屏蔽HTTPS证书校验

—————————————————————————————————————————

背景需求：解决下面的错误：

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target

经查询，需要绕过HTTPS证书校验。

类似rest-client客户端的SSL项的两个设置:

1、Trust-self-signed certificate？ 勾选
2、Hostname verifier 选择Allow All

下面代码可以绕过HTTPS的证书校验：

public static CloseableHttpClient createHttpsClient() throws NoSuchAlgorithmException, KeyManagementException
{
X509TrustManager x509mgr = new X509TrustManager()
{

    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
    {
    }

    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException
    {

    }

    public X509Certificate[] getAcceptedIssuers()
    {
        return null;
    }
};

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] {x509mgr}, null);
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext,
        SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

return HttpClients.custom()
        .setSSLSocketFactory(sslsf)
        .setDefaultRequestConfig(
                RequestConfig.custom()
                        .setSocketTimeout(5000)
                        .setConnectTimeout(5000)
                        .setCookieSpec(String.valueOf(CookiePolicy.ACCEPT_ALL))
                        .build()).build();
}
try
{
    closeableHttpClient = createHttpsClient();
    closeableHttpClient.execute(post);  
}
catch (NoSuchAlgorithmException e)
{
    e.printStackTrace();
}
catch (KeyManagementException e)
{
    e.printStackTrace();
}

上面代码中的:

SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER

和

sslContext.init(null, new TrustManager[] {x509mgr}, null)

分别对应restclient设置中的1和2，这样的话：

closeableHttpClient = createHttpsClient();

closeableHttpClient.execute(post);

调用closeableHttpClient发送post时，就可以屏蔽post请求中的HTTPS证书校验了。