前言
通过重写TrustManager的checkClientTrusted(检查客户端证书信任)和 checkServerTrusted(检查服务端证书验证)。
以及HostnameVerifier的verify(校验)方法即可取消对证书的所有验证。
public class DisableSslCertificateCheckUtil {
private static final Logger LOGGER = LoggerFactory.getLogger(DisableSslCertificateCheckUtil.class);
/**
* Prevent instantiation of utility class.
*/
private DisableSslCertificateCheckUtil() {
}
/**
* Disable trust checks for SSL connections.
*/
public static void disableChecks() {
try {
new URL("https://0.0.0.0/").getContent();
} catch (IOException e) {
// This invocation will always fail, but it will register the
// default SSL provider to the URL class.
}
try {
SSLContext sslc;
sslc = SSLContext.getInstance("TLS");
TrustManager[] trustManagerArray = {new X509TrustManager() {
@Override
public
void checkClientTrusted(X509Certificate[] chain, String authType) throws
CertificateException {
}
@Override
public
void checkServerTrusted(X509Certificate[] chain, String authType) throws
CertificateException {
}
@Override
public
X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}};
sslc.init(null, trustManagerArray, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public
boolean verify(String s, SSLSession sslSession) {
return true;
}
});
} catch (Exception e) {
LOGGER.error("error msg:{}", e);
throw new IllegalArgumentException("证书校验异常!");
}
}
}