HttpClient的4.x的
方法1
配置TrustStrore通过调试选项
-Djavax.net.ssl.trustStore=/Users/amodpandey/.keystore
Java是能够读取信任,即使没有经过(信任库的密码)密码
但即使在此之后,您可能会面对
javax.net.ssl.SSLPeerUnverifiedException: 'localhost' 的主机名不匹配对端提供的证书主题...
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setSSLHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
})
.build();
和它的作品..
方法2
把它所有的代码
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setSslcontext(SSLContexts.custom().loadTrustMaterial(new File(Thread.currentThread().getContextClassLoader().getResource("keystore").getFile())).build())
.setSSLHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
})
.build();
一接近角3
在使用连接管理器
的setSslcontext和setSSLHostnameVerifier是忽略使用时
.setConnectionManager(connectionManager)
那么连接管理器应该配置
Files.copy(ClassLoader.getSystemResourceAsStream("keystore"), Paths.get(URI.create("file:/tmp/keystore")),
StandardCopyOption.REPLACE_EXISTING);
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder
.<ConnectionSocketFactory>create()
.register(
"https",
new SSLConnectionSocketFactory(SSLContextBuilder.create()
.loadTrustMaterial(new File("/tmp/keystore")).build(),
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})).register("http", PlainConnectionSocketFactory.INSTANCE).build();
PoolingHttpClientConnectionManager connectionManager =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient httpClient =
HttpClientBuilder.create()
.setConnectionManager(connectionManager)
.build();
注
- -Djavax.net。debug = all调试选项对于查看正在使用的证书非常有用
SSLContext使用File,如果我们打算将证书与代码打包在一个Jar中,那么我们需要创建一个文件以将它传递给文件对象(它不适用于jar文件)
Files.copy(ClassLoader.getSystemResourceAsStream(“keystore”),Paths.get(URI.create(“file:/ tmp/utskeystore”)),StandardCopyOption。 REPLACE_EXISTING)