q792602257/FrameTour-BE
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
FrameTour-BE/src/main/java/com/ycwl/basic/utils/SslUtil.java
songmingsong ffc9fcb95c 微信支付、回调、订单查询; 
微信用户登录、用户信息查询、修改用户信息、同意用户协议;
文件OSS上传、删除接口;
2024-12-05 17:33:25 +08:00

99 lines
4.0 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package com.ycwl.basic.utils;
import lombok.extern.slf4j.Slf4j;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
/**
* SSL工具类
*
* @author songmingsong
*/
@Slf4j
public class SslUtil {
/**
* 获取HtttpClient对象
*
* @return CloseableHttpClient
*/
public static CloseableHttpClient sslHttpClientBuild() {
Registry<ConnectionSocketFactory> socketFactoryRegistry =
RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.INSTANCE)
.register("https", trustAllHttpsCertificates()).build();
// 创建ConnectionManager添加Connection配置信息
PoolingHttpClientConnectionManager connectionManager =
new PoolingHttpClientConnectionManager(socketFactoryRegistry);
CloseableHttpClient httpClient = HttpClients.custom().setConnectionManager(connectionManager).build();
return httpClient;
}
/**
* 信任所有Http证书
*
* @return SSLConnectionSocketFactory
*/
private static SSLConnectionSocketFactory trustAllHttpsCertificates() {
SSLConnectionSocketFactory socketFactory = null;
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new X509TrustManager() {
@Override
// 返回受信任的X509证书数组。
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
// 该方法检查服务器的证书,若不信任该证书同样抛出异常。通过自己实现该方法,可以使之信任我们指定的任何证书。
// 在实现该方法时,也可以简单的不做任何处理,即一个空的函数体,由于不会抛出异常,它就会信任任何证书。
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
if (chain!=null&&chain.length>0) {
chain[0].checkValidity();
}
} catch (Exception e) {
log.error("checkServerTrusted",e);
}
}
@Override
// 该方法检查客户端的证书,若不信任该证书则抛出异常。由于我们不需要对客户端进行认证,
// 因此我们只需要执行默认的信任管理器的这个方法。JSSE中默认的信任管理器类为TrustManager。
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
if (chain!=null&&chain.length>0) {
chain[0].checkValidity();
}
} catch (Exception e) {
log.error("checkClientTrusted",e);
}
}
};
trustAllCerts[0] = tm;
SSLContext sc = null;
try {
sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, trustAllCerts, null);
socketFactory = new SSLConnectionSocketFactory(sc, NoopHostnameVerifier.INSTANCE);
// HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
} catch (Exception e) {
log.error("trustAllHttpsCertificates", e);
}
return socketFactory;
}
}
Reference in New Issue View Git Blame Copy Permalink