业务需求:旧项目需要支持TLS1.2访问外部,主要是以下两点要求
1.项目使用JDK1.6 需三方TLS1.2支持
2.项目使用Apache-httpCcomponent3.1,需贴合现有开发者习惯,防止他们扑街.
网上目前没找到现成的方案,自己搞定了.
解决方法如下:
1.得到支持TLS1.2的Socket工厂:
https://github.com/a--i--r/TLSSocketFactory
直接使用即可,依赖的是BouncyCastle三方加密库,感谢日本友人
2.将该工厂封装如下:
package my; import org.apache.commons.httpclient.ConnectTimeoutException; import org.apache.commons.httpclient.params.HttpConnectionParams; import org.apache.commons.httpclient.protocol.ProtocolSocketFactory; import third.tls.TLSSocket; import third.tls.TLSSocketFactory; import java.io.IOException; import java.net.InetAddress; import java.net.Socket; import java.net.UnknownHostException; /** * 代理一个工厂 * @author xing.yang01@hand-china.com */ public class TLS12ProtocolSocketFactory implements ProtocolSocketFactory { public static final TLSSocketFactory INNER_SOCKET_FACTORY = new TLSSocketFactory(true,6000); @Override public Socket createSocket(String host, int port, InetAddress localAddress, int localPort) throws IOException, UnknownHostException { Socket socket = INNER_SOCKET_FACTORY.createSocket(host, port, localAddress, localPort); //重点,这里手动handshake一下,重点 by xing.yang01@hand-china.com ((TLSSocket)socket).startHandshake(); return socket; } @Override public Socket createSocket(String host, int port, InetAddress localAddress, int localPort, HttpConnectionParams params) throws IOException, UnknownHostException, ConnectTimeoutException { Socket socket = INNER_SOCKET_FACTORY.createSocket(host, port, localAddress, localPort); ((TLSSocket)socket).startHandshake(); return socket; } @Override public Socket createSocket(String host, int port) throws IOException, UnknownHostException { Socket socket = INNER_SOCKET_FACTORY.createSocket(host, port); ((TLSSocket)socket).startHandshake(); return socket; } }
3.使用方法
import my.TLS12ProtocolSocketFactory; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.HttpMethod; import org.apache.commons.httpclient.methods.PostMethod; import org.apache.commons.httpclient.params.HttpMethodParams; import org.apache.commons.httpclient.protocol.Protocol; import java.io.IOException; public class Test { public static void main(String... args) throws IOException { TLS12ProtocolSocketFactory tls12ProtocolSocketFactory = new TLS12ProtocolSocketFactory(); Protocol.registerProtocol("https", new Protocol("https", tls12ProtocolSocketFactory, 443)); HttpClient httpClient=new HttpClient(); HttpMethod httpMethod=new PostMethod("https://www.baidu.com"); HttpMethodParams httpParams=new HttpMethodParams(); httpMethod.setParams(httpParams); try { httpClient.executeMethod(httpMethod); } catch (IOException e) { e.printStackTrace(); } String responseBodyAsString = httpMethod.getResponseBodyAsString(); } }
问题就解决了
JDK1.6 and Http-component3.1 支持 TLS1.2
原文:https://www.cnblogs.com/user-for-once/p/12093469.html