English | 简体中文
- 需要 JDK 1.7 或以上.
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>gmsse</artifactId>
<version>{{使用maven标签所显示的版本}}</version>
</dependency>import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import java.net.URL;
import com.aliyun.gmsse.GMProvider;
public class Main {
public static void main(String[] args) throws Exception {
// 初始化 SSLSocketFactory
GMProvider provider = new GMProvider();
SSLContext sc = SSLContext.getInstance("TLS", provider);
sc.init(null, null, null);
SSLSocketFactory ssf = sc.getSocketFactory();
URL serverUrl = new URL("https://xxx/");
HttpsURLConnection conn = (HttpsURLConnection) serverUrl.openConnection();
conn.setRequestMethod("GET");
// 设置 SSLSocketFactory
conn.setSSLSocketFactory(ssf);
conn.connect();
System.out.println("used cipher suite:");
System.out.println(conn.getCipherSuite());
}
}在新的版本中,GM-JSSE 增加了对服务端证书和 CA 证书的校验,如果 CA 根证书没有导入在系统中,可能会遇到校验错误。这时,你需要通过传递信任管理器的形式来传入 CA 证书。
BouncyCastleProvider bc = new BouncyCastleProvider();
KeyStore ks = KeyStore.getInstance("JKS");
CertificateFactory cf = CertificateFactory.getInstance("X.509", bc);
FileInputStream is = new FileInputStream("/path/to/ca_cert");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
ks.load(null, null);
ks.setCertificateEntry("gmca", cert);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509", provider);
tmf.init(ks);
sc.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory ssf = sc.getSocketFactory();
Opening an Issue, Issues not conforming to the guidelines may be closed immediately.
每个版本的详细更改记录在发行说明.
Copyright (c) 2009-present, Alibaba Cloud All rights reserved.