lsh#

1

3 天以前 e8855038f6e47cde0d6a8a9ddb2fa5a629e0efbb

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package com.vincent.rsf.openApi.utils;
 
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
 
import javax.net.ssl.*;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
 
/**
 * SSL工具类，用于创建忽略SSL证书验证的RestTemplate
 */
public class SslUtils {
 
    /**
     * 创建忽略SSL证书验证的RestTemplate
     *
     * @return RestTemplate实例
     */
    public static RestTemplate createIgnoreSSLRestTemplate() {
        try {
            // 创建信任所有证书的TrustManager
            TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        public X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
 
                        public void checkClientTrusted(X509Certificate[] certs, String authType) {
                        }
 
                        public void checkServerTrusted(X509Certificate[] certs, String authType) {
                        }
                    }
            };
 
            // 安装信任所有证书的TrustManager
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
 
            // 创建HttpsURLConnection的工厂
            HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
 
            // 创建跳过主机名验证的HostnameVerifier
            HostnameVerifier allHostsValid = new HostnameVerifier() {
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            };
 
            // 安装跳过主机名验证的HostnameVerifier
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
 
            // 创建自定义的ClientHttpRequestFactory
            SimpleClientHttpRequestFactory factory = new SimpleClientHttpRequestFactory() {
                @Override
                protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws IOException {
                    if (connection instanceof HttpsURLConnection) {
                        ((HttpsURLConnection) connection).setSSLSocketFactory(sslContext.getSocketFactory());
                        ((HttpsURLConnection) connection).setHostnameVerifier(allHostsValid);
                    }
                    super.prepareConnection(connection, httpMethod);
                }
            };
 
            // 创建RestTemplate并设置工厂
            RestTemplate restTemplate = new RestTemplate(factory);
            return restTemplate;
 
        } catch (NoSuchAlgorithmException | KeyManagementException e) {
            throw new RuntimeException("Failed to create SSL RestTemplate", e);
        }
    }
}