美文网首页
java 忽略SSL证书

java 忽略SSL证书

作者: MinaLing | 来源:发表于2019-03-26 17:38 被阅读0次

针对不同的http客户端,有不同的配置方式,但总的来说,就是配置SSLSocketFactory和HostnameVerifier。
一、okhttp
可以参考:https://blog.csdn.net/u014752325/article/details/73185351
二、httpclient

这里又分为连接池和非连接池,配置稍有不同。

连接池:

public final CloseableHttpClient getCustomClient() {
    try {
        HttpClientBuilder builder = HttpClientBuilder.create().useSystemProperties();
        SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null,
                (TrustStrategy) (X509Certificate[] arg0, String arg1) -> true).build();
        builder.setSSLContext(sslContext);
        HostnameVerifier hostnameVerifier = new NoopHostnameVerifier();
        SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
        Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
                .register("http", PlainConnectionSocketFactory.getSocketFactory())
                .register("https", sslSocketFactory)
                .build();
        PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
        builder.setConnectionManager(connMgr);
        return builder.build();
    } catch (Exception ex) {
        LOG.log(Level.SEVERE, ex.getMessage(), ex);
    }
    return getSystemClient();
}

非连接池:

CloseableHttpClient configureHttpClient(boolean enableSslVerify) {

    HttpClientBuilder builder = HttpClientBuilder.create();

    if (enableSslVerify) {
      return builder.build();
    }

    SSLContext sslContext = null;
    try {
      sslContext =
          new SSLContextBuilder().loadTrustMaterial(null, (x509Certificates, s) -> true).build();
    } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) {
      LOG.error("Could not create ssl context", e);
    }

    builder.setSSLHostnameVerifier(new NoopHostnameVerifier()).setSSLContext(sslContext);

    return builder.build();
  }

可以参考以下文档,几乎包括了所有可能的配置:https://www.programcreek.com/java-api-examples/?api=org.apache.http.conn.ssl.NoopHostnameVerifier
三、feignclient

@Bean
    public Client feignClient() {
        SSLContext context = buildCertificateIgnoringSslContext();
        Client trustSSLSockets = new Client.Default(context.getSocketFactory(), new NoopHostnameVerifier());
        return trustSSLSockets;
    }
public static SSLContext buildCertificateIgnoringSslContext() {
        try {
            return new SSLContextBuilder()
                .loadTrustMaterial(null, (x509Certificates, s) -> true)
                .build();
        }
        catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
            throw new IllegalStateException("Unexpected exception while building the certificate-ignoring SSLContext.", e);
        }
    }

相关文章

网友评论

      本文标题:java 忽略SSL证书

      本文链接:https://www.haomeiwen.com/subject/snsnvqtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|java 忽略SSL证书|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!