请求第三方Https地址忽略SSL证书校验

最新推荐文章于 2024-06-30 03:51:14 发布
最新推荐文章于 2024-06-30 03:51:14 发布
阅读量2.5k 收藏 1
点赞数
分类专栏: 笔记 文章标签: https ssl 网络协议
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_42521108/article/details/132097407
版权

请求第三方Https地址忽略SSL证书校验

说明:个人使用记录

需要依赖

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpcore</artifactId>
    <version>4.4.9</version>
</dependency>
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
    <version>4.5.13</version>
</dependency>
<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpmime</artifactId>
    <version>4.5.12</version>
</dependency>

首先创建忽略工具

import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

public class TrustAllTrustManager implements TrustManager, X509TrustManager {
    @Override
    public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

    }

    @Override
    public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}

方式一: HttpURLConnection

需要在请求之前忽略ssl协议,这里是直接使用静态方法初始化时就执行了

static{
        //直接通过主机认证
        HostnameVerifier verifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };
        TrustManager[] trustManagers = {new TrustAllTrustManager()};
        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("SSL");
            SSLSessionContext sslc = sc.getServerSessionContext();
            sslc.setSessionTimeout(0);
            sc.init(null,trustManagers,null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            //激活主机认证
            HttpsURLConnection.setDefaultHostnameVerifier(verifier);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

方式二:HttpGet 或 HttpPost

也需要在请求接口之前忽略SSL

//记得try 或 throws 异常
SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(
		SSLContexts.custom.loadTrustMaterial(null,
		new TrustSelfSignedStrategy()).build(),NoopHostnameVerifier.INSTANCE);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(scsf).build();
//请求
HttpGet request = new HttpGet("请求地址");

举例:请求第三方接口 并 上传文件

import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

import javax.net.ssl.*;
import java.io.*;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.MessageDigest;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/**
 * dms 交互物文件处理
 */
@Component
public class DmsHelper {

    static{
        //直接通过主机认证
        HostnameVerifier verifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };
        TrustManager[] trustManagers = {new TrustAllTrustManager()};
        SSLContext sc = null;
        try {
            sc = SSLContext.getInstance("SSL");
            SSLSessionContext sslc = sc.getServerSessionContext();
            sslc.setSessionTimeout(0);
            sc.init(null,trustManagers,null);
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            //激活主机认证
            HttpsURLConnection.setDefaultHostnameVerifier(verifier);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     * 测试使用
     */
    public static void main(String[] args) throws Exception {

        String filepath = "上传的文件地址";
        String urlStr = "第三方接口";

		//form-data 参数
        Map<String, String> textMap = new HashMap<String, String>();
        textMap.put("name", "1");
		//上传的文件
        Map<String, String> fileMap = new HashMap<String, String>();
        fileMap.put("file", filepath);
        String ret = formUpload(urlStr, textMap, fileMap);
        System.out.println(ret);
    }
    
    /**
     * 上传图片
     * @param urlStr
     * @param textMap
     * @param fileMap
     * @return
     */
    public static String formUpload(String urlStr, Map<String, String> textMap, Map<String, String> fileMap) {

        String res = "";
        HttpURLConnection conn = null;
        String BOUNDARY = "---------------------------123821742118716"; //boundary就是request头和上传文件内容的分隔符
        try {
            URL url = new URL(urlStr);
            conn = (HttpURLConnection) url.openConnection();
            conn.setConnectTimeout(5000);
            conn.setReadTimeout(30000);
            conn.setDoOutput(true);
            conn.setDoInput(true);
            conn.setUseCaches(false);
            conn.setRequestMethod("POST");
            conn.setRequestProperty("Connection", "Keep-Alive");
            conn.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.6)");
            conn.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + BOUNDARY);

            OutputStream out = new DataOutputStream(conn.getOutputStream());
            // text
            if (textMap != null) {
                StringBuffer strBuf = new StringBuffer();
                Iterator<Map.Entry<String, String>> iter = textMap.entrySet().iterator();
                while (iter.hasNext()) {
                    Map.Entry<String, String> entry = iter.next();
                    String inputName = (String) entry.getKey();
                    String inputValue = (String) entry.getValue();
                    if (inputValue == null) {
                        continue;
                    }
                    strBuf.append("\r\n").append("--").append(BOUNDARY).append("\r\n");
                    strBuf.append("Content-Disposition: form-data; name=\"" + inputName + "\"\r\n\r\n");
                    strBuf.append(inputValue);
                }
                out.write(strBuf.toString().getBytes());
            }

