今天研究钉钉的开放平台,结果一个demo整了半天,这帮助系统写的也很难懂。遇到两个问题:
1、首先是执行demo时报unable to find valid certification path to requested target,错误信息如下:
request url=https://oapi.dingtalk.com/gettoken?corpid=...略...&corpsecret=...略..., exception, msg=sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
只不过经研究,按网上的方式将证书导致到信任库中也没用,于是就找了段代码直接跳过
2、但是报下面这个错:
request url=https://oapi.dingtalk.com/get_jsapi_ticket?type=jsapi&access_token=2458f4d239173a12809cc94d1915d3b7,
exception, msg=hostname in certificate didn't match: != OR
具体没空研究,找到下面代码解决:
private staticCloseableHttpClient getHttpClient() {
RegistryBuilder registryBuilder = RegistryBuilder.create();
ConnectionSocketFactory plainSF= newPlainConnectionSocketFactory();
registryBuilder.register("http", plainSF);//指定信任密钥存储对象和连接套接字工厂
try{
KeyStore trustStore=KeyStore.getInstance(KeyStore.getDefaultType());//信任任何链接
TrustStrategy anyTrustStrategy = newTrustStrategy() {
@Overridepublic boolean isTrusted(X509Certificate[] x509Certificates, String s) throwsCertificateException {return true;
}
};
SSLContext sslContext=SSLContexts.custom().useTLS().loadTrustMaterial(trustStore, anyTrustStrategy).build();
LayeredConnectionSocketFactory sslSF= newSSLConnectionSocketFactory(sslContext, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
registryBuilder.register("https", sslSF);
}catch(KeyStoreException e) {throw newRuntimeException(e);
}catch(KeyManagementException e) {throw newRuntimeException(e);
}catch(NoSuchAlgorithmException e) {throw newRuntimeException(e);
}
Registry registry =registryBuilder.build();//设置连接管理器
PoolingHttpClientConnectionManager connManager = newPoolingHttpClientConnectionManager(registry);//connManager.setDefaultConnectionConfig(connConfig);//connManager.setDefaultSocketConfig(socketConfig);//构建客户端
returnHttpClientBuilder.create().setConnectionManager(connManager).build();
}
参考:http://blog.csdn.net/shenyunsese/article/details/41075579