|
...
|
...
|
@@ -15,78 +15,79 @@ import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; |
|
|
|
import org.apache.http.ssl.SSLContextBuilder;
|
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
|
|
|
|
|
import javax.annotation.PostConstruct;
|
|
|
|
import javax.net.ssl.HostnameVerifier;
|
|
|
|
import javax.net.ssl.SSLContext;
|
|
|
|
|
|
|
|
public abstract class HttpSslClientAbstract extends HttpClient {
|
|
|
|
|
|
|
|
//最大总数
|
|
|
|
private final int sslMaxTotal = 10;
|
|
|
|
|
|
|
|
//默认并发数
|
|
|
|
private final int sslDefaultMaxPerRoute = 5;
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
private WechatHelper wechatHelper;
|
|
|
|
|
|
|
|
protected abstract String getMchId();
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public CloseableHttpClient buildHttpClient() throws Exception {
|
|
|
|
HttpClientBuilder b = HttpClientBuilder.create();
|
|
|
|
|
|
|
|
// setup a Trust Strategy that allows all certificates.
|
|
|
|
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
|
|
|
|
sslContextBuilder.loadTrustMaterial(null, (arg0, arg1) -> true);
|
|
|
|
loadKeyMaterial(sslContextBuilder);
|
|
|
|
SSLContext sslContext = sslContextBuilder.build();
|
|
|
|
b.setSSLContext(sslContext);
|
|
|
|
|
|
|
|
// don't check Hostnames, either.
|
|
|
|
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if
|
|
|
|
// you don't want to weaken
|
|
|
|
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
|
|
|
|
|
|
|
|
// here's the special part:
|
|
|
|
// -- need to create an SSL Socket Factory, to use our weakened
|
|
|
|
// "trust strategy";
|
|
|
|
// -- and create a Registry, to register it.
|
|
|
|
//
|
|
|
|
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
|
|
|
|
sslContext, hostnameVerifier);
|
|
|
|
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder
|
|
|
|
.<ConnectionSocketFactory> create()
|
|
|
|
.register("http",
|
|
|
|
PlainConnectionSocketFactory.getSocketFactory())
|
|
|
|
.register("https", sslSocketFactory).build();
|
|
|
|
|
|
|
|
// now, we create connection-manager using our Registry.
|
|
|
|
// -- allows multi-threaded use
|
|
|
|
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(
|
|
|
|
socketFactoryRegistry);
|
|
|
|
connMgr.setMaxTotal(sslMaxTotal);
|
|
|
|
connMgr.setDefaultMaxPerRoute(sslDefaultMaxPerRoute);
|
|
|
|
b.setConnectionManager(connMgr);
|
|
|
|
//最大总数
|
|
|
|
private final int sslMaxTotal = 10;
|
|
|
|
|
|
|
|
//默认并发数
|
|
|
|
private final int sslDefaultMaxPerRoute = 5;
|
|
|
|
|
|
|
|
@Autowired
|
|
|
|
private WechatHelper wechatHelper;
|
|
|
|
|
|
|
|
protected abstract String getMchId();
|
|
|
|
|
|
|
|
protected abstract String getMchCertPath();
|
|
|
|
|
|
|
|
|
|
|
|
@Override
|
|
|
|
public CloseableHttpClient buildHttpClient() throws Exception {
|
|
|
|
HttpClientBuilder b = HttpClientBuilder.create();
|
|
|
|
|
|
|
|
// setup a Trust Strategy that allows all certificates.
|
|
|
|
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
|
|
|
|
sslContextBuilder.loadTrustMaterial(null, (arg0, arg1) -> true);
|
|
|
|
loadKeyMaterial(sslContextBuilder);
|
|
|
|
SSLContext sslContext = sslContextBuilder.build();
|
|
|
|
b.setSSLContext(sslContext);
|
|
|
|
|
|
|
|
// don't check Hostnames, either.
|
|
|
|
// -- use SSLConnectionSocketFactory.getDefaultHostnameVerifier(), if
|
|
|
|
// you don't want to weaken
|
|
|
|
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
|
|
|
|
|
|
|
|
// here's the special part:
|
|
|
|
// -- need to create an SSL Socket Factory, to use our weakened
|
|
|
|
// "trust strategy";
|
|
|
|
// -- and create a Registry, to register it.
|
|
|
|
//
|
|
|
|
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(
|
|
|
|
sslContext, hostnameVerifier);
|
|
|
|
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder
|
|
|
|
.<ConnectionSocketFactory>create()
|
|
|
|
.register("http",
|
|
|
|
PlainConnectionSocketFactory.getSocketFactory())
|
|
|
|
.register("https", sslSocketFactory).build();
|
|
|
|
|
|
|
|
// now, we create connection-manager using our Registry.
|
|
|
|
// -- allows multi-threaded use
|
|
|
|
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(
|
|
|
|
socketFactoryRegistry);
|
|
|
|
connMgr.setMaxTotal(sslMaxTotal);
|
|
|
|
connMgr.setDefaultMaxPerRoute(sslDefaultMaxPerRoute);
|
|
|
|
b.setConnectionManager(connMgr);
|
|
|
|
// BasicHttpClientConnectionManager connMgr = new BasicHttpClientConnectionManager(socketFactoryRegistry);
|
|
|
|
// b.setConnectionManager(connMgr);
|
|
|
|
|
|
|
|
//request config
|
|
|
|
RequestConfig requestConfig = RequestConfig.custom()
|
|
|
|
.setConnectionRequestTimeout(connectionRequestTimeout)
|
|
|
|
.setConnectTimeout(connectionTimeout)
|
|
|
|
.setSocketTimeout(socketTimeout)
|
|
|
|
.build();
|
|
|
|
b.setDefaultRequestConfig(requestConfig);
|
|
|
|
|
|
|
|
// finally, buildSellerBo the HttpClient;
|
|
|
|
// -- done!
|
|
|
|
return b.build();
|
|
|
|
}
|
|
|
|
|
|
|
|
private void loadKeyMaterial(SSLContextBuilder sslContextBuilder) throws Exception {
|
|
|
|
wechatHelper.loadKeyMaterial(getMchId(), sslContextBuilder);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//request config
|
|
|
|
RequestConfig requestConfig = RequestConfig.custom()
|
|
|
|
.setConnectionRequestTimeout(connectionRequestTimeout)
|
|
|
|
.setConnectTimeout(connectionTimeout)
|
|
|
|
.setSocketTimeout(socketTimeout)
|
|
|
|
.build();
|
|
|
|
b.setDefaultRequestConfig(requestConfig);
|
|
|
|
|
|
|
|
// finally, buildSellerBo the HttpClient;
|
|
|
|
// -- done!
|
|
|
|
return b.build();
|
|
|
|
}
|
|
|
|
|
|
|
|
private void loadKeyMaterial(SSLContextBuilder sslContextBuilder) throws Exception {
|
|
|
|
wechatHelper.loadKeyMaterial(getMchId(), getMchCertPath(), sslContextBuilder);
|
|
|
|
}
|
|
|
|
|
|
|
|
} |
...
|
...
|
|
