该博客介绍了一种Java中跳过HTTPS请求SSL证书验证的方法,通过自定义TrustManager和HostnameVerifier来实现。主要适用于开发和测试环境中,允许不安全的连接,但在生产环境中可能会引发安全隐患。
解决方法一:跳过证书验证,直接上代码
public class SslUtil {
private static void trustAllHttpsCertificates() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager, X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
}
/**
* 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
* @throws Exception
*/
public static void ignoreSsl() throws Exception {
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
System.out.println("忽略HTTPS请求的SSL证书");
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
} public static void main(String[] args) {
try {
SslUtil.ignoreSsl();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
SpringApplication.run(CreditWebBootApplication.class, args);
}
1308
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
