同样的代码在JDK1.6,JDK1.7结果不一样,JDK1.6出现javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 错误,因服务接收方的版本为1.8,存在这种问题(前提条件是https 采用的单向握手方式,即忽略客户端的导入证书情况)
先上代码:
public static ResultData<String> httpPost(String url, String post, String contentType, Map<String, String> headMap) {
ResultData<String> resData = new ResultData<String>();
try {
HttpClient client = getSecuredHttpClient(new DefaultHttpClient());
StringEntity entity = new StringEntity(post, "utf-8");
entity.setContentEncoding("UTF-8");
HttpPost method = new HttpPost(url);
method.setEntity(entity);
if (!StringUtils.isEmpty(contentType)) {
method.addHeader("Content-Type", contentType);
}
Map<String, String> header = headMap == null ? new HashMap<String, String>() : headMap;
for (Map.Entry<String, String> entry : header.entrySet()) {
method.addHeader(entry.getKey(), entry.getValue());
}
HttpResponse result = client.execute(method);
resData.setDataResult(EntityUtils.toString(result.getEntity()));
} catch (UnsupportedEncodingException e) {
logger.error(e);
resData.setErrorMessage(e.getMessage());
} catch (ClientProtocolException e) {
logger.error(e);
resData.setErrorMessage(e.getMessage());
} catch (IOException e) {
logger.error(e);
resData.setErrorMessage(e.getMessage());
}
return resData;
}
private static DefaultHttpClient getSecuredHttpClient(HttpClient httpClient) {
final X509Certificate[] _AcceptedIssuers = new X509Certificate[] {};
try {
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return _AcceptedIssuers;
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
};
ctx.init(null, new TrustManager[] { tm }, new SecureRandom());
SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = httpClient.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https", 443, ssf));
return new DefaultHttpClient(ccm, httpClient.getParams());
} catch (Exception e) {
logger.error(e);
}
return null;
}
解决办法:将客户端版本升级到1.7或者1.8
另外请查看这个博客:http://blog.csdn.net/xieyuooo/article/details/7182354