/**
* Key store 类型HttpClient
*
* @param keystore keystore
* @param keyPassword keyPassword
* @param supportedProtocols supportedProtocols
* @param timeout timeout
* @param retryExecutionCount retryExecutionCount
* @return CloseableHttpClient
*/
public static CloseableHttpClient createKeyMaterialHttpClient(
KeyStore keystore,
String keyPassword,
String[] supportedProtocols,
int timeout,
int retryExecutionCount) {
try {
SSLContext sslContext =
SSLContexts.custom()
.useSSL()
.loadKeyMaterial(keystore, keyPassword.toCharArray())
.build();
SSLConnectionSocketFactory sf =
new SSLConnectionSocketFactory(
sslContext,
supportedProtocols,
null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
SocketConfig socketConfig = SocketConfig.custom().setSoTimeout(timeout).build();
return HttpClientBuilder.create()
.setDefaultSocketConfig(socketConfig)
.setSSLSocketFactory(sf)
.setRetryHandler(new HttpRequestRetryHandlerImpl(retryExecutionCount))
.build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
return null;
}
/**
* Create SSL context and initialize it using specific trust manager.
*
* @param trustManager trust manager
* @return initialized SSL context
* @throws GeneralSecurityException on security error
*/
public static SSLContext createSslContext(TrustManager trustManager)
throws GeneralSecurityException {
EwsX509TrustManager x509TrustManager = new EwsX509TrustManager(null, trustManager);
SSLContext sslContext = SSLContexts.createDefault();
sslContext.init(null, new TrustManager[] {x509TrustManager}, null);
return sslContext;
}
/**
* @param maxTotal maxTotal
* @param maxPerRoute maxPerRoute
* @param timeout timeout
* @param retryExecutionCount retryExecutionCount
* @return
*/
public static CloseableHttpClient createHttpClient(
int maxTotal, int maxPerRoute, int timeout, int retryExecutionCount) {
try {
SSLContext sslContext = SSLContexts.custom().useSSL().build();
SSLConnectionSocketFactory sf =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager =
new PoolingHttpClientConnectionManager();
poolingHttpClientConnectionManager.setMaxTotal(maxTotal);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(maxPerRoute);
SocketConfig socketConfig = SocketConfig.custom().setSoTimeout(timeout).build();
poolingHttpClientConnectionManager.setDefaultSocketConfig(socketConfig);
return HttpClientBuilder.create()
.setConnectionManager(poolingHttpClientConnectionManager)
.setSSLSocketFactory(sf)
.setRetryHandler(new HttpRequestRetryHandlerImpl(retryExecutionCount))
.build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
private SSLContext createSSLContext(final SSLContextService service)
throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException,
KeyManagementException, UnrecoverableKeyException {
SSLContextBuilder builder = SSLContexts.custom();
final String trustFilename = service.getTrustStoreFile();
if (trustFilename != null) {
final KeyStore truststore = KeyStore.getInstance(service.getTrustStoreType());
try (final InputStream in = new FileInputStream(new File(service.getTrustStoreFile()))) {
truststore.load(in, service.getTrustStorePassword().toCharArray());
}
builder = builder.loadTrustMaterial(truststore, new TrustSelfSignedStrategy());
}
final String keyFilename = service.getKeyStoreFile();
if (keyFilename != null) {
final KeyStore keystore = KeyStore.getInstance(service.getKeyStoreType());
try (final InputStream in = new FileInputStream(new File(service.getKeyStoreFile()))) {
keystore.load(in, service.getKeyStorePassword().toCharArray());
}
builder = builder.loadKeyMaterial(keystore, service.getKeyStorePassword().toCharArray());
}
SSLContext sslContext = builder.build();
return sslContext;
}
