HttpClient设置忽略SSL,实现HTTPS访问, 解决Certificates does not conform to algorithm constraints
话不多说,直接上代码。
测试API: https://api.k780.com/?app=life.time&appkey=10003&sign=b59bc3ef6191eb9f747dd4e83c99f2a4&format=json
代码:
1 import org.apache.http.HttpStatus; 2 import org.apache.http.client.methods.CloseableHttpResponse; 3 import org.apache.http.client.methods.HttpGet; 4 import org.apache.http.conn.ssl.NoopHostnameVerifier; 5 import org.apache.http.conn.ssl.SSLConnectionSocketFactory; 6 import org.apache.http.conn.ssl.TrustStrategy; 7 import org.apache.http.impl.client.CloseableHttpClient; 8 import org.apache.http.impl.client.HttpClients; 9 import org.apache.http.ssl.SSLContextBuilder; 10 import org.apache.http.util.EntityUtils; 11 import org.slf4j.Logger; 12 import org.slf4j.LoggerFactory; 13 14 import javax.net.ssl.SSLContext; 15 import java.io.IOException; 16 import java.security.cert.CertificateException; 17 import java.security.cert.X509Certificate; 18 19 public class TestHttps { 20 21 private static Logger logger = LoggerFactory.getLogger(TestHttps.class); 22 23 public static void main(String[] args) { 24 CloseableHttpResponse response = null; 25 CloseableHttpClient httpClient = null; 26 try { 27 String url = "https://api.k780.com/?app=life.time&appkey=10003&sign=b59bc3ef6191eb9f747dd4e83c99f2a4&format=json"; 28 httpClient = createIgnoreSSLHttpClient(); 29 if (httpClient == null) { 30 logger.error("HttpClient create fail."); 31 return; 32 } 33 HttpGet httpGet = new HttpGet(url); 34 response = httpClient.execute(httpGet); 35 int statusCode = response.getStatusLine().getStatusCode(); 36 if (statusCode != HttpStatus.SC_OK) { 37 System.out.println("NO_OK : " + null); 38 } else { 39 String result = EntityUtils.toString(response.getEntity(), "UTF-8"); 40 System.out.println("OK : " + result); 41 } 42 } catch (Exception e) { 43 e.printStackTrace(); 44 } finally { 45 if (response != null) { 46 try { 47 response.close(); 48 } catch (IOException e) { 49 e.printStackTrace(); 50 } 51 } 52 if (httpClient != null) { 53 try { 54 httpClient.close(); 55 } catch (IOException e) { 56 e.printStackTrace(); 57 } 58 } 59 } 60 } 61 62 public static CloseableHttpClient createIgnoreSSLHttpClient() { 63 try { 64 SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustStrategy() { 65 public boolean isTrusted(X509Certificate[] chain, 66 String authType) throws CertificateException { 67 return true; 68 } 69 }).build(); 70 SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); 71 return HttpClients.custom().setSSLSocketFactory(sslConnectionSocketFactory).build(); 72 } catch (Exception e) { 73 e.printStackTrace(); 74 } 75 return null; 76 } 77 }
执行结果为:
OK : {"success":"1","result":{"timestamp":"1572330118","datetime_1":"2019-10-29 14:21:58","datetime_2":"2019年10月29日 14时21分58秒","week_1":"2","week_2":"星期二","week_3":"周二","week_4":"Tuesday"}
测试使用jdk1.8
可能遇到的问题(报错):
1. javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
解决办法:
找到jdk所在目录,例如我的目录为: D:\Java\jdk1.8.0_131
找到java.security文件. 目录: D:\Java\jdk1.8.0_131\jre\lib\security\java.security
编辑该文件,将 下面几行用# 注释,后关闭IDE,后重新打开,build后再次执行即可解决。
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024, \ DSA keySize < 1024, EC keySize < 224 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, \ EC keySize < 224
自动化测试交流群:617352502
posted on 2019-10-29 14:37 Vincent.李 阅读(6389) 评论(0) 编辑 收藏 举报