以下会以是否SpringBoot来解决这个问题,做法一致,都是绕过证书进行处理的。
创建一个请求代理类,为所有的HTTPS请求访问前做一下操作
public class IgnoreHttpsProxyRequest {
/**
* 通過HTTPS的url登錄
* @param urlStr 目標url
* @return 查詢結果
* @throws IOException
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public String get(String urlStr, String token, String type) throws IOException, NoSuchAlgorithmException, KeyManagementException {
//繞過https
HttpsURLConnection.setDefaultHostnameVerifier(new IgnoreHttpsProxyRequest().new NullHostNameVerifier());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagers, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
//建立連接
URL url = new URL(urlStr);
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod(type);
connection.setRequestProperty(HttpHeaders.AUTHORIZATION, "Bearer " + token);
connection.connect();
//獲取查詢結果
InputStream inputStream = connection.getInputStream();
if (inputStream == null) {
return null;
}
BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
StringBuilder sb = new StringBuilder();
String tmp = null;
while ((tmp = bufferedReader.readLine()) != null) {
sb.append(tmp);
}
bufferedReader.close();
inputStream.close();
return sb.toString();
}
static TrustManager[] trustManagers = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
};
public class NullHostNameVerifier implements HostnameVerifier {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
}
先创建一个跳过证书验证,信任所有站点的请求客户端factory
package com.foxconn.dsc.matrix.api;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import javax.net.ssl.*;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
/**
* @ClassName: SkipHttpsRequestFactory
* @Description:
* @author: lemon
* @date: 2023/9/14 13:56
*/
public class SkipHttpsRequestFactory extends SimpleClientHttpRequestFactory {
@Override
protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
if (connection instanceof HttpsURLConnection) {
prepareHttpsConnection((HttpsURLConnection) connection);
}
super.prepareConnection(connection, httpMethod);
}
private void prepareHttpsConnection(HttpsURLConnection connection) {
connection.setHostnameVerifier(new SkipHostnameVerifier());
try {
connection.setSSLSocketFactory(createSslSocketFactory());
} catch (Exception ex) {
// Ignore
}
}
private SSLSocketFactory createSslSocketFactory() throws Exception {
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, new TrustManager[] { new SkipX509TrustManager() }, new SecureRandom());
return context.getSocketFactory();
}
private class SkipHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
}
private static class SkipX509TrustManager implements X509TrustManager {
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
}
}
}
注入RestTemplate类时,构造时将该工厂类加上。
@Bean
public RestTemplate restTemplate() {
SimpleClientHttpRequestFactory factory = new SkipHttpsRequestFactory();
RestTemplate restTemplate = new RestTemplate(factory);
return restTemplate;
}
使用时将其注入
@Resource
private RestTemplate restTemplate;
配置完毕之后,就可以直接调用了
ResponseEntity<String> response = restTemplate.exchange(builder.build().encode().toUri(), HttpMethod.GET, entity, String.class);