HttpClient 支持https 绕过SSLPeerUnverifiedException异常

最新推荐文章于 2024-03-28 18:13:30 发布
最新推荐文章于 2024-03-28 18:13:30 发布
阅读量1.9k 收藏 2
点赞数
分类专栏: android 文章标签: SSLPeerUnverifiedException httpclient https ssl证书 httpclient支持https
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/JUSTYiSheng/article/details/85246589
版权

最近遇到一个问题,出于安全考虑,需要将http改为https,然后发现HttpClient 报ssl验证不通过异常。于是着手处理。

好的废话不多说,上干货

1、思路,既然SSL证书校验失败,那么干脆改为允许所有主机校验(还有一种思路是把证书放到assets中)

2、关于http、https的详细说明,菜鸟还是老鸟都可以参考http://www.cnblogs.com/P_Chou/archive/2010/12/27/https-ssl-certification.html这里有详细的说明,膜拜大神中。。。

3、信任所有证书


import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnManagerParams;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;


import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

/**
 * create by zyy
 * HttpClient 使用https,且绕过ssl证书验证,即通过所有验证
 */
public class HttpClientHelper {

    private static HttpClient httpClient;//实例

    private HttpClientHelper() {
    }

    public static synchronized HttpClient getHttpClient() {

        if (null == httpClient) {
            // 初始化工作
            try {
                KeyStore trustStore = KeyStore.getInstance(KeyStore
                        .getDefaultType());
                trustStore.load(null, null);
                SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
                sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  //允许所有主机的验证

                HttpParams params = new BasicHttpParams();

                HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
                HttpProtocolParams.setContentCharset(params,
                        HTTP.DEFAULT_CONTENT_CHARSET);
                HttpProtocolParams.setUseExpectContinue(params, true);

                // 设置连接管理器的超时
                ConnManagerParams.setTimeout(params, 10000);
                // 设置连接超时
                HttpConnectionParams.setConnectionTimeout(params, 10000);
                // 设置socket超时
                HttpConnectionParams.setSoTimeout(params, 10000);

                // 设置http https支持
                SchemeRegistry schReg = new SchemeRegistry();
                schReg.register(new Scheme("http", PlainSocketFactory
                        .getSocketFactory(), 80));
                schReg.register(new Scheme("https", sf, 443));

                ClientConnectionManager conManager = new ThreadSafeClientConnManager(
                        params, schReg);

                httpClient = new DefaultHttpClient(conManager, params);
            } catch (Exception e) {
                e.printStackTrace();
                return new DefaultHttpClient();//异常输出常规实例
            }
        }
        return httpClient;
    }

}

class SSLSocketFactoryEx extends SSLSocketFactory {

    SSLContext sslContext = SSLContext.getInstance("TLS");

    public SSLSocketFactoryEx(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);

        TrustManager tm = new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }
        };

        sslContext.init(null, new TrustManager[] { tm }, null);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
                               boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port,
                autoClose);
    }

    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

使用方法:

HttpClient client=HttpClientHelper.getHttpClient();

4、保存证书到assets中

    public static synchronized HttpClient getHttpClientAssetsSSL(Context context,String SSL) {
        InputStream ins = null;
        try {
            ins = context.getAssets().open(SSL); //下载的证书放到项目中的assets目录中
            CertificateFactory cerFactory = CertificateFactory
                    .getInstance("X.509");
            Certificate cer = cerFactory.generateCertificate(ins);
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trust", cer);

            SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
            Scheme sch = new Scheme("https", socketFactory, 443);
            httpClient = new DefaultHttpClient();
            httpClient.getConnectionManager().getSchemeRegistry()
                    .register(sch);
            return httpClient;
        } catch (Exception e) {
            return new DefaultHttpClient();
        } finally {
            try {
                if (ins != null)
                    ins.close();
            } catch (IOException e) {
                e.printStackTrace();
                return new DefaultHttpClient();
            }
        }
    }

