SSL证书认证失败javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: 解决方法

访问第三方接口传递数据,出现SSL证书认证失败的情况,于是做出了如下解决方案:
1.代码层跳出SSL验证

javax.net.ssl.SSLHandshakeException:  java.security.cert.CertificateException:  No  subject  alternative  DNS  name  matching  idcardcert.market.alicloudapi.com  found.
at  sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at  sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at  sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at  sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at  sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at  sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at  sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at  sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at  sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at  sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at  sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at  sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(A

新增跳过证书的类,TrustAllTrustManager.java,代码如下:

public class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {

    @Override
    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
        return null;
    }

    @Override
    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)
            throws java.security.cert.CertificateException {
        return;
    }

    @Override
    public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)
            throws java.security.cert.CertificateException {
        return;
    }

}

在HttpSendUtils.java文件中添加,如下代码:

//  直接通过主机认证
HostnameVerifier hv = new HostnameVerifier() {
	@Override
	public boolean verify(String urlHostName, SSLSession session) {
		return true;
	}
 };
 //  配置认证管理器
javax.net.ssl.TrustManager[] trustAllCerts = {new TrustAllTrustManager()};
SSLContext sc = SSLContext.getInstance("SSL");
SSLSessionContext sslsc = sc.getServerSessionContext();
sslsc.setSessionTimeout(0);
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
//  激活主机认证
HttpsURLConnection.setDefaultHostnameVerifier(hv);
URL url = new URL(url);
HttpURLConnection connection = (HttpURLConnection)url.openConnection();

举例实现:调用第三方实名认证接口加入ssl证书,

public AliyunIdCardRsp aliyunAuthentication(String name,String idCard) throws Exception {
        String host = "https://idcardcert.market.alicloudapi.com";
        String path = "/idCardCert";
        String appcode = "你自己的AppCode";
        String urlSend = host + path + "?idCard=" + idCard + "&name=" + name;


        //  直接通过主机认证
        HostnameVerifier hv = new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        };
        //  配置认证管理器
        javax.net.ssl.TrustManager[] trustAllCerts = {new TrustAllTrustManager()};
        SSLContext sc = SSLContext.getInstance("SSL");
        SSLSessionContext sslsc = sc.getServerSessionContext();
        sslsc.setSessionTimeout(0);
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        //  激活主机认证
        HttpsURLConnection.setDefaultHostnameVerifier(hv);

        URL url = new URL(urlSend);
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        httpURLConnection.setRequestProperty("Authorization", "APPCODE " + appcode);//格式Authorization:APPCODE (中间是英文空格)
        int httpCode = httpURLConnection.getResponseCode();
        String json = read(httpURLConnection.getInputStream());
        //{"status":"01","msg":"实名认证通过!","idCard":"411111xxxxxxxxxxxx","name":"王二"
        // ,"sex":"男","area":"广东省xx市xx县","province":"广东省","city":"xx市","prefecture":"xx县"
        // ,"birthday":"1999-10-10","addrCode":"411111","lastCode":"0"}
        JSONObject strObj = JSON.parseObject(json);
        AliyunIdCardRsp idCardRsp = JSON.toJavaObject(strObj,AliyunIdCardRsp.class);//AliyunIdCardRsp 实体类属性上面注释以给出
        return idCardRsp;
    }

原文解决方案链接:https://blog.csdn.net/dianyou8752/article/details/100525155

你可能感兴趣的:(java)