工作中,有时候需要跨系统调用。这个时候HttpURLConnection,而现在很多网站都是用的是HTTPS。我们知道HTTPS都是有证书的。证书有的是花钱买的,有的没有花钱。这请情况下,有时候,有些https请求,就不是可信任的。
错误信息:
解决方案有两种:
按照要求,把证书上传到服务器上,具体方法自行百度解决,这里不做叙述。
添加下面的代码和工具类,工具类在下面附件中有,直接下载即可。
//省略代码。。。realUrl = new URL(url);if("https".equalsIgnoreCase(realUrl.getProtocol())){
SslUtils.ignoreSsl();
}//省略代码。。。
SslUtils工具类:
package com.thinkgem.jeesite.modules.tbk.uitl;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
/**
* java 信任SSL证书
* @author 凯哥Java
* @website www.kaigejava.com
*
*/
public class SslUtils {
private static void trustAllHttpsCertificates() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager,X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
public void checkClientTrusted(X509Certificate[] certs, String authType)
throws CertificateException {
return;
}
}
/**
* 忽略HTTPS请求的SSL证书,必须在openConnection之前调用
* @throws Exception
*/
public static void ignoreSsl() throws Exception{
HostnameVerifier hv = new HostnameVerifier() {
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
}