public static String wechatPost(String url, String params, InputStream keyStream)
throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
try {
keyStore.load(keyStream, WeixinConfig.MCH_ID.toCharArray());
} finally {
keyStream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext =
SSLContexts.custom().loadKeyMaterial(keyStore, WeixinConfig.MCH_ID.toCharArray()).build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf =
new SSLConnectionSocketFactory(
sslcontext,
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
try {
String resp = "";
HttpPost httpPost = new HttpPost(url);
StringEntity ent = new StringEntity(params, "utf-8");
ent.setContentType("application/x-www-form-urlencoded");
httpPost.setEntity(ent);
CloseableHttpResponse response = httpclient.execute(httpPost);
try {
HttpEntity entity = response.getEntity();
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
BufferedReader bufferedReader =
new BufferedReader(new InputStreamReader(entity.getContent()));
String text;
while ((text = bufferedReader.readLine()) != null) {
resp += text;
}
}
EntityUtils.consume(entity);
return resp;
} catch (Exception e) {
} finally {
response.close();
}
} finally {
httpclient.close();
}
return null;
}
private DockerCertificates(final Builder builder) throws DockerCertificateException {
if ((builder.caCertPath == null)
|| (builder.clientCertPath == null)
|| (builder.clientKeyPath == null)) {
throw new DockerCertificateException(
"caCertPath, clientCertPath, and clientKeyPath must all be specified");
}
try {
final CertificateFactory cf = CertificateFactory.getInstance("X.509");
final Certificate caCert = cf.generateCertificate(Files.newInputStream(builder.caCertPath));
final Certificate clientCert =
cf.generateCertificate(Files.newInputStream(builder.clientCertPath));
final PEMKeyPair clientKeyPair =
(PEMKeyPair)
new PEMParser(
Files.newBufferedReader(builder.clientKeyPath, Charset.defaultCharset()))
.readObject();
final PKCS8EncodedKeySpec spec =
new PKCS8EncodedKeySpec(clientKeyPair.getPrivateKeyInfo().getEncoded());
final KeyFactory kf = KeyFactory.getInstance("RSA");
final PrivateKey clientKey = kf.generatePrivate(spec);
final KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
trustStore.setEntry("ca", new KeyStore.TrustedCertificateEntry(caCert), null);
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("client", clientCert);
keyStore.setKeyEntry("key", clientKey, KEY_STORE_PASSWORD, new Certificate[] {clientCert});
this.sslContext =
SSLContexts.custom()
.loadTrustMaterial(trustStore)
.loadKeyMaterial(keyStore, KEY_STORE_PASSWORD)
.useTLS()
.build();
} catch (CertificateException
| IOException
| NoSuchAlgorithmException
| InvalidKeySpecException
| KeyStoreException
| UnrecoverableKeyException
| KeyManagementException e) {
throw new DockerCertificateException(e);
}
}
public static HttpClient createHttpClient() {
try {
SSLContext sslContext = SSLContexts.custom().useSSL().build();
SSLConnectionSocketFactory sf =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
return HttpClientBuilder.create().setSSLSocketFactory(sf).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
protected SSLConnectionSocketFactory getSSLConnectionSocketFactory() {
SSLContextBuilder sslContextBuilder = SSLContexts.custom();
SSLContext sslContext = null;
try {
sslContextBuilder.loadTrustMaterial(_keyStore);
sslContext = sslContextBuilder.build();
sslContext.init(null, new TrustManager[] {new X509TrustManagerImpl()}, null);
} catch (Exception e) {
throw new RuntimeException(e);
}
return new SSLConnectionSocketFactory(
sslContext,
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
}