            // file
            if (fileMap != null) {
                Iterator<Map.Entry<String, String>> iter = fileMap.entrySet().iterator();
                while (iter.hasNext()) {
                    Map.Entry<String, String> entry = iter.next();
                    String inputName = (String) entry.getKey();
                    String inputValue = (String) entry.getValue();
                    if (inputValue == null) {
                        continue;
                    }
                    File file = new File(inputValue);
                    String filename = file.getName();
                    String contentType = filename.substring(filename.lastIndexOf(".")+1,filename.length());//文件类型


                    StringBuffer strBuf = new StringBuffer();
                    strBuf.append("\r\n").append("--").append(BOUNDARY).append("\r\n");
                    strBuf.append("Content-Disposition: form-data; name=\"" + inputName + "\"; filename=\"" + filename + "\"\r\n");
                    strBuf.append("Content-Type:" + contentType + "\r\n\r\n");

                    out.write(strBuf.toString().getBytes());

                    DataInputStream in = new DataInputStream(new FileInputStream(file));
                    int bytes = 0;
                    byte[] bufferOut = new byte[1024];
                    while ((bytes = in.read(bufferOut)) != -1) {
                        out.write(bufferOut, 0, bytes);
                    }
                    in.close();
                }
            }

            byte[] endData = ("\r\n--" + BOUNDARY + "--\r\n").getBytes();
            out.write(endData);
            out.flush();
            out.close();

            // 读取返回数据
            StringBuffer strBuf = new StringBuffer();
            BufferedReader reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
            String line = null;
            while ((line = reader.readLine()) != null) {
                strBuf.append(line).append("\n");
            }
            res = strBuf.toString();
            reader.close();
            reader = null;
        } catch (Exception e) {
            System.out.println("发送POST请求出错。" + urlStr);
            e.printStackTrace();
        } finally {
            if (conn != null) {
                conn.disconnect();
                conn = null;
            }
        }
        return res;
    }


    /**
     * md5加密
     */
    public static String GenerateSignature(String str){
        String signature = "";
        try{
            //创建一个提供信息摘要算法的对象,初始化为md5算法对象
            MessageDigest md = MessageDigest.getInstance("MD5");
            //计算后获得字节数组
            byte[] bytes = md.digest(str.getBytes("utf-8"));
            //把数组每一字节换成16进制连成md5字符串
            signature = bytesToHex(bytes);
        }catch (Exception e) {
            e.printStackTrace();
        }
        return signature;
    }

    public static String bytesToHex(byte[] bytes) {
        StringBuffer md5str = new StringBuffer();
        //把数组每一字节换成16进制连成md5字符串
        int digital;
        for (int i = 0; i < bytes.length; i++) {
            digital = bytes[i];
            if (digital < 0) {
                digital += 256;
            }
            if (digital < 16) {
                md5str.append("0");
            }
            md5str.append(Integer.toHexString(digital));
        }
        return md5str.toString();
    }

