最近使用HttpClient对接第三方短信接口,在进行本地测试时报了一个证书失效的错误。
1. 封装的HttpClient的Post请求
public static Map<String, Object> postReq(String URL, Map<String, Object> paramMap, Map<String, String> headers) throws Exception {Map<String, Object> map = new HashMap<String, Object>();RequestConfig requestConfig = RequestConfig.custom().setConnectTimeout(2000) // 设置连接超时时间,单位毫秒.setConnectionRequestTimeout(1000).setSocketTimeout(5000) // 请求获取数据的超时时间,单位毫秒.build();HttpRequestRetryHandler myRetryHandler = new HttpRequestRetryHandler() {@Overridepublic boolean retryRequest(IOException exception, int executionCount, HttpContext context) {return false;}};try (CloseableHttpClient client = HttpClients.custom().setDefaultRequestConfig(requestConfig).setRetryHandler(myRetryHandler).build()) {HttpPost httpPost = new HttpPost(URL);if (paramMap != null) {JSONObject paramJson = new JSONObject(paramMap);StringEntity paramEntity = new StringEntity(paramJson.toString(), "UTF-8");paramEntity.setContentType("application/json; charset=utf-8");httpPost.setEntity(paramEntity);}httpPost.setConfig(requestConfig);if (headers != null && !headers.isEmpty()) {for (String key : headers.keySet()) {String value = headers.get(key);httpPost.setHeader(key, value);}}CloseableHttpResponse response = client.execute(httpPost);HttpEntity entity = response.getEntity();if (entity != null) {String responseStr = EntityUtils.toString(entity, "UTF-8");if (responseStr.isEmpty()) {responseStr = "{}";}int statusCode = response.getStatusLine().getStatusCode();if (HttpServletResponse.SC_OK == statusCode) {try {JSONObject dataJson = (JSONObject) JSONObject.parse(responseStr);map = new HashMap<>(dataJson);} catch (Exception e) {map.put("reponse", responseStr);}} else {return map;}}response.close();}return map;}
但是在访问一些自签的https请求时会报错,该问题是链接证书无效导致,原因是由于自签证书会被识别为不安全链接。
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
2. 解决方法
我试着将请求链接的证书文件添加到jdk的cer证书信任库中,但是没有产生效果。(短信接口的证书无效)报了另外一个异常:
.ssl.SSLPeerUnverifiedException: Certificate for doesn’t match any of the subject alternative names: []
查看了一些解决方法,也是比较多使用信任链接证书的方式忽略SSL的校验
/questions/39762760/javax-net-ssl-sslexception-certificate-doesnt-match-any-of-the-subject-alterna
根据网上方法设置了jdk的安全证书-> 没有解决设置了maven忽略证书校验->没有解决升级HttpClient版本-> 没有解决yml文件配置httpclient忽略SSL校验,貌似也没有效果。最后使用了修改代码的方法,原理也是忽略证书校验,但是代码产生了效果,估计是和构建的Httpclient有关查看了Apache HttpClient官方的回答
(/jira/browse/HTTPCLIENT-2047)
应该是HttpClient本身的问题,4.5.10和4.5.11版本 DefaultHostnameVerifier 中的回归导致拒绝具有非标准域的证书。
需要信任证书来解决,问题在4.5.12解决,但是我升级了HttpClient的版本也没有效果(原版本4.5.10)
修改原代码
// 忽略SSL安全认证**SSLConnectionSocketFactory scsf = new SSLConnectionSocketFactory(SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(),NoopHostnameVerifier.INSTANCE);**try (CloseableHttpClient client = **HttpClients.custom().setSSLSocketFactory(scsf)**.setDefaultRequestConfig(requestConfig).setRetryHandler(myRetryHandler).build()) {
如果觉得《Java使用HttpClient发送Https请求证书失效:PKIX path building failed:》对你有帮助,请点赞、收藏,并留下你的观点哦!