public static HttpClient createHttpClient(int maxTotal, int maxPerRoute) {
try {
SSLContext sslContext = SSLContexts.custom().useSSL().build();
SSLConnectionSocketFactory sf =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager =
new PoolingHttpClientConnectionManager();
poolingHttpClientConnectionManager.setMaxTotal(maxTotal);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(maxPerRoute);
return HttpClientBuilder.create()
.setConnectionManager(poolingHttpClientConnectionManager)
.setSSLSocketFactory(sf)
.build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return null;
}
/**
* Key store 类型HttpClient
*
* @param keystore
* @param keyPassword
* @param supportedProtocols
* @param maxTotal
* @param maxPerRoute
* @return
*/
public static HttpClient createKeyMaterialHttpClient(
KeyStore keystore,
String keyPassword,
String[] supportedProtocols,
int maxTotal,
int maxPerRoute) {
try {
SSLContext sslContext =
SSLContexts.custom()
.useSSL()
.loadKeyMaterial(keystore, keyPassword.toCharArray())
.build();
SSLConnectionSocketFactory sf =
new SSLConnectionSocketFactory(
sslContext,
supportedProtocols,
null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
PoolingHttpClientConnectionManager poolingHttpClientConnectionManager =
new PoolingHttpClientConnectionManager();
poolingHttpClientConnectionManager.setMaxTotal(maxTotal);
poolingHttpClientConnectionManager.setDefaultMaxPerRoute(maxPerRoute);
return HttpClientBuilder.create()
.setConnectionManager(poolingHttpClientConnectionManager)
.setSSLSocketFactory(sf)
.build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
return null;
}
/** HttpClient连接SSL */
public void ssl() {
CloseableHttpClient httpclient = null;
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("d:\\tomcat.keystore"));
try {
// 加载keyStore d:\\tomcat.keystore
trustStore.load(instream, "123456".toCharArray());
} catch (CertificateException e) {
e.printStackTrace();
} finally {
try {
instream.close();
} catch (Exception ignore) {
}
}
// 相信自己的CA和所有自签名的证书
SSLContext sslcontext =
SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
// 只允许使用TLSv1协议
SSLConnectionSocketFactory sslsf =
new SSLConnectionSocketFactory(
sslcontext,
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
// 创建http请求(get方式)
HttpGet httpget = new HttpGet("https://localhost:8443/myDemo/Ajax/serivceJ.action");
System.out.println("executing request" + httpget.getRequestLine());
CloseableHttpResponse response = httpclient.execute(httpget);
try {
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (entity != null) {
System.out.println("Response content length: " + entity.getContentLength());
System.out.println(EntityUtils.toString(entity));
EntityUtils.consume(entity);
}
} finally {
response.close();
}
} catch (ParseException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} finally {
if (httpclient != null) {
try {
httpclient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
public EasyHttpClient() {
CookieSpecProvider easySpecProvider =
new CookieSpecProvider() {
public CookieSpec create(HttpContext context) {
return new BrowserCompatSpec() {
public void validate(Cookie cookie, CookieOrigin origin)
throws MalformedCookieException {}
};
}
};
SSLContext sslContext = SSLContexts.createDefault(); // 忽略证书主机名验证
SSLConnectionSocketFactory sslsf =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Registry<ConnectionSocketFactory> reg =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", sslsf)
.build();
connectionManager = new PoolingHttpClientConnectionManager(reg);
connectionManager.setDefaultMaxPerRoute(100); // 同一个路由允许最大连接数
// connectionManager.setMaxTotal(poolSize);
HttpHost localhost = new HttpHost("locahost", 80); // 如果是多网卡,这里选择出口IP?
