Java Https支持自定义ca证书

在请求自定义证书网站是会出现: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 异常,原因在于在当前ca管理器中并未匹配到当前证书所对应的ca文件，而谁做的校验呢？

//操作来源于此处的check
public interface X509TrustManager extends TrustManager {
    void checkClientTrusted(X509Certificate[] var1, String var2) throws CertificateException;

    void checkServerTrusted(X509Certificate[] var1, String var2) throws CertificateException;

    X509Certificate[] getAcceptedIssuers();
}

既然如此只要绕过此处的check便可以解决此处问题。下面是okhttp的使用方式。

X509TrustManager tm =  new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return new java.security.cert.X509Certificate[]{};
                    }
}
        final SSLContext sslContext = SSLContext.getInstance("SSL");
        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
        final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
        OkHttpClient okHttp = new OkHttpClient().newBuilder()
                .sslSocketFactory(sslSocketFactory , tm)
                .build();

使用此方法跳过ca证书的校验