEnabled="true" sslProtocol="TLS" truststoreFile="D:\key2\server.keystore" truststorePass="123456"></Connector>

登录后复制

HTTP接口的调用本质上是通过地址建立连接，获取返回信息或发送请求数据，完成业务逻辑后关闭连接。可以使用原生态的接口调用方式或采用RESTful风格进行调用。如果需要调用多个HTTP接口，建议使用RESTful进行统一管理，使代码更加清晰。

在调用HTTPS接口时，如果对方项目使用双向验证，则需要提供证书和密码等信息。以下是绕过HTTPS验证的参考代码：

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;</p><p>public class HttpsClient {
static public HttpClient newHttpsClient() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
HttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
HttpConnectionParams.setConnectionTimeout(params, 10000);
HttpConnectionParams.setSoTimeout(params, 10000);
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
registry.register(new Scheme("https", sf, 443));
ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
return new DefaultHttpClient(ccm, params);
} catch (Exception e) {
return new DefaultHttpClient();
}
}</p><pre class="brush:php;toolbar:false;"><pre class="brush:php;toolbar:false;">private static class MySSLSocketFactory extends SSLSocketFactory {
    SSLContext sslContext = SSLContext.getInstance("TLS");

    public MySSLSocketFactory(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);
        TrustManager tm = new X509TrustManager() {
            public void checkClientTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            public void checkServerTrusted(X509Certificate[] chain, String authType)
                    throws CertificateException {
            }

            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        sslContext.init(null, new TrustManager[] { tm }, null);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port, boolean autoClose)
            throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
    }

    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

登录后复制

}

受此启发，在使用RESTful风格进行HTTP接口调用时，可以通过修改初始化的HttpClient来实现。以下是RESTful风格的HTTP接口调用示例代码，注意需要引入RestTemplate（在spring-web.jar中）：

package com.xxx.rpc.restclient.utils;</p><p>import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;</p><p>@SuppressWarnings("deprecation")
public class HttpClientUtils {
private static Logger logger = LoggerFactory.getLogger(HttpClientUtils.class);</p><pre class="brush:php;toolbar:false;"><pre class="brush:php;toolbar:false;">private static String HTTP_PROTOCOL = "https://";

public static ResponseEntity<String> Execute(FrontInfo frontInfo) {
    HttpClient httpClient = null;

    try {
        KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
        trustStore.load(null, null);

        SSLSocketFactory sf = new MySSLSocketFactory(trustStore);
        sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), Integer.valueOf(frontInfo.getPort())));
        registry.register(new Scheme("https", sf, Integer.valueOf(frontInfo.getPort())));

        ClientConnectionManager ccm = new ThreadSafeClientConnManager(registry);
        httpClient = new DefaultHttpClient(ccm);
    } catch (Exception e) {
        logger.info("httpclient创建错误.");
    }

    HttpComponentsClientHttpRequestFactory httpComponentsClientHttpRequestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
    httpComponentsClientHttpRequestFactory.setConnectTimeout(120 * 1000);
    httpComponentsClientHttpRequestFactory.setReadTimeout(120 * 1000);
    RestTemplate rt = new RestTemplate(httpComponentsClientHttpRequestFactory);
    String url = HttpClientUtils.generateUrl(frontInfo);

    HttpEntity<String> requestEntity = HttpClientUtils.generateHttpEntity(frontInfo);

    try {
        System.out.println("httpMethod = " + frontInfo.getHttpMethod());
        System.out.println("url = " + url);
        System.out.println("requestEntity = " + requestEntity);

        ResponseEntity<String> responseEntity =
                rt.exchange(url, frontInfo.getHttpMethod(), requestEntity, String.class);

        logger.debug("responseEntity = [{}].", responseEntity);
        System.out.println("responseEntity = " + responseEntity);
        return responseEntity;
    } catch (Exception e) {
        System.out.println("info: " + e.getMessage());
        logger.debug("error info:  = [{}].", e.getMessage());
        return generateRespWhenException(e);
    }
}

登录后复制

}

由于这是商业项目的代码，这里仅展示部分代码。通过这个示例可以完全掌握RESTful相关技术。需要解释的是：

frontInfo是一个通用的参数对象，用于确保接口调用方式统一，包含各接口需要的参数名等，如IP、端口、URL、方法、用户名等。
generateUrl方法根据通用参数对象及条件生成具体的URL，如<a href="https://www.php.cn/link/b7c341015338340fc8cc5c21e0473579">https://www.php.cn/link/b7c341015338340fc8cc5c21e0473579</a>。
generateHttpEntity方法根据具体业务需求增加一些通用的头信息。
exchange方法执行具体的请求，返回ResponseEntity<String>，然后根据具体业务返回，进行解析。
调用后解析返回信息大致如下，解析其中的body：

JSONObject object = JSONObject.parseObject(response.getBody().toString());
JSONObject userJson = JSONObject.parseObject(object.getString("user"));
String uuid = userJson.getString("id");

登录后复制

至此，RESTful使用方式介绍完毕。

以上就是【tomcat】HTTPS访问配置 + restful调用远程HTTPS绕过验证的详细内容，更多请关注php中文网其它相关文章！