但某些狀況下,伺服器使用自我認證等等的方式時,會想要略過這些認證檢查(把 HTTPS 當成 HTTP 在使用...XD)
在 Apache HttpClient 4.3 當中可以用以下的方式取得 HTTPS 的連線。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
import java.security.KeyManagementException;import java.security.KeyStoreException;import java.security.NoSuchAlgorithmException;import java.security.cert.X509Certificate;import javax.net.ssl.SSLException;import javax.net.ssl.SSLSession;import javax.net.ssl.SSLSocket;import org.apache.http.conn.ssl.SSLConnectionSocketFactory;import org.apache.http.conn.ssl.SSLContextBuilder;import org.apache.http.conn.ssl.TrustSelfSignedStrategy;import org.apache.http.conn.ssl.X509HostnameVerifier;public static CloseableHttpClient getHttpClient() { SSLContextBuilder builder = new SSLContextBuilder(); try { builder.loadTrustMaterial(null, new TrustSelfSignedStrategy()); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build(), new X509HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } @Override public void verify(String arg0, SSLSocket arg1) throws IOException {} @Override public void verify(String arg0, X509Certificate arg1) throws SSLException {} @Override public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {} }); return HttpClients.custom().setSSLSocketFactory(sslsf).build(); } catch (NoSuchAlgorithmException | KeyStoreException | KeyManagementException e) { e.printStackTrace(); throw new RuntimeException(); }} |
其中 5~6 行在某些狀況下應該可以直接用以下的方式:
1 |
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(builder.build()); |
透過上面的 getHttpClient() 的方法取得 CloseableHttpClient 這個 HttpClient 後
就可以依照一般的方法進行 HTTPS 的連線了。
參考資料:
1、Ignoring SSL certificate in Apache HttpClient 4.3
沒有留言:
張貼留言