webservice客户端https

Published:

某些医院his系统的WebService是自签名的证书,消息都拼接了结果调用的时候报错调半天⊙﹏⊙∥

最后在万能的StackOverflow上找到了解决方法

直接上代码

SSLUtilities.kt

import java.security.GeneralSecurityException
import java.security.SecureRandom
import java.security.cert.CertificateException
import java.security.cert.X509Certificate
import javax.net.ssl.HostnameVerifier
import javax.net.ssl.HttpsURLConnection
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSession
import javax.net.ssl.TrustManager
import javax.net.ssl.X509TrustManager

object SSLUtilities {

    private var __hostnameVerifier: HostnameVerifier? = null
    private var __trustManagers: Array<TrustManager>? = null

    private var _hostnameVerifier: HostnameVerifier? = null
    private var _trustManagers: Array<TrustManager>? = null

    private fun isDeprecatedSSLProtocol(): Boolean {
        return "com.sun.net.ssl.internal.www.protocol" == System.getProperty("java.protocol.handler.pkgs")
    }

    private fun __trustAllHostnames() {
        if (__hostnameVerifier == null) {
            __hostnameVerifier = _FakeHostnameVerifier()
        }
        HttpsURLConnection.setDefaultHostnameVerifier(__hostnameVerifier)
    }

    private fun __trustAllHttpsCertificates() {
        val context: SSLContext
        if (__trustManagers == null) {
            __trustManagers = arrayOf(_FakeX509TrustManager())
        }
        try {
            context = SSLContext.getInstance("SSL")
            context.init(null, __trustManagers, SecureRandom())
        } catch (gse: GeneralSecurityException) {
            throw IllegalStateException(gse.message)
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(context.socketFactory)
    }

    private fun _trustAllHostnames() {
        if (_hostnameVerifier == null) {
            _hostnameVerifier = FakeHostnameVerifier()
        }
        HttpsURLConnection.setDefaultHostnameVerifier(_hostnameVerifier)
    }

    private fun _trustAllHttpsCertificates() {
        val context: SSLContext
        if (_trustManagers == null) {
            _trustManagers = arrayOf(FakeX509TrustManager())
        }
        try {
            context = SSLContext.getInstance("SSL")
            context.init(null, _trustManagers, SecureRandom())
        } catch (gse: GeneralSecurityException) {
            throw IllegalStateException(gse.message)
        }
        HttpsURLConnection.setDefaultSSLSocketFactory(context.socketFactory)
    }

    fun trustAllHostnames() {
        if (isDeprecatedSSLProtocol()) {
            __trustAllHostnames()
        } else {
            _trustAllHostnames()
        }
    }

    fun trustAllHttpsCertificates() {
        if (isDeprecatedSSLProtocol()) {
            __trustAllHttpsCertificates()
        } else {
            _trustAllHttpsCertificates()
        }
    }

    class _FakeHostnameVerifier : HostnameVerifier {
        override fun verify(hostname: String?, session: SSLSession?): Boolean {
            return true
        }
    }

    class _FakeX509TrustManager : X509TrustManager {
        companion object {
            private val _AcceptedIssuers = arrayOf<X509Certificate>()
        }

        override fun checkClientTrusted(chain: Array<X509Certificate>?, authType: String?) {
            // Do nothing, trust all clients
        }

        override fun checkServerTrusted(chain: Array<X509Certificate>?, authType: String?) {
            // Do nothing, trust all servers
        }

        override fun getAcceptedIssuers(): Array<X509Certificate> {
            return _AcceptedIssuers
        }
    }

    class FakeHostnameVerifier : HostnameVerifier {
        override fun verify(hostname: String?, session: SSLSession?): Boolean {
            return true
        }
    }

    class FakeX509TrustManager : X509TrustManager {
        companion object {
            private val _AcceptedIssuers = arrayOf<X509Certificate>()
        }

        override fun checkClientTrusted(chain: Array<X509Certificate>?, authType: String?) {
            // Do nothing, trust all clients
        }

        override fun checkServerTrusted(chain: Array<X509Certificate>?, authType: String?) {
            // Do nothing, trust all servers
        }

        override fun getAcceptedIssuers(): Array<X509Certificate> {
            return _AcceptedIssuers
        }
    }
}

main.kt

SSLUtilities.trustAllHostnames()
SSLUtilities.trustAllHttpsCertificates()
val sc = SSLContext.getInstance("TLS")
val trustCerts = arrayOf(object : X509TrustManager{
    override fun checkClientTrusted(chain: Array<out X509Certificate>?, authType: String?) {
    }

    override fun checkServerTrusted(chain: Array<out X509Certificate>?, authType: String?) {
    }

    override fun getAcceptedIssuers(): Array<X509Certificate>? {
        return null
    }

})
sc.init(null, trustCerts, SecureRandom())

val factory = JaxWsProxyFactoryBean()
factory.serviceClass = MyServiceSoap::class.java
factory.address = "https://127.0.0.1:1443/service"
val service = factory.create() as MyServiceSoap
val client = ClientProxy.getClient(service)
val conduit = client.conduit as HTTPConduit
val tlsParams = TLSClientParameters()
tlsParams.sslContext =context
tlsParams.isDisableCNCheck = true
conduit.tlsClientParameters = tlsParams
val endpoint = service
println(endpoint.Hello())
Previous Post
windows命令行设置网络类型
Next Post
java/kotlin webservice客户端