用法同上

5、完整工具类奉上

package com.test.device.openglesproject;
import android.content.Context;
import android.util.Log;

import org.apache.http.HttpResponse;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.params.ConnManagerParams;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpConnectionParams;
import org.apache.http.params.HttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Socket;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;


import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;


/**
 * create by zyy
 * 1、HttpClient 使用https,且绕过ssl证书验证,即通过所有验证
 * 2、assets中导入ssl证书
 */
public class HttpClientHelper {

    private static HttpClient httpClient;//实例

    /**
     * 构造函数
     */
    private HttpClientHelper() {
    }

    /**
     * 获取通过所有证书校验的httpclient实例
     * @return
     */
    public static synchronized HttpClient getHttpClient() {

        if (null == httpClient) {
            // 初始化工作
            try {
                KeyStore trustStore = KeyStore.getInstance(KeyStore
                        .getDefaultType());
                trustStore.load(null, null);
                SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
                sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  //允许所有主机的验证

                HttpParams params = new BasicHttpParams();

                HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
                HttpProtocolParams.setContentCharset(params,
                        HTTP.DEFAULT_CONTENT_CHARSET);
                HttpProtocolParams.setUseExpectContinue(params, true);

                // 设置连接管理器的超时
                ConnManagerParams.setTimeout(params, 10000);
                // 设置连接超时
                HttpConnectionParams.setConnectionTimeout(params, 10000);
                // 设置socket超时
                HttpConnectionParams.setSoTimeout(params, 10000);

                // 设置http https支持
                SchemeRegistry schReg = new SchemeRegistry();
                schReg.register(new Scheme("http", PlainSocketFactory
                        .getSocketFactory(), 80));
                schReg.register(new Scheme("https", sf, 443));

                ClientConnectionManager conManager = new ThreadSafeClientConnManager(
                        params, schReg);

                httpClient = new DefaultHttpClient(conManager, params);
            } catch (Exception e) {
                e.printStackTrace();
                return new DefaultHttpClient();//异常输出常规实例
            }
        }
        return httpClient;
    }

    /**
     * assets中导入ssl证书,ssl证书通过浏览器访问https地址,保存提示的证书到本地
     * @param context
     * @param SSL  assets中的ssl证书名,带后缀
     * @return httpclient实例
     */
    public static synchronized HttpClient getHttpClientAssetsSSL(Context context,String SSL) {
        InputStream ins = null;
        try {
            ins = context.getAssets().open(SSL); //下载的证书放到项目中的assets目录中
            CertificateFactory cerFactory = CertificateFactory
                    .getInstance("X.509");
            Certificate cer = cerFactory.generateCertificate(ins);
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trust", cer);

            SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
            Scheme sch = new Scheme("https", socketFactory, 443);
            httpClient = new DefaultHttpClient();
            httpClient.getConnectionManager().getSchemeRegistry()
                    .register(sch);
            return httpClient;
        } catch (Exception e) {
            return new DefaultHttpClient();
        } finally {
            try {
                if (ins != null)
                    ins.close();
            } catch (IOException e) {
                e.printStackTrace();
                return new DefaultHttpClient();
            }
        }
    }
}

class SSLSocketFactoryEx extends SSLSocketFactory {

    SSLContext sslContext = SSLContext.getInstance("TLS");

    public SSLSocketFactoryEx(KeyStore truststore)
            throws NoSuchAlgorithmException, KeyManagementException,
            KeyStoreException, UnrecoverableKeyException {
        super(truststore);

        TrustManager tm = new X509TrustManager() {

            @Override
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            @Override
            public void checkClientTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }

            @Override
            public void checkServerTrusted(
                    java.security.cert.X509Certificate[] chain, String authType)
                    throws java.security.cert.CertificateException {

            }
        };

        sslContext.init(null, new TrustManager[] { tm }, null);
    }

    @Override
    public Socket createSocket(Socket socket, String host, int port,
                               boolean autoClose) throws IOException, UnknownHostException {
        return sslContext.getSocketFactory().createSocket(socket, host, port,
                autoClose);
    }

