搭建 https 服务端 测试 https 客户端

发布于 2022-09-22 23:17:05 字数 2882 浏览 5 评论 0

搭建自签名服务端程序

Generate private key (.key)

# Key considerations for algorithm "RSA" ≥ 2048-bit
openssl genrsa -out server.key 2048

# Key considerations for algorithm "ECDSA" ≥ secp384r1
# List ECDSA the supported curves (openssl ecparam -list_curves)
openssl ecparam -genkey -name secp384r1 -out server.key

Generation of self-signed(x509) public key (PEM-encodings .pem|.crt) based on the private (.key)

openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Simple Golang HTTPS/TLS Server

package main

import (
    "net/http"
    "log"
)

func HelloServer(w http.ResponseWriter, req *http.Request) {
    w.Header().Set("Content-Type", "text/plain")
    w.Write([]byte("This is an example server.\n"))
}

func main() {
    http.HandleFunc("/hello", HelloServer)
    err := http.ListenAndServeTLS(":443", "server.crt", "server.key", nil)
    if err != nil {
        log.Fatal("ListenAndServe: ", err)
    }
}

Hint: visit, please do not forget to use https begins,otherwise chrome will download a file as follows:

$ curl -sL https://localhost/hello

更多

设置 HttpsURLConnection,让它信任所有证书,跳过验证步骤

private static void trustHttps(String url, HttpsURLConnection conn) {
  boolean useHttps = url.toLowerCase().startsWith("https");
  if (!useHttps) {
    return;
  }

  try {
    val sc = SSLContext.getInstance("TLS");
    sc.init(
        null,
        new TrustManager[] {
          new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {
              return new X509Certificate[] {};
            }

            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) {
              // trust all
            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) {
              // trust all
            }
          }
        },
        new java.security.SecureRandom());
    val newFactory = sc.getSocketFactory();
    conn.setSSLSocketFactory(newFactory);
  } catch (Exception ignore) {
    // ignore
  }
  conn.setHostnameVerifier((hostname, session) -> true);
}

@SneakyThrows
private static void readOutErrorStream(HttpURLConnection conn) {
  // by https://docs.oracle.com/javase/7/docs/technotes/guides/net/http-keepalive.html,
  // the connection should be cleaned up by reading the response body so that it could be reused.
  @Cleanup InputStream errorStream = conn.getErrorStream();

  if (errorStream == null) {
    return;
  }

  try {
    Is.toString(errorStream);
  } catch (Exception ioe) {
    // ignore
  }
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

列表为空,暂无数据

关于作者

巷雨优美回忆

暂无简介

0 文章
0 评论
0 人气
更多

推荐作者

淹不死的鱼

文章 0 评论 0

zhangMack

文章 0 评论 0

爱的故事

文章 0 评论 0

linces

文章 0 评论 0

早乙女

文章 0 评论 0

鸵鸟症

文章 0 评论 0

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击“接受”或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。