webService用axis1.x绕过https证书校验的代码

转自 http://www.cnblogs.com/zhukunrong/p/3791409.html?utm_source=tuicool&utm_medium=referral

Axis 1.x 编写的client访问https的webservice的时候，绕过SSL的校验的核心思想是自己做一个不对证书做任何检查的SocketFactory，并用这个socketFactory来替换Axis本身用的SocketFactory，为了方便，MySocketFactory直接继承Axis的父类JSSESocketFactory 。并且重写父类方法

protected void initFactory() throws IOException

initFactory方法的内容，很简单，就是让checkServerTrusted/checkClientTrusted什么都不返回，然后最后一行将这个SslSocketFactory赋给我们自定义类里的sslFactory变量。

// Create a trust manager that does not validate certificate chains
  TrustManager[] trustAllCerts = new TrustManager[] {
    new X509TrustManager() {
      public X509Certificate[] getAcceptedIssuers() {
        return null;
      }

      public void checkClientTrusted(X509Certificate[] certs, String authType) {
        // Trust always
      }

      public void checkServerTrusted(X509Certificate[] certs, String authType) {
        // Trust always
      }
    }
  };

  // Install the all-trusting trust manager
  SSLContext sc = SSLContext.getInstance("SSL");
  // Create empty HostnameVerifier
  HostnameVerifier hv = new HostnameVerifier() {
        public boolean verify(String arg0, SSLSession arg1) {
            return true;
        }
  };

  sc.init(null, trustAllCerts, new java.security.SecureRandom());
  sslFactory = sc.getSocketFactory();

在初始化client的地方调一下，改变axis默认的SocketFactory。

AxisProperties.setProperty("axis.socketSecureFactory","my.test.MySocketFactory");//注意包名

以上就是绕过axis1.x证书校验的代码。