java - 如何调用 SOAP Web 服务使用带有 SSL 的 httpclient

Question

现在请帮助， 我想通过 SOAP 调用 api 并使用 httpclient 4.5.5

我的代码

static String callApi(String url, String requestXml)
{
    String responseXml = "";        
    CloseableHttpClient httpClient = null;
    HttpPost httpPost;
    try
    {
        httpClient = HttpClients.createDefault();
        httpPost = new HttpPost(url);

        httpPost.setHeader("Content-Type", "text/xml; charset=utf-8");
        httpPost.setHeader("x-ibm-client-id", Config.csp.validKey);

        StringEntity entiry = new StringEntity(requestXml, "UTF-8");

        httpPost.setEntity(entiry);

        HttpResponse response = httpClient.execute(httpPost);

        HttpEntity entity = response.getEntity();
        responseXml = EntityUtils.toString(entity, "UTF-8");

    }
    catch (Exception ex)
    {
        log.error("", ex);
    }
    finally
    {
        try
        {
            if (httpClient != null)
                httpClient.close();
        }
        catch (Exception ex)
        {
            log.error("", ex);
        }
    }
    return responseXml;
}

当我调试然后显示错误

javax.net.ssl.SSLPeerUnverifiedException: Certificate for <10.xx.xx.xx> doesn't match any of the subject alternative names: [*.domain.vn, domain.vn] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:467) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:397) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) ~[httpclient-4.5.5.jar:4.5.5] at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108) ~[httpclient-4.5.5.jar:4.5.5]

请帮忙。非常感谢

Answer 1

你没有显示你如何调用 callApi() 但我猜你正在使用 10.xx.xx.xx IP 地址来寻址你的主机而不是其证书中包含的名称之一。

当主机名验证生效时，您不能执行此操作。

您最好更改为通过其证书公用名称或主题备用名称 (SAN) 之一对其进行寻址。但是，如果您不能这样做，并且由于 10.* IP 地址范围是专用网络，您可以安全地关闭此服务器到服务器调用的主机名验证。

而不是这个...

httpClient = HttpClients.createDefault();

这样做...

httpClient = HttpClients
               .custom()
               .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
               .build();

根据您使用的 Apache HttpClient 版本，语法可能略有不同。

这会禁用安全控制。在您无法控制的网络上调用主机时，请勿这样做。