HTTP工具类支持跳过SSL hostname 检查

[ijiangtao]

部分https服务的证书无效，回造成请求失败，返回SSL检查异常，因此需要设计信任SSL证书：

public static CloseableHttpClient createSSLClient() {
        SSLContext sslContext = null;

        try {

            sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
                @Override
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    // 通过所有证书
                    return true;
                }
            }).build();

            SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    // 不验证hostname
                    return true;
                }
            });

            // 如果异常了,创建普通的client
            return HttpClients.custom().setSSLSocketFactory(sslSocketFactory).build();

        } catch (KeyManagementException e) {
            log.error("", e);
        } catch (NoSuchAlgorithmException e) {
            log.error("", e);
        } catch (KeyStoreException e) {
            log.error("", e);
        }

        return HttpClientBuilder.create().build();
    }`

[venusdrogon]

#18

[venusdrogon]

#65

[venusdrogon]

 public void testGetResponseBodyAsString122(){
        String uri = "https://40.173.175.129/api/oms/mall/in";
        LOGGER.debug(HttpClientUtil.post(uri));
    }

00:00 DEBUG (SSLConnectionSocketFactory.java:475) [verifyHostname()]  peer principal: EMAILADDRESS=TF-TTX@ittx.com.cn, CN=TTx, OU=TTxz, O=Wuhan, L=Wuhan, ST=Hubei, C=CN
00:00 DEBUG (SSLConnectionSocketFactory.java:488) [verifyHostname()]  issuer principal: EMAILADDRESS=TF-TTX@ittx.com.cn, CN=TTx, OU=TTxz, O=Wuhan, L=Wuhan, ST=Hubei, C=CN
00:00 DEBUG (DefaultHostnameVerifier.java:103) [verify()] Certificate for <40.73.75.129> doesn't match common name of the certificate subject: TTx
javax.net.ssl.SSLPeerUnverifiedException: Certificate for <40.173.175.129> doesn't match common name of the certificate subject: TTx
	at org.apache.http.conn.ssl.DefaultHostnameVerifier.matchCN(DefaultHostnameVerifier.java:186)
	at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:133)
	at org.apache.http.conn.ssl.DefaultHostnameVerifier.verify(DefaultHostnameVerifier.java:99)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.verifyHostname(SSLConnectionSocketFactory.java:503)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:437)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:108)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
	at com.feilong.net.httpclient4.builder.HttpRequestExecuter.execute(HttpRequestExecuter.java:86)
	at com.feilong.net.httpclient4.builder.HttpRequestExecuter.execute(HttpRequestExecuter.java:62)
	at com.feilong.net.httpclient4.HttpClientUtil.getResponseBodyAsString(HttpClientUtil.java:985)
	at com.feilong.net.httpclient4.HttpClientUtil.getResponseBodyAsString(HttpClientUtil.java:893)
	at com.feilong.net.httpclient4.HttpClientUtil.post(HttpClientUtil.java:805)
	at com.feilong.net.httpclient4.HttpClientUtil.post(HttpClientUtil.java:752)
	at com.feilong.net.httpclient4.GetResponseStatusCodeTest2.testGetResponseBodyAsString122(GetResponseStatusCodeTest2.java:69)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
	at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:89)
	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:41)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:541)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:763)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:463)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:209)
00:00 DEBUG (LoggingManagedHttpClientConnection.java:96) [shutdown()] http-outgoing-0: Shutdown connection
00:00 DEBUG (ConnectionHolder.java:129) [abortConnection()] Connection discarded

[venusdrogon]

javax.net.ssl.HostnameVerifier

This class is the base interface for hostname verification.
During handshaking, if the URL's hostname and the server's identification hostname mismatch, the verification mechanism can call back to implementers of this interface to determine if this connection should be allowed.

The policies can be certificate-based or may depend on other authentication schemes.

These callbacks are used when the default rules for URL hostname verification fail.

[venusdrogon]

ConnectionConfig 添加 turnOffHostnameVerifier 属性, 默认 关闭

然后代码

   private static void setSSL(
                    ConnectionConfig connectionConfig,
                    LayeredConnectionSocketFactory layeredConnectionSocketFactory,
                    org.apache.http.impl.client.HttpClientBuilder customHttpClientBuilder){
       ......
        //---------------------------------------------------------------
        //since 2.0.0
        if (connectionConfig.getTurnOffHostnameVerifier()){
            customHttpClientBuilder.setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE);
        }
    }

类似于 postman