公司有个我的项目应用了JDK17,须要拜访内部的https服务的http get拜访接口。
代码如下
CloseableHttpClient httpClient = HttpClientBuilder.create().build();
HttpGet httpGet = new HttpGet(url);
CloseableHttpResponse response = httpClient.execute(httpGet);简简单单的申请呈现了以下谬误,一脸懵.
查问了google,说是要下载证书到jre/lib/security下;
无奈mac的chrome及safari都无奈导出证书;
只能本人钻研看报错信息了, 次要谬误起因在于新版本JDK的ssl验证报错:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 24 more因而只须要重写X509TrustManager, 并注入到httpClient即可
X509TrustManager能够本人实现,也能够应用现成实现,
比方cn.hutool.core.net.DefaultTrustManager
SSLContext ctx = SSLContext.getInstance("TLS");
X509TrustManager tm = new DefaultTrustManager();
ctx.init(null, new TrustManager[] { tm }, null);
SSLConnectionSocketFactory ssf = new SSLConnectionSocketFactory(ctx, NoopHostnameVerifier.INSTANCE);
CloseableHttpClient httpclient = HttpClients.custom().setSSLSocketFactory(ssf).build();
return httpclient;应用该httpclient 执行就能够绕过ssl的证书检测。
发表回复