解决http请求以及WebSocket下的ssl证书问题
http远程调用忽略ssl证书
- 使用的依赖为
<dependency>
<groupId>com.github.lianjiatech</groupId>
<artifactId>retrofit-spring-boot-starter</artifactId>
<version>2.3.13</version>
</dependency>
- https下ssl证书过期或ssl不可用忽略
import com.github.lianjiatech.retrofit.spring.boot.core.SourceOkHttpClientRegistrar;
import com.github.lianjiatech.retrofit.spring.boot.core.SourceOkHttpClientRegistry;
import lombok.extern.slf4j.Slf4j;
import okhttp3.ConnectionPool;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.springframework.stereotype.Component;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.concurrent.TimeUnit;
/**
* 描述:okhttp client配置
*
* @author nealzhi * @date 2023-11-17 11:13:42 */@Slf4j
@Component
public class CustomSourceOkHttpClientRegister implements SourceOkHttpClientRegistrar {
@Override
public void register(SourceOkHttpClientRegistry registry) {
// 添加commonOkHttpClient
registry.register("commonOkHttpClient", getUnsafeOkHttpClient()
.addInterceptor(chain -> {
log.info("============use commonOkHttpClient=============");
return chain.proceed(chain.request());
}).addInterceptor(new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BASIC))
.build());
/**
* 获取okhttp3客户端,去除https的证书限制
*
* @author Neal.Zhi * @date 2021/5/27 */ public OkHttpClient.Builder getUnsafeOkHttpClient() {
try {
final X509TrustManager x509TrustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, new TrustManager[]{x509TrustManager}, new java.security.SecureRandom());
final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory, x509TrustManager);
builder.hostnameVerifier((hostname, session) -> true);
builder.retryOnConnectionFailure(false)//是否开启缓存
.connectionPool(new ConnectionPool(200, 5, TimeUnit.MINUTES))//连接池
.connectTimeout(30L, TimeUnit.SECONDS)
.followRedirects(true)
.readTimeout(30L, TimeUnit.SECONDS);
return builder;
} catch (Exception e) {
log.error("okhttp客户端初始化错误!");
}
}
}
websocket忽略wss协议下ssl证书问题
- 使用的依赖为
<dependency>
<groupId>org.java-websocket</groupId>
<artifactId>Java-WebSocket</artifactId>
<version>1.5.4</version>
</dependency>
- 忽略wss协议下证书问题
import org.java_websocket.client.WebSocketClient;
import org.java_websocket.drafts.Draft;
import org.java_websocket.handshake.ServerHandshake;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509ExtendedTrustManager;
import java.net.Socket;
import java.net.URI;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
public class MyWebSocketClient extends WebSocketClient {
public MyWebSocketClient(URI uri) {
super(uri);
if (uri.toString().contains("wss://")) {
trustAllHosts(this);
}
}
public MyWebSocketClient(URI serverURI, Draft draft) {
super(serverURI,draft);
if(serverURI.toString().contains("wss://"))
trustAllHosts(this);
}
@Override
public void onOpen(ServerHandshake handshakedata) {
System.out.println("Connected to server: " + getURI());
}
@Override
public void onMessage(String message) {
System.out.println("Received message from server: " + message);
// 处理接收到的消息
}
@Override
public void onClose(int code, String reason, boolean remote) {
System.out.println("Disconnected from server: " + reason);
}
@Override
public void onError(Exception ex) {
System.out.println("Error occurred: " + ex.getMessage());
}
void trustAllHosts(MyWebSocketClient client) {
TrustManager[] trustAllCerts = new TrustManager[]{new X509ExtendedTrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
}
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
System.out.println("checkClientTrusted");
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
System.out.println("checkServerTrusted");
}
}};
try {
SSLContext ssl = SSLContext.getInstance("SSL");
ssl.init(null, trustAllCerts, new java.security.SecureRandom());
SSLSocketFactory socketFactory = ssl.getSocketFactory();
this.setSocketFactory(socketFactory);
} catch (Exception e) {
e.printStackTrace();
}
}
}