ssl忽略证书 SSLHandshakeException:PKIX path building failed ——java client

忽略证书的代码

java 复制代码
    public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sc = SSLContext.getInstance("TLS");
        // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
        X509TrustManager trustManager = new X509TrustManager() {
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        sc.init(null, new TrustManager[]{trustManager}, null);
        return sc;
    }

将返回值给到httpclient

写法一:

java 复制代码
SSLContext ignoreVerifySSL = createIgnoreVerifySSL();

HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(ignoreVerifySSL);  // 设置SSL管理工厂
// ...  设置其他调优参数(比如连接池大小等)
CloseableHttpClient httpClient = httpClientBuilder.build();

写法二:

java 复制代码
        SSLContext ignoreVerifySSL = createIgnoreVerifySSL();

        CloseableHttpClient httpClient = HttpClients.custom()
//                .setConnectionManager(connectionManager)
                .setKeepAliveStrategy(myStrategy)
                .setDefaultRequestConfig(RequestConfig.custom().setStaleConnectionCheckEnabled(true).build())
                .setSSLContext(ignoreVerifySSL)
                .build();

后续写法:创建连接,拿到response返回值

java 复制代码
        try (CloseableHttpClient closeableHttpClient = httpClientBuilder.build()) {
            HttpEntity entity = new StringEntity(json, "UTF-8");
            HttpPost post = new HttpPost(url);
            post.setEntity(entity);
            post.setHeader("Content-type", "application/json");
            HttpResponse response = closeableHttpClient.execute(post);
            result = EntityUtils.toString(response.getEntity(), "UTF-8");
            System.out.println(result);
            return result;
        } catch (IOException e) {
            e.printStackTrace();
        }

注意:千万不要使用自定义的ConnectionManager,否则会导致SSL管理工厂失效,无法跳过SSL证书认证。

java 复制代码
// 千万别设置这个参数!!
httpClientBuilder.setConnectionManager(httpClientConnectionManager);   

原因:HttpClientBuilder中有一段代码,只有当自定义的ConnectionManager为空时,才会使用SSL管理工厂或者sslcontext,否则,不会生效。

java 复制代码
    public CloseableHttpClient build() {
        final HttpClientConnectionManager connManagerCopy = this.connManager;
        Object reuseStrategyCopy;
        Object proxyAuthStrategyCopy;
        if (connManagerCopy == null) {
            reuseStrategyCopy = this.sslSocketFactory;
            if (reuseStrategyCopy == null) {
                if (this.sslContext != null) {
                    reuseStrategyCopy = new SSLConnectionSocketFactory(this.sslContext, supportedProtocols, supportedCipherSuites, (HostnameVerifier)proxyAuthStrategyCopy);
                } 
            }
        }
    }

可使用如下工具检测网关的SSL协议版本

SSL Server Test (Powered by Qualys SSL Labs)

参考

解决出现javax.net.ssl.SSLHandshakeException: PKIX path building failed 或 sun.security.validator.ValidatorException: PKIX path building failed的问题

HttpClient跳过SSL证书认证攻略_noophostnameverifier.instance-CSDN博客

相关推荐
DKPT36 分钟前
JVM中如何调优新生代和老生代?
java·jvm·笔记·学习·spring
phltxy36 分钟前
JVM——Java虚拟机学习
java·jvm·学习
seabirdssss2 小时前
使用Spring Boot DevTools快速重启功能
java·spring boot·后端
喂完待续2 小时前
【序列晋升】29 Spring Cloud Task 微服务架构下的轻量级任务调度框架
java·spring·spring cloud·云原生·架构·big data·序列晋升
benben0442 小时前
ReAct模式解读
java·ai
轮到我狗叫了3 小时前
牛客.小红的子串牛客.kotori和抽卡牛客.循环汉诺塔牛客.ruby和薯条
java·开发语言·算法
Volunteer Technology4 小时前
三高项目-缓存设计
java·spring·缓存·高并发·高可用·高数据量
栗子~~4 小时前
bat脚本- 将jar 包批量安装到 Maven 本地仓库
java·maven·jar
Mr.Entropy5 小时前
ecplise配置maven插件
java·maven