    @Override
    public Socket createSocket() throws IOException {
        return sslContext.getSocketFactory().createSocket();
    }
}

不懂的同学,完全可以看注释,代码一目了然,可以直接拿去用

git传送阵https://github.com/zhangyuyan62435/HttpClient.git

好的,今天就到这里

一品仙人
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
专栏目录
解决间歇性 SSLPeerUnverifiedException 问题
qq_33326733的博客
05-15 393
间歇性的问题可能由于多个原因引起,本文提供了几种潜在的解决方案。通过强制使用特定版本的 TLS 协议、确保证书配置正确、升级 JVM 和使用最新版本的okhttp3库,您可以显著减少或解决这个问题。希望这些建议能帮助您解决问题。如果有进一步的问题或需要更详细的帮助,请随时联系。
HttpClient配置SSL绕过https证书实例
12-14
HttpClient配置SSL绕过https证书实例,附件中包含所需httpclient组件jar库。博客地址:http://blog.csdn.net/irokay/article/details/78801307。
OkHttp调用HTTPS遇到的问题之:SSLPeerUnverifiedException
notHeadache的博客
08-05 1万+
关于OkHttp OkHttp学习 Https学习 最近在用OkHttp调https接口的时候遇到一个问题 javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated. 这是由于https请求证书验证问题,直接请求一般都会失败。一般是做证书验证处理或者忽略证书验证。 可是给我https接口的小伙伴说,他们都没使用证书加密。我
httpclient java客户端绕过_Java.HttpClient绕过Https证书解决方案二
weixin_42512719的博客
02-13 93
result;}/*** 信任证书管理* */private static TrustManager[] TrustAllCerts = new TrustManager[]{new X509TrustManager(){@Overridepublic void checkClientTrusted(X509Certificate[] chain,String authType) throws C...
SSLPeerUnverifiedException
huryer的专栏
07-17 6264
问题描述: 调用https服务时,提示以下错误: SSLException javax.net.ssl.SSLPeerUnverifiedException: Certificate for <192.168.1.123> doesn't match any of the subject alternative names: [www.demo.com] 解决办法: 方案1:修改hosts 如果修改操作系统hosts文件, C:\windows\system32\drivers\etc/ho
java绕过ssl_如何在java中绕过ssl证书检查
weixin_32597695的博客
02-24 1190
我想访问一个SOAP webservice url,其中https托管在远程虚拟机中.我在使用HttpURLConnection访问它时遇到异常.这是我的代码:import javax.net.ssl.*;import java.io.OutputStream;import java.net.HttpURLConnection;import java.net.URL;import java.sec...
http请求绕过httpsssl证书
qq_1323002760的博客
05-25 1132
报错信息:PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException ubable to find valid certification path to requested garget
java HTTPS请求绕过证书检测
u014644574的博客
08-19 3067
java HTTPS请求绕过证书检测 PKIX:unable to find valid certification path to requested target package util; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStreamWriter; import java.net.URL; impo
JAVA利用HttpClient进行HTTPS接口调用的方法
08-29
HttpClient支持HTTP/1.1和HTTP/2.0协议,并提供了丰富的功能来处理HTTP请求和响应。 知识点2:HTTPS接口调用的必要性 随着网络安全的日益重要,HTTPS协议作为一种加密的网络协议,已经成为网络安全的标准之一。...
HttpClient发起HTTPs请求.rar
07-25
