OkHttp3.1以上信任所有證書,OkHttpClient設定忽略所有SSL證書驗證
阿新 • • 發佈:2021-08-03
在開發中個,第三方https-ssl是自建的,在使用OKhttp/restTemplate呼叫是報錯:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
OkHttpClient設定忽略所有SSL證書驗證
Okhttp程式碼
public static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder.build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } }
寫了個工具類
import okhttp3.MediaType; import okhttp3.OkHttpClient; import javax.net.ssl.*; import java.util.concurrent.TimeUnit; public class OkHttpClintUtil { public static final MediaType mediaType = MediaType.parse("application/json; charset=utf-8"); /** * 預設-不信任自建ssl */ public static final OkHttpClient httpClient = new OkHttpClient.Builder() .connectTimeout(10, TimeUnit.SECONDS)//設定連線超時時間 .readTimeout(20, TimeUnit.SECONDS)//設定讀取超時時間 .build(); /** * 信任所有https-ssl證書 * 航信https-ssl證書是自建的(無恥,不捨得花錢購買) * @return */ public static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[]{}; } } }; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient.Builder builder = new OkHttpClient.Builder(); builder.sslSocketFactory(sslSocketFactory); builder.hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }); OkHttpClient okHttpClient = builder .connectTimeout(10, TimeUnit.SECONDS)//設定連線超時時間 .readTimeout(20, TimeUnit.SECONDS)//設定讀取超時時間 .build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } } }
呼叫:
Map<String, Object> params = new HashMap<>(); params.put("username", TRAVELSKY_BAGGAGE_U); params.put("password", TRAVELSKY_BAGGAGE_P); String param= JSON.toJSONString(params); RequestBody requestBody = RequestBody.create(OkHttpClintUtil.mediaType, param); Request getUserRequest = new Request.Builder().url(TRAVELSKY_BAGGAGE_URL) .post(requestBody).build(); Response userResponse = OkHttpClintUtil.getUnsafeOkHttpClient().newCall(getUserRequest).execute();