背景
做一个项目的时候,需要调用https的接口,但是对方的ssl证书已经过期,而Feign默认会进行SSL认证,导致接口调用有点问题。当不跳过SSL验证的时候,Feign就会报错:
{
"code": "1",
"message": "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target executing POST https://jxhr.jxsfybjyy.cn/switch/services/jxfy/InteractiveKiosk/DoBusiness",
"data": null
}
网上的解决方案
写个配置类
@Component
@Import(FeignClientsConfiguration.class)
@Slf4j
public class ReqHosInner {
private DynamicURLFeignClient dynamicURLFeignClient;
@Autowired
public ReqHosInner(Decoder decoder, Encoder encoder) {
dynamicURLFeignClient = Feign.builder()
.encoder(encoder)
.decoder(decoder)
.client(getFeignClient())
.target(Target.EmptyTarget.create(DynamicURLFeignClient.class));
}
private Client getFeignClient() {
try {
SSLContext ctx = SSLContext.getInstance("SSL");
X509TrustManager tm = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
};
ctx.init(null, new TrustManager[]{tm}, null);
return new Client.Default(ctx.getSocketFactory(), (hostname, session) -> true);
} catch (Exception e) {
return null;
}
}
}