开始时,报这个错误 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated System.setProperty("javax.net.debug","ssl"); httpclient = new DefaultHttpClient(); httpclient = getHttpsClient(httpclient); public static HttpClient getHttpsClient(HttpClient httpClient) { ClientConnectionManager ccm = httpClient.getConnectionManager(); SchemeRegistry sr = ccm.getSchemeRegistry(); sr.register(new Scheme("https", MySSLSocketFactory.getInstance(), 443)); httpClient = new DefaultHttpClient(ccm, httpClient.getParams()); return httpClient; } MySSLSocketFactory.java public class MySSLSocketFactory extends SSLSocketFactory { static { mySSLSocketFactory = new MySSLSocketFactory(createSContext(), new TrustAnyHostnameVerifier()); } private static MySSLSocketFactory mySSLSocketFactory = null; private static SSLContext createSContext() { SSLContext sslcontext = null; try { sslcontext = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } try { sslcontext.init(null, new TrustManager[]{new MyTrustAnyTrustManager()}, null); } catch (KeyManagementException e) { e.printStackTrace(); return null; } return sslcontext; } private MySSLSocketFactory(SSLContext sslContext, X509HostnameVerifier hostnameVerifier) { super(sslContext, hostnameVerifier); } public static MySSLSocketFactorygetInstance() { if (mySSLSocketFactory != null) { return mySSLSocketFactory; } else { return mySSLSocketFactory = new MySSLSocketFactory(createSContext(), new TrustAnyHostnameVerifier()); } } } MyTrustAnyTrustManager.java public class MyTrustAnyTrustManager implements X509TrustManager{ public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } public X509Certificate[] getAcceptedIssuers() { return null; } } TrustAnyHostnameVerifier.java public class TrustAnyHostnameVerifier implements X509HostnameVerifier { @Override public boolean verify(String s, SSLSession sslSession) { return true; } @Override public void verify(String host, SSLSocket ssl) throws IOException { } @Override public void verify(String host, X509Certificate cert) throws SSLException { } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { } } 之后运行,报如下错误java.security.cert.CertificateException: Certificates does not conform to algorithm constraints 因为在java1.6之后的这个配置文件中,认为MD2的加密方式安全性太低,因而不支持这种加密方式,同时也不支持RSA长度小于1024的密文 请修改java.security的配置文件 %JAVA_HOME%/jre/lib/security/java.security 将 jdk.certpath.disabledAlgorithms=MD2 .... 修改为 #jdk.certpath.disabledAlgorithms=MD2 .... 重启tomcat生效
JAVA HttpClient调用Https 跳过证书验证
猜你喜欢
转载自my.oschina.net/u/2620663/blog/1596013
今日推荐
周排行