Bypass certificate access Https

Implementation ideas
1. Rewrite certificate trust manager (javax.net.ssl.X509TrustManager)
2. Build socket session factory
3. Apache encapsulates ssl connection project
4. Build Http client
5. Client sets access connection and parameters
6 , trigger access

rely

<dependency>
        <groupId>commons-io</groupId>
        <artifactId>commons-io</artifactId>
        <version>2.6</version>
    </dependency>

source code

package com.zhicheng.utils;



import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.nio.charset.Charset;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.HttpClient;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.alibaba.fastjson.JSONObject;

/**
 * 1、非加密https
 * 2、忽略服务端正式的合法性
 * @author wb-zcf274530
 *
 */
public class HttpClientUtils {

    private static Logger logger = LoggerFactory.getLogger(HttpClientUtils.class);

    private static final String[] IMAGE_CONTENT_TYPE = {"","","",""}; 
    /**
     * TODO 总觉得异常时返回默认是不妥的，模式具有二义性
     * @return
     */
    private static CloseableHttpClient createSSLClientDefault(){
        //重写是否对服务端证书进行校验
        X509TrustManager x509mgr = new X509TrustManager() {

            //检查客户端证书，若不信任该证书则抛出异常
            public void checkClientTrusted(X509Certificate[] xcs, String string) {
            }
            //检查服务端证书，如不信任该证书则抛出异常
            public void checkServerTrusted(X509Certificate[] xcs, String string) {
            }
            //返回受信任的X509证书
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };

        //实例化安全套接字工厂
        SSLContext sslContext = null;
        try {
            sslContext = SSLContext.getInstance("TLS");
            //用自定义的证书管理器初始化
            sslContext.init(null, new TrustManager[] { x509mgr }, null);
            //构建套接字连接工厂
            SSLConnectionSocketFactory sslsf = 
            new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
            //使用自定义的证书管理器连接工厂创建http客户端
            return HttpClients.custom().setSSLSocketFactory(sslsf).build();
        } catch (KeyManagementException |NoSuchAlgorithmException e) {
            logger.error("create SSLClient with custom TrustManager fail",e);
        } 

        //创建默认HTTP客户端
        /**
         * maybe,this branch should not exist.
         * it make the method two sense!
        */
        return  HttpClients.createDefault();

    }

    public static String sendSSLPostRequestWithoutVerify02(String reqURL, Map<String, String> params) throws ClientProtocolException, IOException {
        String responseStr = "";
        HttpClient httpClient = createSSLClientDefault();

        //构造一个post请求
        HttpPost httpPost = new HttpPost(reqURL);
        //设置请求参数
        List<NameValuePair> formParams = new ArrayList();
        Iterator var11 = params.entrySet().iterator();
        while(var11.hasNext()) {
            Entry<String, String> entry = (Entry)var11.next();
            formParams.add(new BasicNameValuePair((String)entry.getKey(), (String)entry.getValue()));
        }

        try {
            httpPost.setEntity(new UrlEncodedFormEntity(formParams, "UTF-8"));
        } catch (UnsupportedEncodingException e) {
            //will no happen!
        }
        try {
            //Dose the reposne has a statusCode? 
            HttpResponse response = httpClient.execute(httpPost);
            HttpEntity entity = response.getEntity();
            if(null!=entity) {
                //ContentType.getOrDefault(entity); 返回content-type
                responseStr = EntityUtils.toString(entity, "UTF-8");
                EntityUtils.consume(entity);
            }
        }  finally {
            try {
                if(httpClient!=null) {
                    ((CloseableHttpClient)httpClient).close();
                }
            } catch (IOException e) {
                //ignore 
            };
        }
        return responseStr;
    }

    public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException, IOException {
        String imageUrl = "https://image.baidu.com/search/down?tn=download&word=download&ie=utf8&fr=detail&url=https%3A%2F%2Ftimgsa.baidu.com%2Ftimg%3Fimage%26quality%3D80%26size%3Db10000_10000%26sec%3D1525397679%26di%3D5d7896865aa65ab36eb1759843a6a22b%26src%3Dhttp%3A%2F%2Fimg5.duitang.com%2Fuploads%2Fitem%2F201411%2F13%2F20141113131626_QUA2n.png";
        String strUrl = "https://blog.csdn.net/jeanflower/article/details/74494136";
        Map<String,String> params = new HashMap<String,String>();
        //params.put("resourceId", "daec345f-d90b-4fd7-948d-930faa423e44");
        //params.put("resourceName", "123.docx");
        //params.put("ossServiceCode", "antis_contract_default_oss");
        String reponseStr = sendSSLPostRequestWithoutVerify02(imageUrl,params);
        logger.debug(reponseStr);
         /*X509TrustManager x509mgr = new X509TrustManager() {

             //
             public void checkClientTrusted(X509Certificate[] xcs, String string) {
             }
             // 
             public void checkServerTrusted(X509Certificate[] xcs, String string) {
             }
             // 
             public X509Certificate[] getAcceptedIssuers() {
                 return null;
             }
         };
        SSLContext sslContext = SSLContext.getInstance("SSL","SunJSSE");
        sslContext.init(null, new X509TrustManager[]{x509mgr}, new java.security.SecureRandom());

        //从上述SSLContext对象中得到SSLSocketFactory对象
        SSLSocketFactory ssf = sslContext.getSocketFactory();
        URL url = new URL("https://www.baidu.com/");
        //创建HttpsURLConnection对象，并设置其SSLSocketFactory对象
        HttpsURLConnection httpsConn = (HttpsURLConnection)url.openConnection();
        httpsConn.setSSLSocketFactory(ssf);
        System.out.println(JSONObject.toJSONString(httpsConn.getContent()));*/
    }
}

    }
}