Tomcat信任https网站

在使用微信发送告警的时候出现无法使用https网址的问题,解决方式如下

导出微信的证书

openssl s_client -connect qyapi.weixin.qq.com:443 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > weixin.crt

使用SSLPoke.class确认是否还有上层证书,如果存在也导入

java -Djavax.net.debug=ssl SSLPoke qyapi.weixin.qq.com 443

看到有类似下面的则表明有上层证书:

1
2
3
4
5
6
7
8
9
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://gn.symcd.com
,
accessMethod: caIssuers
accessLocation: URIName: http://gn.symcb.com/gn.crt
]
]

http://gn.symcb.com/gn.crt下载下来,并导入
sudo keytool -import -v -trustcacerts -alias gnsymcb -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file gn.crt

导入到jdk中

sudo keytool -import -v -trustcacerts -alias qyapiweixin -keystore $JAVA_HOME/jre/lib/security/jssecacerts -file weixin.crt

更新证书

需要先删除再导入新的

1
2
sudo keytool -delete -keystore $JAVA_HOME/jre/lib/security/cacerts -alias qyapiweixin    
sudo keytool -import -v -trustcacerts -alias qyapiweixin -keystore $JAVA_HOME/jre/lib/security/cacerts -file weixin.crt

指定tomcat使用证书(非必须)

1
2
vim /usr/local/apache-tomcat-8.5.6/bin/setenv.sh
JAVA_OPTS="-Djava.awt.headless=true -Dfile.encoding=UTF-8 -server -Xms2048m -Xmx2048m -XX:NewSize=512m -XX:MaxNewSize=512m -XX:PermSize=512m -XX:MaxPermSize=512m -XX:+DisableExplicitGC -Djavax.net.ssl.trustStore=/usr/local/java/jdk8/jre/lib/security/jssecacerts"

或者在 /usr/local/apache-tomcat-8.5.6/conf/server.xml的ssl配置部分指定keystore,如下

<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
              maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS"
              URIEncoding="utf-8"
              keystoreFile="/usr/local/java/jdk7/jre/lib/security/jssecacerts"
              keystorePass="[email protected]"
              />

Java与Python安全转码链接

Java

1
2
3
4
5
6
7
8
String OriginUrl = "https://meijumao.cn/yunparse/index.php?url=//美剧/周一/GOT权游/S07/Online/02按时发达的十分.mp4~bdyun";
URL repoUrl = new URL(OriginUrl);
URI uri;
try {
uri = new URI(repoUrl.getProtocol(), repoUrl.getUserInfo(), repoUrl.getHost(), repoUrl.getPort(), repoUrl.getPath(), repoUrl.getQuery(), repoUrl.getRef());
System.out.println(uri.toASCIIString());
} catch (URISyntaxException e) {
}

Python

python3:

1
2
3
4
5
import string
import urllib.parse

url = "https://meijumao.cn/yunparse/index.php?url=//美剧/周一/GOT权游/S07/Online/02按时发达的十分.mp4~bdyun"
print(urllib.parse.quote(url,safe=string.printable))

python2:

1
2
3
4
5
import string
from urllib import quote

url = "https://meijumao.cn/yunparse/index.php?url=//美剧/周一/GOT权游/S07/Online/02按时发达的十分.mp4~bdyun"
print urllib.parse.quote(url,safe=string.printable)

结果 'https://meijumao.cn/yunparse/index.php?url=//%E7%BE%8E%E5%89%A7/%E5%91%A8%E4%B8%80/GOT%E6%9D%83%E6%B8%B8/S07/Online/02%E6%8C%89%E6%97%B6%E5%8F%91%E8%BE%BE%E7%9A%84%E5%8D%81%E5%88%86.mp4~bdyun

Java 解析json数组字符串为Java对象

套用罗锤子的话:这可能是最方便快捷的方式了

json字符串:

1
2
3
4
5
6
[{ "number" : "3",
"title" : "hello_world"
},
{ "number" : "2",
"title" : "hello_world"
}]

Java代码:

1
2
3
4
5
6
7
class Wrapper{
int number;
String title;
}

Gson gson = new Gson();
Wrapper[] data = gson.fromJson(idcstring, Wrapper[].class);