java使用https主要就是设置下sslContext,sslContext初始化需要密钥管理器和信任管理器,密钥管理器用于管理本地证书和私钥,信任管理器用于验证远程服务器的证书,这两种管理器都需要KeyStore初始化,两种管理器可以按需只设置一种或者都设置,KeyStore就用到jks文件和密钥库密码;
另外密钥管理器还需要一个密钥密码;
demo:
http服务端:
/**
* 2023年7月19日上午10:43:42
*/
package testHttpSSL;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.security.KeyStore;
import java.util.concurrent.Executors;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
/**
* @author XWF
*
*/
public class TestHttpServerWithSSL {
/**
* @param args
*/
public static void main(String[] args) {
String storepass = "mystorepass"; //密钥库密码
String keypass = storepass; //密钥密码
try {
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(new FileInputStream("./testhttp.jks"), storepass.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); //管理本地证书和私钥
kmf.init(keystore, keypass.toCharArray() );
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); //验证远程服务器证书
tmf.init(keystore);
sslContext.init(kmf.getKeyManagers(), null, null);
System.out.println(keystore);
HttpsServer server = HttpsServer.create(new InetSocketAddress(4444), 0);
server.setHttpsConfigurator(new HttpsConfigurator(sslContext)); //设置ssl
server.createContext("/", new HttpHandler(){
@Override
public void handle(HttpExchange exchange) throws IOException {
String exchangeUrl = exchange.getRequestURI().toString().substring(1);
System.out.println("exchangeUrl=" + exchangeUrl);
System.out.println("BODY:" + new String(exchange.getRequestBody().readAllBytes()));
exchange.sendResponseHeaders(200, 0);
try(OutputStream os = exchange.getResponseBody()){
os.write("test return".getBytes());
} catch (Exception e) {
e.printStackTrace();
}
}
});
server.setExecutor(Executors.newCachedThreadPool());
server.start();
System.out.println("https server start");
} catch (Exception e) {
e.printStackTrace();
}
}
}
http客户端:
/**
* 2023年7月19日上午10:43:58
*/
package testHttpSSL;
import java.io.File;
import java.io.FileInputStream;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpClient.Version;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import java.security.KeyStore;
import java.time.Duration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
/**
* @author XWF
*
*/
public class TestHttpClientWithSSL {
/**
* @param args
*/
public static void main(String[] args) {
String storepass = "mystorepass";
String keypass = storepass;
try {
KeyStore keystore = KeyStore.getInstance("jks");
keystore.load(new FileInputStream("./testhttp.jks"), storepass.toCharArray());
SSLContext sslContext = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(keystore, keypass.toCharArray() );
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(keystore);
sslContext.init(null, tmf.getTrustManagers(), null);
System.out.println(keystore);
HttpClient client = HttpClient.newBuilder() //jdk11的httpclient
.version(Version.HTTP_1_1)
.sslContext(sslContext) //设置ssl
.build();
HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("https://127.0.0.1:4444/test?x=1&y=2"))
.timeout(Duration.ofMillis(1000))
.POST(BodyPublishers.ofByteArray("hello world".getBytes()))
.build();
HttpResponse<String> response = client.send(request, BodyHandlers.ofString());
System.out.println(response.statusCode());
System.out.println(response.body().toString());
} catch (Exception e) {
e.printStackTrace();
}
}
}
运行结果:
客户端:
服务端:
