HttpClient设置忽略SSL,实现HTTPS访问, 解决Certificates does not conform to algorithm constraints

话不多说,直接上代码。

测试API:   https://api.k780.com/?app=life.time&appkey=10003&sign=b59bc3ef6191eb9f747dd4e83c99f2a4&format=json

 

代码:

 1 import org.apache.http.HttpStatus;
 2 import org.apache.http.client.methods.CloseableHttpResponse;
 3 import org.apache.http.client.methods.HttpGet;
 4 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 5 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 6 import org.apache.http.conn.ssl.TrustStrategy;
 7 import org.apache.http.impl.client.CloseableHttpClient;
 8 import org.apache.http.impl.client.HttpClients;
 9 import org.apache.http.ssl.SSLContextBuilder;
10 import org.apache.http.util.EntityUtils;
11 import org.slf4j.Logger;
12 import org.slf4j.LoggerFactory;
13 
14 import javax.net.ssl.SSLContext;
15 import java.io.IOException;
16 import java.security.cert.CertificateException;
17 import java.security.cert.X509Certificate;
18 
19 public class TestHttps {
20 
21     private static Logger logger = LoggerFactory.getLogger(TestHttps.class);
22 
23     public static void main(String[] args) {
24         CloseableHttpResponse response = null;
25         CloseableHttpClient httpClient = null;
26         try {
27             String url = "https://api.k780.com/?app=life.time&appkey=10003&sign=b59bc3ef6191eb9f747dd4e83c99f2a4&format=json";
28             httpClient = createIgnoreSSLHttpClient();
29             if (httpClient == null) {
30                 logger.error("HttpClient create fail.");
31                 return;
32             }
33             HttpGet httpGet = new HttpGet(url);
34             response = httpClient.execute(httpGet);
35             int statusCode = response.getStatusLine().getStatusCode();
36             if (statusCode != HttpStatus.SC_OK) {
37                 System.out.println("NO_OK : " + null);
38             } else {
39                 String result = EntityUtils.toString(response.getEntity(), "UTF-8");
40                 System.out.println("OK : " + result);
41             }
42         } catch (Exception e) {
43             e.printStackTrace();
44         } finally {
45             if (response != null) {
46                 try {
47                     response.close();
48                 } catch (IOException e) {
49                     e.printStackTrace();
50                 }
51             }
52             if (httpClient != null) {
53                 try {
54                     httpClient.close();
55                 } catch (IOException e) {
56                     e.printStackTrace();
57                 }
58             }
59         }
60     }
61 
62     public static CloseableHttpClient createIgnoreSSLHttpClient() {
63         try {
64             SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() {
65                 public boolean isTrusted(X509Certificate[] chain,
66                                          String authType) throws CertificateException {
67                     return true;
68                 }
69             }).build();
70             SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
71             return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build();
72         } catch (Exception e) {
73             e.printStackTrace();
74         }
75         return null;
76     }
77 }

执行结果为: 

OK : {"success":"1","result":{"timestamp":"1572330118","datetime_1":"2019-10-29 14:21:58","datetime_2":"2019年10月29日 14时21分58秒","week_1":"2","week_2":"星期二","week_3":"周二","week_4":"Tuesday"} 

 

测试使用jdk1.8

可能遇到的问题(报错):

1.  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

2.  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

解决办法:

找到jdk所在目录,例如我的目录为: D:\Java\jdk1.8.0_131

找到java.security文件.  目录: D:\Java\jdk1.8.0_131\jre\lib\security\java.security

编辑该文件,将  下面几行用# 注释,后关闭IDE,后重新打开,build后再次执行即可解决。

jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \
   DSA keySize < 1024, EC keySize < 224


jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \
    EC keySize < 224

  

posted on 2019-10-29 14:37  Vincent.李  阅读(6389)  评论(0编辑  收藏  举报

导航