}
小丫头莫伊
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
httpclient 绕开HTTPS证书校验
07-05
httplient向https发送请求会因为证书校验而报错,该工具类提供绕开HTTPS证书校验方法,以实现访问https网站的功能
HttpClient4.5 实现https忽略SSL证书验证
09-22
使用HttpClient4.5实现https请求忽略SSL证书验证工具类
nginx配置正向代理忽略证书!!!!!
u011197085的博客
06-07 702
和Nginx都会忽略SSL证书检查,从而避免证书验证错误。在连接到HTTPS站点时忽略证书错误。要绕过证书验证忽略SSL证书检查,可以使用。修改你的Nginx配置文件(例如。命令通过代理测试下载。
okHttp的https请求忽略ssl证书认证
bai920708的博客
06-12 1085
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
JAVA使用HttpURLConnection请求HTTPS网站,不需要证书验证的DEMO教程
renkai721的专栏
07-27 5374
最近在爬取一个国外的购物网站商品,首先本地的VPN肯定是打开的,发现浏览器和postman每次都可以请求到内容,但是java代码尝试了各种方式都是Connection refused: connect,一开始以为是java代码的问题,后来突然意识到java是在虚拟机上运行的,可能需要使用代码进行代理,果然如此【虽然VPN打开的,但是java并不会自己去走VPN的那条通道】! 无法连接的错误消息如下: java.net.ConnectException: Connection refused: con.
java跳过ssl证书检查
最新发布
weixin_34738099的博客
06-30 60
Java中如何跳过SSL证书检查 在Java开发中,我们经常会遇到需要进行HTTPS请求的情况。但是有时候,我们在进行HTTPS请求时会遇到SSL证书检查失败的问题。这时候,我们需要跳过SSL证书检查来解决这个问题。 为什么需要跳过SSL证书检查 SSL证书检查是为了确保当前请求的目标服务器是可信任的,这是为了保护用户的隐...
AXIS2跳过HTTPS证书验证的几种方式
lhever_的博客
06-26 5534
声明:本文转载自:AXIS2跳过HTTPS证书验证的几种方式为了避免丢失,Copy原文如下:AXIS2跳过HTTPS证书验证的几种方式 Posted on 2016/03/24 by neohope AXIS2启用HTTPS,只需要设置truststore及密码,然后对于HTTPS协议,就会自动启用SSL通信了。 System.setProperty("javax.net.ssl.trustSt...
java忽略证书验证(兼容http,https)
A1682234的博客
07-14 3031
HttpURLConnection是java的标准类,没有做封装,用起来比较原始,HttpURLConnection通常可以访问http/https协议,但是如果想忽略证书校验的话,需要使用HttpsURLConnection访问url,同时HttpsURLConnection只能访问https的协议。原文链接:https://blog.csdn.net/tianzhonghaoqing/article/details/128529358。java HttpsURLConnection忽略证书
Https 忽略证书验证
唐诺
12-03 6322
Https证书验证失败,异常信息: Trust anchor for certification path not found. Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. at com.android.org.conscrypt.OpenSSLSoc
HTTPS请求忽略SSL证书
占星安啦的博客
11-18 8834
unable to find valid certification path to requested target https请求忽略SSL校验
java用HttpURLConnection发起HTTPS请求并跳过SSL证书
lianzhitiger的博客
02-23 9384
package com.ruoyi.common.utils.https; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java
https的get和post请求,去除ssl校验的java工具类
12-04
java的get和post请求,获取json的工具类,https时会存在ssl校验的问题,工具会自动去除ssl校验
httpClient实例httpClient调用 http/https实例 忽略SSL验证
03-30
这个实例主要涉及如何配置HttpClient来忽略SSL(Secure Socket Layer)验证,这对于在开发和测试环境中处理自签名证书或未认证的服务器非常有用。以下将详细介绍HttpClient的使用以及如何进行SSL验证忽略。 首先...
Java如何跳过httpsssl证书验证详解
08-25
三、Java跳过HTTPSSSL证书验证的解决思路 有两个解决思路:1、确认是单向认证还是双向认证,Server端是否校验Client端;2、可以忽略服务器证书校验(将hostname校验和CA证书校验同时关闭)。网上最常用的,就是...
IOS开发 支持https请求以及ssl证书配置详解
08-31
本文将详细讲解如何在iOS应用中支持HTTPS请求以及SSL证书的配置。 首先,我们来看一下证书的准备步骤: 1. **证书转换**:通常,服务器管理员会提供一个.crt格式的SSL证书。你可以使用`openssl`工具将其转换为.cer...
Java-HttpsURLConnection跳过SSL证书发送请求
weixin_45203607的博客
10-17 1673
HttpsURLConnection跳过SSL证书发送请求 在Java的编程世界里面,我们有的时候,会经常访问一些HTTPS的网站,那么访问这些HTTPS的网站的时候,如果当前这个网站是自己企业内部的已知的网站,或者我们信任的网站,这个时候,我们为了编写程序的方便,就不需要把当前网站的服务器的根证书以及中间证书导入到JKS里面,让在程序在调用HTTP协议的时候对服务器的服务器名和证书名进行对比 解决办法: 跳过SSL证书,将下面部分代码添加到你的类或者方法中就能跳过证书了 import javax.net
JAVA http/https 实现get/post请求 带认证信息 同时忽略ssl认证方法
ldddd_的博客
03-20 3112
背景: 最近在做一个项目 前台需要调取平台api 但是直接调用会跨域 所以需要后台调取数据返回给前台 所以。。。。 先贴代码: /** * 发送远端GET请求的公共方法 * * @param url (远程请求的URL) * @param access_token (用户名 密码 选填) * @param acceptType( 接受的数据格式 ...
Java URLConnection下载文件忽略https证书验证
weixin_44862578的博客
01-11 918
【代码】Java URLConnection下载文件忽略https证书验证
springboot httpclient调用第三方https接口 忽略ssl
07-21
