忽略证书的代码
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {SSLContext sc = SSLContext.getInstance("TLS");// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法X509TrustManager trustManager = new X509TrustManager() {@Overridepublic void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}};sc.init(null, new TrustManager[]{trustManager}, null);return sc;}
将返回值给到httpclient
写法一:
SSLContext ignoreVerifySSL = createIgnoreVerifySSL();HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(ignoreVerifySSL); // 设置SSL管理工厂
// ... 设置其他调优参数(比如连接池大小等)
CloseableHttpClient httpClient = httpClientBuilder.build();
写法二:
SSLContext ignoreVerifySSL = createIgnoreVerifySSL();CloseableHttpClient httpClient = HttpClients.custom()
// .setConnectionManager(connectionManager).setKeepAliveStrategy(myStrategy).setDefaultRequestConfig(RequestConfig.custom().setStaleConnectionCheckEnabled(true).build()).setSSLContext(ignoreVerifySSL).build();
后续写法:创建连接,拿到response返回值
try (CloseableHttpClient closeableHttpClient = httpClientBuilder.build()) {HttpEntity entity = new StringEntity(json, "UTF-8");HttpPost post = new HttpPost(url);post.setEntity(entity);post.setHeader("Content-type", "application/json");HttpResponse response = closeableHttpClient.execute(post);result = EntityUtils.toString(response.getEntity(), "UTF-8");System.out.println(result);return result;} catch (IOException e) {e.printStackTrace();}
注意:千万不要使用自定义的ConnectionManager,否则会导致SSL管理工厂失效,无法跳过SSL证书认证。
// 千万别设置这个参数!!
httpClientBuilder.setConnectionManager(httpClientConnectionManager); 原因:HttpClientBuilder中有一段代码,只有当自定义的ConnectionManager为空时,才会使用SSL管理工厂或者sslcontext,否则,不会生效。
public CloseableHttpClient build() {final HttpClientConnectionManager connManagerCopy = this.connManager;Object reuseStrategyCopy;Object proxyAuthStrategyCopy;if (connManagerCopy == null) {reuseStrategyCopy = this.sslSocketFactory;if (reuseStrategyCopy == null) {if (this.sslContext != null) {reuseStrategyCopy = new SSLConnectionSocketFactory(this.sslContext, supportedProtocols, supportedCipherSuites, (HostnameVerifier)proxyAuthStrategyCopy);} }}}
可使用如下工具检测网关的SSL协议版本
SSL Server Test (Powered by Qualys SSL Labs)
参考
解决出现javax.net.ssl.SSLHandshakeException: PKIX path building failed 或 sun.security.validator.ValidatorException: PKIX path building failed的问题
HttpClient跳过SSL证书认证攻略_noophostnameverifier.instance-CSDN博客
)
)
返回转换成功的个数)
)
—— 使用Reptile进行小样本学习)
)