在Java中,HttpClient可以很好地支持HTTPS请求,但需要进行一些额外的配置,例如设置信任的证书和密钥管理器。 在描述中提到的`HttpsRequest.java`文件,很可能是实现这些功能的Java源代码。它可能包含了一个类,该...
httpclient4.5 绕过ssl认证文件访问
03-01
本篇文章将详细讲解如何在HTTPClient 4.5版本中绕过SSL(Secure Sockets Layer)认证,实现对HTTPS网站的访问。 首先,了解SSL/TLS(Transport Layer Security)协议的重要性。SSL/TLS是网络安全传输的标准,它通过...
httpclient绕过验证码直接抓取
05-12
"HttpClient绕过验证码直接抓取" HttpClient是一种常用的网络请求库,常用于网络爬虫、自动化测试、数据爬取等领域。今天,我们将讨论如何使用HttpClient绕过验证码直接抓取网站数据。 绕过验证码的原理 验证码是...
关于SSL认证的小坑 SSLPeerUnverifiedException
Java小虎
08-30 3606
起因 最近公司要配置Tuleap和Jenkins的双向SSL交互通信,什么?Tuleap是个什么玩意? 这个我会在后面的帖子进行补充介绍。 您就理解它是一款优秀开源的项目管理工具即可(敏捷看板)。 经过 一波常规操作之后,基本上两台服务器各自使用SSL的通信测试命令都能跑通了。 常用的两个命令给大家演示一下: //测试本地和目标服务器的443端口是否可以正常连通握手 openssl s_client -connect 172.17.162.164:443 //输出连接的到目标服务器的通信过程 curl -v
NO.91 SSLPeerUnverifiedException 问题之解决(附HttpClientUtils升级版)
AmosRyan--整体的局部还是整体,宇宙之外还是宇宙
02-28 1万+
SSLPeerUnverifiedException问题解决。 附HttpClinet工具 1. 基于Apache HttpClient4 2. 添加获取图片的方法 3. 支持https 4. 支持会话保持
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
热门推荐
麦叔
05-08 2万+
Hello,小伙伴好久不见!今天在联调接口时,遇到一个错误,纠结了好久才解决.虽然是粗心引起的,但是也大概明白了引起这个错误的来龙去脉,现在整理一下,分享给大家,希望大家在遇到这个类似问题了,不会太无助; 前言 我们来看下问题发生的大背景;这次我们联调是一个获取单笔订单详情的接口,采用https请求方式.我方是请求方,现需请求能力开发平台(对方)的接口 1.Https加密认证过程是什...
HttpClient 请求 Https 报错的SSL证书异常的问题,请使用以下方法解决。
沉心静气
03-14 1352
方法一,非长久之计,有失效风险(已经测试过,晚上好好的,白天就异常)方法二,应该比较稳妥一些。通过OpenSSL
javax.net.ssl.SSLPeerUnverifiedException
最新发布
老阿姨的博客
03-28 915
【代码】javax.net.ssl.SSLPeerUnverifiedException
【编程】HttpClient解决SSL证书问题
【涘涘回来啦】
01-13 2909
使用httpclient访问https网站时,可能遇到SSLHandshakeException。其根本原因是我们模拟的HttpClient没有SSL证书。 虽然我们可以通过设置Java来解决,但为了保证在各个环境都能正常运行代码,更健壮的方案是忽略掉SSL的检查。 详细代码如下,通过该类获取的CloseableHttpClient,在访问https网站时会自动忽略SSL检查: packa...
避免HttpClient的”javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”异常
weixin_34095889的博客
08-22 366
在开发https应用时,你的测试服务器常常没有一个(有效的)SSL证书。在你的客户端连接测试服务器时,如下的异常会被抛出:”javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”。 我将讨论使用Apache HttpClient时,解决该问题的一种方法(http://hc.apache.org/httpcomponent...
httpclient访问https
07-27
HttpClient访问https站点时,需要注意证书的处理。有几种方法可以解决这个问题。方法一是将站点的证书导入到Java的证书库文件中。方法二是在HttpClient访问时使用网站的证书进行访问。方法三是在HttpClient访问https站点时忽略认证。方法四是在HttpClient访问https站点时信任所有证书。如果JRE或者JDK没有导入某个站点的证书,那么在访问时会报错,错误信息可能是"javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"。\[1\]\[2\]\[3\] #### 引用[.reference_title] - *1* *2* *3* [HttpClient 使用证书访问https站点](https://blog.csdn.net/oscar999/article/details/123016797)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值