Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to use RestTemplate to access https to achieve SSL request operation, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let Xiaobian take you to understand.

1. Add HttpsClientRequestFactory utility class import org.springframework.http.client.SimpleClientHttpRequestFactory;import javax.net.ssl.*;import java.io.IOException;import java.net.HttpURLConnection;import java.net.InetAddress;import java.net.Socket;import java.security.cert.X509Certificate / * the three functions of TLS: * (1) identity authentication * confirm the identity of the other party through certificate authentication to prevent man-in-the-middle attacks * (2) data privacy * encrypt the transmitted data with a symmetric key. Because the key is available only to the client / server, others cannot snoop. * (3) data integrity * use the digest algorithm to calculate the message and verify the value after receiving the message to prevent data from being tampered with or lost. * * HTTPS request access using RestTemplate: * private static RestTemplate restTemplate = new RestTemplate (new HttpsClientRequestFactory ()); * * / public class HttpsClientRequestFactory extends SimpleClientHttpRequestFactory {@ Override protected void prepareConnection (HttpURLConnection connection, String httpMethod) {try {if (! (connection instanceof HttpsURLConnection)) {throw new RuntimeException ("An instanceof HttpsURLConnection is expected");} HttpsURLConnection httpsConnection = (HttpsURLConnection) connection TrustManager [] trustAllCerts = new TrustManager [] {new X509TrustManager () {@ Override public java.security.cert.X509Certificate [] getAcceptedIssuers () {return null } @ Override public void checkClientTrusted (X509Certificate [] certs, String authType) {} @ Override public void checkServerTrusted (X509Certificate [] certs) String authType) {} SSLContext sslContext = SSLContext.getInstance ("TLS"); sslContext.init (null, trustAllCerts, new java.security.SecureRandom ()); httpsConnection.setSSLSocketFactory (new MyCustomSSLSocketFactory (sslContext.getSocketFactory (); httpsConnection.setHostnameVerifier (new HostnameVerifier () {@ Override public boolean verify (String s, SSLSession sslSession) {return true) }}); super.prepareConnection (httpsConnection, httpMethod);} catch (Exception e) {e.printStackTrace ();}} private static class MyCustomSSLSocketFactory extends SSLSocketFactory {private final SSLSocketFactory delegate; public MyCustomSSLSocketFactory (SSLSocketFactory delegate) {this.delegate = delegate;} / / returns the cipher suite enabled by default. Unless a list is enabled, these cipher suites are used for handshakes for SSL connections. / / minimum quality requirements for these default services confidentiality protection and server authentication @ Override public String [] getDefaultCipherSuites () {return delegate.getDefaultCipherSuites ();} / / the returned cipher suite can be used for the SSL connection enabled name @ Override public String [] getSupportedCipherSuites () {return delegate.getSupportedCipherSuites () } @ Override public Socket createSocket (final Socket socket, final String host, final int port, final boolean autoClose) throws IOException {final Socket underlyingSocket = delegate.createSocket (socket, host, port, autoClose); return overrideProtocol (underlyingSocket) } @ Override public Socket createSocket (final String host, final int port) throws IOException {final Socket underlyingSocket = delegate.createSocket (host, port); return overrideProtocol (underlyingSocket) } @ Override public Socket createSocket (final String host, final int port, final InetAddress localAddress, final int localPort) throws IOException {final Socket underlyingSocket = delegate.createSocket (host, port, localAddress, localPort); return overrideProtocol (underlyingSocket) } @ Override public Socket createSocket (final InetAddress host, final int port) throws IOException {final Socket underlyingSocket = delegate.createSocket (host, port); return overrideProtocol (underlyingSocket) } @ Override public Socket createSocket (final InetAddress host, final int port, final InetAddress localAddress, final int localPort) throws IOException {final Socket underlyingSocket = delegate.createSocket (host, port, localAddress, localPort); return overrideProtocol (underlyingSocket) } private Socket overrideProtocol (final Socket socket) {if (! (socket instanceof SSLSocket)) {throw new RuntimeException ("An instanceof SSLSocket is expected");} / ((SSLSocket) socket) .setEnabledProtocols (new String [] {"TLSv1.2"}) ((SSLSocket) socket) .setEnabledProtocols (new String [] {"TLSv1", "TLSv1.1", "TLSv1.2"}); return socket;}

Note: the server-side TLS version should be consistent with that defined in the client-side tool class. (TLSv1.2)

2. Modify RestTemplate

When in use, set the

Private static RestTemplate restTemplate = new RestTemplate ()

Change to:

Private static RestTemplate restTemplate = new RestTemplate (new HttpsClientRequestFactory ())

The other code remains the same.

You can also use injection:

@ Configurationpublic class ConfigBean {@ Bean public RestTemplate getRestTemplate () {return new RestTemplate (new HttpsClientRequestFactory ());}} 3, visit https and throw the exception

Javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure solution

Because the security mechanism of jce in jdk leads to the error reported, you need to download the corresponding jce package to replace the jce package in jdk on the official website of oracle.

Option 1: replace the local_policy.jar in the jce package directory% JAVA_HOME%\ jre\ lib\ security US_export_policy.jarJDK7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.htmlJDK8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html / / pub1:/home/myron/jdk1.7.0_80% cd $JAVA_HOME/jre/lib/security/ path US_export_policy.jarlocal_policy.jar of the jdk where jce resides II: upgrade JDK to version 1.8 This (recommended) / pub1:/home/myron% vi .cshrcsetenv JAVA_HOME / home/myron/jdk1.8.0_211// pub1:/home/myron% source .cshrc / / pub1:/home/myron% java-versionjava version "1.8.0Thank you for reading this article carefully. I hope the article "how to use RestTemplate to access https to achieve SSL request operation" shared by the editor will be helpful to everyone. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.