connectionManager.setMaxPerRoute(new HttpRoute(localhost), 50);
Registry<CookieSpecProvider> r =
RegistryBuilder.<CookieSpecProvider>create()
.register(CookieSpecs.BEST_MATCH, new BestMatchSpecFactory())
.register(CookieSpecs.BROWSER_COMPATIBILITY, new BrowserCompatSpecFactory())
.register("easy", easySpecProvider)
.build();
RequestConfig requestConfig =
RequestConfig.custom()
.setCookieSpec("easy")
.setSocketTimeout(10000)
.setConnectTimeout(10000)
.build();
ConnectionConfig connectioncfg = ConnectionConfig.custom().setCharset(Charsets.UTF_8).build();
SocketConfig socketConfig =
SocketConfig.custom().setSoKeepAlive(true).setTcpNoDelay(true).build();
HttpRequestRetryHandler myRetryHandler =
new HttpRequestRetryHandler() {
public boolean retryRequest(
IOException exception, int executionCount, HttpContext context) {
if (executionCount >= 3) {
return false;
}
if (exception instanceof SSLHandshakeException) {
return false;
} else {
return true;
}
}
};
HttpClientBuilder builder =
HttpClients.custom() // 默认
.setConnectionManager(connectionManager) // 链接管理器
.setDefaultSocketConfig(socketConfig) // socket管理器
.setRetryHandler(myRetryHandler) // 重试3次
.setDefaultConnectionConfig(connectioncfg) // 链接配置,如默认字符编码
.setDefaultCookieSpecRegistry(r) // cookie策略
.setUserAgent(Chorme_User_Agent) // 浏览器请求头
.setDefaultRequestConfig(requestConfig) // 链接配置,超时等
.setDefaultCookieStore(cookieStore); // cookie
builder.addInterceptorFirst(
new HttpRequestInterceptor() {
public void process(final HttpRequest request, final HttpContext context)
throws HttpException, IOException {
if (!request.containsHeader("Accept-Encoding")) {
request.addHeader("Accept-Encoding", "gzip");
}
}
});
httpclient = builder.build();
}
/**
* Returns the HttpClient through which the REST call is made. Uses an unsafe TrustStrategy in
* case the user specified a HTTPS URL and set the ignoreUnverifiedSSLPeer flag.
*
* @param logger the logger to log messages to
* @return the HttpClient
*/
private HttpClient getHttpClient(PrintStream logger) throws Exception {
boolean ignoreUnverifiedSSL = ignoreUnverifiedSSLPeer;
String stashServer = stashServerBaseUrl;
DescriptorImpl descriptor = getDescriptor();
if ("".equals(stashServer) || stashServer == null) {
stashServer = descriptor.getStashRootUrl();
}
if (!ignoreUnverifiedSSL) {
ignoreUnverifiedSSL = descriptor.isIgnoreUnverifiedSsl();
}
URL url = new URL(stashServer);
HttpClientBuilder builder = HttpClientBuilder.create();
if (url.getProtocol().equals("https") && ignoreUnverifiedSSL) {
// add unsafe trust manager to avoid thrown
// SSLPeerUnverifiedException
try {
TrustStrategy easyStrategy =
new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
return true;
}
};
SSLContext sslContext =
SSLContexts.custom().loadTrustMaterial(null, easyStrategy).useTLS().build();
SSLConnectionSocketFactory sslConnSocketFactory =
new SSLConnectionSocketFactory(
sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
builder.setSSLSocketFactory(sslConnSocketFactory);
Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslConnSocketFactory)
.build();
HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
builder.setConnectionManager(ccm);
} catch (NoSuchAlgorithmException nsae) {
logger.println("Couldn't establish SSL context:");
nsae.printStackTrace(logger);
} catch (KeyManagementException kme) {
logger.println("Couldn't initialize SSL context:");
kme.printStackTrace(logger);
} catch (KeyStoreException kse) {
logger.println("Couldn't initialize SSL context:");
kse.printStackTrace(logger);
}
}
// Configure the proxy, if needed
// Using the Jenkins methods handles the noProxyHost settings
ProxyConfiguration proxyConfig = Jenkins.getInstance().proxy;
if (proxyConfig != null) {
Proxy proxy = proxyConfig.createProxy(url.getHost());
if (proxy != null && proxy.type() == Proxy.Type.HTTP) {
SocketAddress addr = proxy.address();
if (addr != null && addr instanceof InetSocketAddress) {
InetSocketAddress proxyAddr = (InetSocketAddress) addr;
HttpHost proxyHost =