### 回答1: Spring Boot中使用HttpClient调用第三方HTTPS接口,并忽略SSL证书验证,可以通过以下步骤来实现: 1. 导入HttpClient和SSL相关的依赖: 在pom.xml文件中添加以下依赖: ```xml <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.13</version> </dependency> <dependency> <groupId>javax.net.ssl</groupId> <artifactId>javax.net.ssl.HttpsURLConnection</artifactId> <version>1.0.0</version> </dependency> ``` 2. 创建忽略SSL验证的HttpClient对象: ```java import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClients; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; public class HttpClientUtil { public HttpClient createIgnoreSSLHttpClient() throws Exception { SSLContext sslContext = SSLContext.getInstance("TLS"); X509TrustManager trustManager = new X509TrustManager() { public void checkClientTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } public void checkServerTrusted(java.security.cert.X509Certificate[] x509Certificates, String s) throws java.security.cert.CertificateException { } public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[0]; } }; sslContext.init(null, new TrustManager[]{trustManager}, null); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); RequestConfig reqConfig = RequestConfig.custom().setSocketTimeout(120 * 1000).setConnectTimeout(120 * 1000).build(); HttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).setDefaultRequestConfig(reqConfig).build(); return httpClient; } } ``` 3. 使用创建的HttpClient对象发送HTTPS请求: ```java import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.util.EntityUtils; public class HttpsClientExample { public static void main(String[] args) throws Exception { HttpClientUtil httpClientUtil = new HttpClientUtil(); CloseableHttpClient httpClient = (CloseableHttpClient) httpClientUtil.createIgnoreSSLHttpClient(); HttpGet httpGet = new HttpGet("https://example.com/api"); CloseableHttpResponse response = httpClient.execute(httpGet); String responseBody = EntityUtils.toString(response.getEntity(), "UTF-8"); System.out.println(responseBody); response.close(); httpClient.close(); } } ``` 以上就是使用Spring Boot中的HttpClient实现忽略SSL证书的步骤。总结起来,主要包括导入相关依赖,创建忽略SSL验证的HttpClient对象,以及使用该对象发送HTTPS请求。 ### 回答2: Spring Boot中使用HttpClient调用第三方HTTPS接口时,如果忽略SSL证书验证,可以按照以下方法进行操作。 首先,需要在Spring Boot的配置文件application.properties中添加以下配置: ```plaintext # 忽略SSL证书验证 spring.main.allow-bean-definition-overriding=true ``` 然后,创建一个自定义的HttpClientConfig类,用于配置并创建HttpClient对象: ```java import org.apache.http.client.HttpClient; import org.apache.http.client.config.RequestConfig; import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClients; import org.apache.http.ssl.SSLContextBuilder; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import javax.net.ssl.SSLContext; @Configuration public class HttpClientConfig { @Value("${httpclient.ssl.ignore-ssl}") private boolean ignoreSSL; @Bean @ConditionalOnProperty(name = "httpclient.ssl.ignore-ssl", havingValue = "true") public HttpClient httpClient() throws Exception { if (ignoreSSL) { SSLContext sslContext = SSLContextBuilder.create() .loadTrustMaterial((chain, authType) -> true) .build(); SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); return HttpClients.custom() .setSSLSocketFactory(sslConnectionSocketFactory) .setDefaultRequestConfig(requestConfig()) .build(); } else { return HttpClients.createDefault(); } } private RequestConfig requestConfig() { return RequestConfig.custom() .setConnectTimeout(5000) .setSocketTimeout(5000) .build(); } } ``` 最后,在需要调用第三方HTTPS接口的地方注入HttpClient对象,并使用该对象进行接口调用即可: ```java import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.util.EntityUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service public class HttpService { @Autowired private HttpClient httpClient; public String getResponse(String url) throws Exception { HttpGet httpGet = new HttpGet(url); HttpResponse httpResponse = httpClient.execute(httpGet); return EntityUtils.toString(httpResponse.getEntity()); } } ``` 以上就是使用Spring Boot的HttpClient调用第三方HTTPS接口并忽略SSL证书验证的方法。请注意,忽略SSL证书验证可能存在安全风险,建议在生产环境中谨慎使用。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值