问题原因
访问https的网站,没有携带证书
解决方案
一、忽略证书
public RestTemplate dtRestTemplate() {
RestTemplate restTemplate = null;
try {
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, disableSslCheck(), new java.security.SecureRandom());
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
RequestConfig requestConfig = RequestConfig.custom()
.setConnectTimeout(TIMEOUT)
.setConnectionRequestTimeout(TIMEOUT)
.setSocketTimeout(TIMEOUT)
.build();
CloseableHttpClient sslInsecureClient = HttpClients.custom()
.setDefaultRequestConfig(requestConfig)
.setSSLSocketFactory(sslsf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(sslInsecureClient);
restTemplate = new RestTemplate(requestFactory);
} catch (Exception ex) {
LOG.error("restTemplate create failed:" + ex.getMessage());
}
return restTemplate;
}
private static TrustManager[] disableSslCheck() {
return new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
};
}
二、获取对应网站的证书
public RestTemplate restTemplate() {
RestTemplate restTemplate = null;
CloseableHttpClient sslInsecureClient = null;
try {
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
sslContext.init(null, getTrustManagerFactory().getTrustManagers(), new java.security.SecureRandom());
HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
RequestConfig requestConfig = RequestConfig.custom()
.setConnectTimeout(TIMEOUT)
.setSocketTimeout(TIMEOUT)
.setConnectionRequestTimeout(TIMEOUT)
.build();
sslInsecureClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setDefaultRequestConfig(requestConfig)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(sslInsecureClient);
restTemplate = new RestTemplate(requestFactory);
} catch (Exception ex) {
LOG.error("create failed:", ex);
if (!Objects.isNull(sslInsecureClient)) {
try {
sslInsecureClient.close();
} catch (IOException exx) {
LOG.error("close failed:", exx);
}
}
}
return restTemplate;
}
private static TrustManagerFactory getTrustManagerFactory() throws Exception {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
InputStream inputStream = null;
try {
inputStream = RestTemplateConfig.class.getClassLoader().getResourceAsStream("证书地址");
keyStore.load(inputStream, null);
trustManagerFactory.init(keyStore);
} catch (FileNotFoundException ex) {
LOG.error("load key store file failed");
} finally {
if (inputStream != null) {
inputStream.close();
}
}
return trustManagerFactory;
}
|