new HttpHost(proxyAddr.getAddress().getHostAddress(), proxyAddr.getPort());
builder = builder.setProxy(proxyHost);
String proxyUser = proxyConfig.getUserName();
if (proxyUser != null) {
String proxyPass = proxyConfig.getPassword();
CredentialsProvider cred = new BasicCredentialsProvider();
cred.setCredentials(
new AuthScope(proxyHost), new UsernamePasswordCredentials(proxyUser, proxyPass));
builder =
builder
.setDefaultCredentialsProvider(cred)
.setProxyAuthenticationStrategy(new ProxyAuthenticationStrategy());
}
}
}
}
return builder.build();
}
/** @param args */
public static void main(String[] args) throws Exception {
InputStream stream = new FileInputStream("./configCLI.properties");
Properties properties = new Properties();
properties.load(stream);
try {
stream.close();
} catch (IOException e) {
e.printStackTrace();
}
downloadURL = (String) properties.get("downloadURL");
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("../etc/keystore"));
try {
trustStore.load(instream, "storepwd".toCharArray());
} finally {
instream.close();
}
// Trust own CA and all self-signed certs
SSLContext sslcontext =
SSLContexts.custom().loadTrustMaterial(trustStore, new TrustSelfSignedStrategy()).build();
// Allow TLSv1 protocol only
SSLConnectionSocketFactory sslsf =
new SSLConnectionSocketFactory(
sslcontext,
new String[] {"TLSv1"},
null,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
httpclient = HttpClients.custom().setSSLSocketFactory(sslsf).build();
if (args[0].equalsIgnoreCase("-listAll")) {
HttpResponse response;
try {
HttpPost httpPost = new HttpPost(downloadURL);
java.util.List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("commandType", "listAll"));
httpPost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8));
// Make the request
response = httpclient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (responseEntity != null) {
System.out.println("Response content length: " + responseEntity.getContentLength());
}
String jsonResultString = EntityUtils.toString(responseEntity);
EntityUtils.consume(responseEntity);
System.out.println("----------------------------------------");
System.out.println("result:" + jsonResultString);
System.out.println();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
httpclient.getConnectionManager().shutdown();
}
;
} else if (args[0].equalsIgnoreCase("-listCurrent")) {
HttpResponse response;
try {
HttpPost httpPost = new HttpPost(downloadURL);
java.util.List<NameValuePair> params = new ArrayList<NameValuePair>();
params.add(new BasicNameValuePair("commandType", "listCurrent"));
httpPost.setEntity(new UrlEncodedFormEntity(params, HTTP.UTF_8));
// Make the request
response = httpclient.execute(httpPost);
HttpEntity responseEntity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
if (responseEntity != null) {
System.out.println("Response content length: " + responseEntity.getContentLength());
}
String jsonResultString = EntityUtils.toString(responseEntity);
EntityUtils.consume(responseEntity);
System.out.println("----------------------------------------");
System.out.println("result:" + jsonResultString);
System.out.println();
} catch (ClientProtocolException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} finally {
httpclient.getConnectionManager().shutdown();
}
} else if (args[0].equalsIgnoreCase("-download")) {
executeRequest("startDownload", args[1]);
} else if (args[0].equalsIgnoreCase("-info")) {
executeRequest("getStatus", args[1]);
} else if (args[0].equalsIgnoreCase("-pause")) {
executeRequest("pause", args[1]);
} else if (args[0].equalsIgnoreCase("-resume")) {
executeRequest("resume", args[1]);
} else if (args[0].equalsIgnoreCase("-remove")) {
executeRequest("remove", args[1]);
} else if (args[0].equalsIgnoreCase("-changePriority")) {
executeRequest("changePriority", args[1]);
} else if (args[0].equalsIgnoreCase("-addDAR")
|| args[0].equalsIgnoreCase("-cancelDAR")
|| args[0].equalsIgnoreCase("-pauseDAR")
|| args[0].equalsIgnoreCase("-resumeDAR")) {
executeRequest(args[0], args[1]);
} else {
System.out.println(usage());
}
}
