有人可以告诉我如何使用 HttpClient v4.1 发出 HTTPS 请求,而无需对主机名和证书进行任何验证。我已经阅读了很多问题和论坛,并尝试了很多不同的东西,最终以这样的方式结束:
SSLContext context = SSLContext.getInstance("SSL");
context.init(new KeyManager[] {}, new TrustManager[] {}, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(context, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
client.getConnectionManager().getSchemeRegistry().register(new Scheme("https", 443, sf));
...然后当我去提出请求时,我得到:
javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
我知道我正在尝试做的事情并不安全。
最佳答案
技巧是部分-“.loadTrustMaterial(null, (chain, authType) -> true)”,传入始终返回true的trustStrategy,然后就可以跳过本地证书主机名验证,并且当您修改主机文件以应用域 - IP 映射时,它也将起作用。
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream keyStoreFile = new FileInputStream(CERT_PATH);
ks.load(keyStoreFile, CERT_PASSWORD.toCharArray());
SSLContext sslContext = SSLContexts
.custom()
.loadKeyMaterial(ks, CERT_PASSWORD.toCharArray())
.loadTrustMaterial(null, (chain, authType) -> true)
.build();
SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(sslContext);
Registry<ConnectionSocketFactory> registry = RegistryBuilder
.<ConnectionSocketFactory>create()
.register(REST.HTTPS.LABEL, sslConnectionFactory)
.register(REST.HTTP.LABEL, new PlainConnectionSocketFactory())
.build();
BasicHttpClientConnectionManager connManager = new BasicHttpClientConnectionManager(registry);
httpClient = HttpClients
.custom()
.setConnectionManager(connManager)
.setSSLSocketFactory(sslConnectionFactory)
.build();
关于java - 如何在没有证书身份验证或主机名验证的情况下使用 Java 中的 HttpClient 发出 HTTPS 请求?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29901638/