ssl忽略证书 SSLHandshakeException:PKIX path building failed ——java client

忽略证书的代码

java 复制代码
    public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sc = SSLContext.getInstance("TLS");
        // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
        X509TrustManager trustManager = new X509TrustManager() {
            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) throws CertificateException {
            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
                    String paramString) throws CertificateException {
            }

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        };
        sc.init(null, new TrustManager[]{trustManager}, null);
        return sc;
    }

将返回值给到httpclient

写法一:

java 复制代码
SSLContext ignoreVerifySSL = createIgnoreVerifySSL();

HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
httpClientBuilder.setSSLContext(ignoreVerifySSL);  // 设置SSL管理工厂
// ...  设置其他调优参数(比如连接池大小等)
CloseableHttpClient httpClient = httpClientBuilder.build();

写法二:

java 复制代码
        SSLContext ignoreVerifySSL = createIgnoreVerifySSL();

        CloseableHttpClient httpClient = HttpClients.custom()
//                .setConnectionManager(connectionManager)
                .setKeepAliveStrategy(myStrategy)
                .setDefaultRequestConfig(RequestConfig.custom().setStaleConnectionCheckEnabled(true).build())
                .setSSLContext(ignoreVerifySSL)
                .build();

后续写法:创建连接,拿到response返回值

java 复制代码
        try (CloseableHttpClient closeableHttpClient = httpClientBuilder.build()) {
            HttpEntity entity = new StringEntity(json, "UTF-8");
            HttpPost post = new HttpPost(url);
            post.setEntity(entity);
            post.setHeader("Content-type", "application/json");
            HttpResponse response = closeableHttpClient.execute(post);
            result = EntityUtils.toString(response.getEntity(), "UTF-8");
            System.out.println(result);
            return result;
        } catch (IOException e) {
            e.printStackTrace();
        }

注意:千万不要使用自定义的ConnectionManager,否则会导致SSL管理工厂失效,无法跳过SSL证书认证。

java 复制代码
// 千万别设置这个参数!!
httpClientBuilder.setConnectionManager(httpClientConnectionManager);   

原因:HttpClientBuilder中有一段代码,只有当自定义的ConnectionManager为空时,才会使用SSL管理工厂或者sslcontext,否则,不会生效。

java 复制代码
    public CloseableHttpClient build() {
        final HttpClientConnectionManager connManagerCopy = this.connManager;
        Object reuseStrategyCopy;
        Object proxyAuthStrategyCopy;
        if (connManagerCopy == null) {
            reuseStrategyCopy = this.sslSocketFactory;
            if (reuseStrategyCopy == null) {
                if (this.sslContext != null) {
                    reuseStrategyCopy = new SSLConnectionSocketFactory(this.sslContext, supportedProtocols, supportedCipherSuites, (HostnameVerifier)proxyAuthStrategyCopy);
                } 
            }
        }
    }

可使用如下工具检测网关的SSL协议版本

SSL Server Test (Powered by Qualys SSL Labs)

参考

解决出现javax.net.ssl.SSLHandshakeException: PKIX path building failed 或 sun.security.validator.ValidatorException: PKIX path building failed的问题

HttpClient跳过SSL证书认证攻略_noophostnameverifier.instance-CSDN博客

相关推荐
DKPT30 分钟前
Java桥接模式实现方式与测试方法
java·笔记·学习·设计模式·桥接模式
诗句藏于尽头36 分钟前
完成ssl不安全警告
网络协议·安全·ssl
好奇的菜鸟2 小时前
如何在IntelliJ IDEA中设置数据库连接全局共享
java·数据库·intellij-idea
DuelCode3 小时前
Windows VMWare Centos Docker部署Springboot 应用实现文件上传返回文件http链接
java·spring boot·mysql·nginx·docker·centos·mybatis
优创学社23 小时前
基于springboot的社区生鲜团购系统
java·spring boot·后端
幽络源小助理3 小时前
SpringBoot基于Mysql的商业辅助决策系统设计与实现
java·vue.js·spring boot·后端·mysql·spring
猴哥源码3 小时前
基于Java+springboot 的车险理赔信息管理系统
java·spring boot
YuTaoShao4 小时前
【LeetCode 热题 100】48. 旋转图像——转置+水平翻转
java·算法·leetcode·职场和发展
Dcs4 小时前
超强推理不止“大”——手把手教你部署 Mistral Small 3.2 24B 大模型
java
东阳马生架构5 小时前
订单初版—1.分布式订单系统的简要设计文档
java