OkHttp3.1以上信任所有證書,OkHttpClient設定忽略所有SSL證書驗證
阿新 • • 發佈:2021-08-03
在開發中個,第三方https-ssl是自建的,在使用OKhttp/restTemplate呼叫是報錯:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed
OkHttpClient設定忽略所有SSL證書驗證
Okhttp程式碼
public static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
OkHttpClient okHttpClient = builder.build();
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
寫了個工具類
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import javax.net.ssl.*;
import java.util.concurrent.TimeUnit;
public class OkHttpClintUtil {
public static final MediaType mediaType = MediaType.parse("application/json; charset=utf-8");
/**
* 預設-不信任自建ssl
*/
public static final OkHttpClient httpClient = new OkHttpClient.Builder()
.connectTimeout(10, TimeUnit.SECONDS)//設定連線超時時間
.readTimeout(20, TimeUnit.SECONDS)//設定讀取超時時間
.build();
/**
* 信任所有https-ssl證書
* 航信https-ssl證書是自建的(無恥,不捨得花錢購買)
* @return
*/
public static OkHttpClient getUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
OkHttpClient okHttpClient = builder
.connectTimeout(10, TimeUnit.SECONDS)//設定連線超時時間
.readTimeout(20, TimeUnit.SECONDS)//設定讀取超時時間
.build();
return okHttpClient;
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
呼叫:
Map<String, Object> params = new HashMap<>();
params.put("username", TRAVELSKY_BAGGAGE_U);
params.put("password", TRAVELSKY_BAGGAGE_P);
String param= JSON.toJSONString(params);
RequestBody requestBody = RequestBody.create(OkHttpClintUtil.mediaType, param);
Request getUserRequest = new Request.Builder().url(TRAVELSKY_BAGGAGE_URL)
.post(requestBody).build();
Response userResponse = OkHttpClintUtil.getUnsafeOkHttpClient().newCall(getUserRequest).execute();