HttpURLConnection绕过SSL验证,信任所有证书的工具类

HttpURLConnection绕过SSL验证,信任所有证书的工具类

​ 发起https请求时经常会出现javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException这样的错误,那是因为环境中没有证书校验,我们可以在连接中设置绕过SSL校验来解决这个问题。

public class SslUtil {

    // 针对全局
    public static void trustAllHttpsCertificates() throws NoSuchAlgorithmException, KeyManagementException {
        TrustManager[] trustAllCerts = new TrustManager[1];
        trustAllCerts[0] = new TrustAllManager();
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        });
    }

    // 针对单个连接
    public static void trustAllHttpsCertificates(URLConnection connection) throws NoSuchAlgorithmException, KeyManagementException {
        HttpsURLConnection httpsURLConnection = (HttpsURLConnection) connection;
        TrustManager[] trustAllCerts = new TrustManager[1];
        trustAllCerts[0] = new TrustAllManager();
        SSLContext sc = SSLContext.getInstance("SSL");
        sc.init(null, trustAllCerts, null);
        httpsURLConnection.setSSLSocketFactory(sc.getSocketFactory());
        httpsURLConnection.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String urlHostName, SSLSession session) {
                return true;
            }
        });
    }

    private static class TrustAllManager implements X509TrustManager {

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        @Override
        public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
        }
    }
}
  • 0
    点赞
  • 5
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Java的HttpUrlConnection类支持HTTPS请求,并且会自动进行SSL校验。然而,有时候我们可能需要绕过SSL校验,比如在开发环境中或者使用自签名证书时。以下是一种简单的方法来绕过SSL校验。 首先,创建一个SSLContext对象,并使用自定义的TrustManager来进行SSL校验。如下所示: ```java TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) { } public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { } } }; SSLContext sc = SSLContext.getInstance("SSL"); sc.init(null, trustAllCerts, new java.security.SecureRandom()); ``` 然后,将SSLContext对象设置到HttpURLConnection中。如下所示: ```java URL url = new URL("https://example.com"); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); if (conn instanceof HttpsURLConnection) { ((HttpsURLConnection) conn).setSSLSocketFactory(sc.getSocketFactory()); } ``` 这样,HttpURLConnection就会使用我们自定义的SSLContext对象进行SSL请求,绕过SSL校验。但是请注意,这样做会降低安全性,不推荐在生产环境中使用。 同时,由于此方法会绕过所有SSL校验,包括证书的hostname验证,因此建议在设置SSLContext之后,添加以下代码来禁用hostname验证: ```java if (conn instanceof HttpsURLConnection) { ((HttpsURLConnection) conn).setHostnameVerifier((hostname, session) -> true); } ``` 这个方法用于绕过Java的HttpURLConnectionSSL校验,但需要注意在生产环境中慎用,因为绕过SSL校验会降低安全性。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值