public static void main(String... args) {
try (CloseableHttpClient httpclient = createAcceptSelfSignedCertificateClient()) {
HttpGet httpget = new HttpGet("https://example.com");
System.out.println("Executing request " + httpget.getRequestLine());
httpclient.execute(httpget);
System.out.println("----------------------------------------");
} catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException | IOException e) {
throw new RuntimeException(e);
}
}
private static CloseableHttpClient createAcceptSelfSignedCertificateClient()
throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
// use the TrustSelfSignedStrategy to allow Self Signed Certificates
SSLContext sslContext = SSLContextBuilder
.create()
.loadTrustMaterial(new TrustSelfSignedStrategy())
.build();
// we can optionally disable hostname verification.
// if you don't want to further weaken the security, you don't have to include this.
HostnameVerifier allowAllHosts = new NoopHostnameVerifier();
// create an SSL Socket Factory to use the SSLContext with the trust self signed certificate strategy
// and allow all hosts verifier.
SSLConnectionSocketFactory connectionFactory = new SSLConnectionSocketFactory(sslContext, allowAllHosts);
// finally create the HttpClient using HttpClient factory methods and assign the ssl socket factory
return HttpClients
.custom()
.setSSLSocketFactory(connectionFactory)
.build();
}
SSLContext sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
System.out.println("getAcceptedIssuers =============");
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkClientTrusted =============");
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkServerTrusted =============");
}
} }, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslContext);
Scheme httpsScheme = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);
// apache HttpClient version >4.2 should use BasicClientConnectionManager
ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(cm);
23条答案
按热度按时间kpbwa7wx1#
如果您使用的是apache httpclient 4.5.x,请尝试以下操作:
7rfyedvj2#
fwiw,一个使用jax rs 2.x的“resteasy”实现来构建一个特殊的“信任所有”客户端的示例。。。
相关maven依赖项
e5nszbig3#
如果在使用嵌入apache httpclient 4.1的Amazon3Client时遇到此问题,只需定义如下系统属性,以便ssl证书检查器轻松:
-dcom.amazonaws.sdk.disablecertchecking=真
恶作剧管理
luaexgnf4#
按4.3.3测试
}
oaxa6hgo5#
如果您使用的是fluent api,则需要通过
Executor
:... 哪里
sslContext
是按照zz编码器的答案所示创建的sslcontext。之后,您可以按以下方式执行http请求:
注:使用httpclient 4.2进行测试
qyswt5oh6#
apachehttpclient 4.1.3的完整工作版本(基于上面的oleg代码,但在我的系统上仍然需要allow\u all\u hostname\u验证器):
请注意,我抛出所有异常是因为实际上,如果在实际系统中出现任何一个异常,我也无能为力!
gcuhipw97#
下面的代码用于
4.5.5
```import java.io.IOException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.util.EntityUtils;
class HttpsSSLClient {
}
public class TestMe {
}
4.0.0
qmelpv7a8#
daolsyd09#
要接受httpclient 4.4.x中的所有证书,可以在创建httpclient时使用以下一行代码:
a0x5cqrl10#
4.5.4测试:
g9icjywg11#
您需要使用自己的trustmanager创建sslcontext,并使用此上下文创建https方案。这是密码,
ncecgwcz12#
所有其他答案要么被否决,要么不适用于httpclient4.3。
下面是一种在构建http客户机时允许所有主机名的方法。
或者,如果您使用的是版本4.4或更高版本,则更新的呼叫如下所示:
mqkwyuun13#
只是在更新的httpclient 4.5上必须这样做,而且似乎他们从4.4开始就不赞成使用一些东西,所以下面是一个代码片段,它适用于我,并使用了最新的api:
sshcrbum14#
apache httpclient 4.5.5版
没有使用不推荐使用的api。
简单可验证测试用例:
nkkqxpd915#
为了记录在案,有一种更简单的方法可以用httpclient4.1实现同样的功能