项目中有调到三方https的接口;本地测试没问题,部署到生产却报错误了,原因是缺少证书;
要么加上证书,要么忽略证书;我采用的忽略证书方式,
1.用OkHttpClient 忽略证书
在使用OkHttpClient时,如果你想要忽略SSL证书验证(通常不推荐,因为它会降低安全性),你可以通过自定义一个X509TrustManager
来实现,并创建一个SSLSocketFactory
来绕过证书检查。然后,你需要将这个SSLSocketFactory
和一个接受任何主机名的HostnameVerifier
一起设置到OkHttpClient的builder中。
废话不多说 直接上代码:
import okhttp3.OkHttpClient;
import javax.net.ssl.*;
import java.io.IOException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import okhttp3.*;
import java.io.IOException;
public class OkHttpIgnoreSSL {
public static OkHttpClient getUnsafeOkHttpClient() throws Exception {
// 创建一个信任所有证书的TrustManager
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
};
// 初始化SSLContext
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// 创建一个SSLSocketFactory
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
// 创建一个HostnameVerifier,它不会验证主机名
HostnameVerifier trustAllHosts = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true; // 不验证主机名
}
};
// 创建一个OkHttpClient并配置它
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
builder.hostnameVerifier(trustAllHosts);
return builder.build();
}
public String post(String url, String json,String Authorization) {
try {
OkHttpClient client = getUnsafeOkHttpClient();
RequestBody body = RequestBody.create(MediaType.parse("application/json; charset=utf-8"), json);
Request request = new Request.Builder()
.url(url)
.post(body).addHeader("Authorization",Authorization)
.build();
try (Response response = client.newCall(request).execute()) {
return response.body().string();
}
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
2. 使用client进行HTTPS请求
public static String getEncData(String data) {
//使用client进行HTTPS请求...
OkHttpIgnoreSSL ssl= new OkHttpIgnoreSSL();
//接口地址
String url ="https://192.168.1.19:8081/api/test";
//接口传参
Map<String,Object> map=new HashMap<>();
map.put("algorithmParam","SM4/ECB/PKCS7Padding");
map.put("data",data);
Gson gson = new Gson();
//map转字符串
String jsonString = gson.toJson(map);
//进行post请求 返回数据
String responseBody = ssl.post(url, jsonString, Authorization);
try {
//根据返回数据格式进行解析;
Map<String, Object> encDataMap = null;
Result apiResult = JSONObject.parseObject(responseBody, Result.class);
if(apiResult.getCode()==0){
ObjectMapper mapper = new ObjectMapper();
encDataMap = mapper.readValue( apiResult.getData().toString(), Map.class);
encData=encDataMap.get("encData").toString();
}
} catch (IOException e) {
e.printStackTrace();
}
return encData;
}
这样就ok了 如果帮助到你就点个赞吧 哈哈哈