在通過feign和okhttp請求外部接口時(shí)，出現(xiàn)了以下問題：

Servlet.service() for servlet [dispatcherServlet] in context with path [/xxxx] threw exception [Request processing failed; nested exception is feign.RetryableException: java.security.cert.CertificateException: No subject alternative DNS name matching www.xx.xx.cn found. executing GET https://xxxxxx] with root cause
java.security.cert.CertificateException: No subject alternative DNS name matching bisp.eshore.cn found.

因?yàn)槲艺{(diào)用的接口是https接口。?要么就導(dǎo)入證書，要么就忽略證書驗(yàn)證。下面記錄的是忽略證書驗(yàn)證的方法：

feign忽略ssl認(rèn)證的方法：

import feign.Client;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;


public class IgnoreFeignHttpsSSLClient {
    public Client feignClient() {
        try {
            SSLContext ctx = SSLContext.getInstance("SSL");
            X509TrustManager tm = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            ctx.init(null, new TrustManager[]{tm}, null);
            return new Client.Default(ctx.getSocketFactory(), (hostname, session) -> true);
        } catch (Exception e) {
            return null;
        }
    }
}

1.通過初始化SearchClient的方式調(diào)用feign接口的方法：

// SearchClient Feign接口調(diào)用構(gòu)建初始化
@Configuration
public class FeignConfig {
	@Bean
	public SearchClient searchClient(IgnoreHttpsSSLClient ignoreHttpsSSLClient) {
	    return Feign.builder()
	       .encoder(new JacksonEncoder())
	       .decoder(new JacksonDecoder())
	       .logLevel(Logger.Level.FULL)
	       .logger(new Slf4jLogger(SearchClient.class))
	       .client(new IgnoreFeignHttpsSSLClient().feignClient())
	       .options(new Request.Options(60000, 60000))
	       .target(SearchClient.class, "https://10.25.193.111:443/");
	}
}

2.通過@feignClient注解的方式調(diào)用：

@Configuration
public class ServiceFeignConfiguration {

    // 加載自定義Client
    @Bean
    public Client generateClient() {
        return new IgnoreFeignHttpsSSLClient().feignClient();
    }

}

@FeignClient(value = "testFeignClient", url = "https://wwww.xxx.xxx.cn/", configuration = ServiceFeignConfiguration.class)
public interface TestFeignClient {
	@RequestLine("POST /testPost")
    JSONObject testPost();
}

okhttpclent忽略ssl證書的方式：

 <dependency>
   <groupId>com.squareup.okhttp3</groupId>
   <artifactId>okhttp</artifactId>
???<version>3.8.1<version>
</dependency>

private static OkHttpClient okHttpClient = null;

    static {
        HttpLoggingInterceptor logInterceptor = new HttpLoggingInterceptor(new HttpLogger());
        logInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
        okHttpClient = new OkHttpClient.Builder()
                .connectTimeout(30, TimeUnit.SECONDS)
                .readTimeout(30, TimeUnit.SECONDS)
                .addNetworkInterceptor(logInterceptor)
                .sslSocketFactory(getSSLSocketFactory(),  getX509TrustManager())
                .hostnameVerifier(getHostnameVerifier())
                .build();
    }


     /**
      * description 忽略https證書驗(yàn)證
      */
    private static HostnameVerifier getHostnameVerifier() {
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };
        return hostnameVerifier;
    }
    /**
     * description 忽略https證書驗(yàn)證
     */
    private static SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, getTrustManager(), new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static X509TrustManager getX509TrustManager() {
        X509TrustManager trustManager = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            trustManager = (X509TrustManager) trustManagers[0];
        } catch (Exception e) {
            e.printStackTrace();
        }

        return trustManager;
    }

    private static TrustManager[] getTrustManager() {
        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[]{};
                    }
                }
        };
        return trustAllCerts;
    }

后續(xù)就可以直接調(diào)用該接口了：文章來源地址http://www.zghlxwxcb.cn/news/detail-733663.html

public static String get(String url, Map<String, String> header, Map<String, String> query){

        String returnStr = null;
        // 創(chuàng)建一個(gè)請求 Builder
        Request.Builder builder = new Request.Builder();
        // 創(chuàng)建一個(gè) request
        Request request = builder.url(url).build();

        // 創(chuàng)建一個(gè) HttpUrl.Builder
        HttpUrl.Builder urlBuilder = request.url().newBuilder();
        // 創(chuàng)建一個(gè) Headers.Builder
        Headers.Builder headerBuilder = request.headers().newBuilder();
        if (header != null) {
            // 裝載請求頭參數(shù)
            Iterator<Map.Entry<String, String>> headerIterator = header.entrySet().iterator();
            headerIterator.forEachRemaining(e -> {
                if (e.getValue() != null) {
                    headerBuilder.add(e.getKey(), (String) e.getValue());
                }
            });
        }

        if (query != null) {
            // 裝載請求的參數(shù)
            Iterator<Map.Entry<String, String>> queryIterator = query.entrySet().iterator();
            queryIterator.forEachRemaining(e -> {
                if (e.getValue() != null) {
                    urlBuilder.addQueryParameter(e.getKey(), (String) e.getValue());
                }
            });
        }

        // 設(shè)置自定義的 builder
        builder.url(urlBuilder.build()).headers(headerBuilder.build());

        try {
            Response execute = okHttpClient.newCall(builder.build()).execute();
            returnStr = execute.body().string();
        } catch (IOException e) {
            LOGGER.error("接口請求異常："+ url, e);
        }
        return returnStr;
    }

到了這里，關(guān)于Openfeign和okHttp的https請求忽略ssl證書認(rèn)證的文章就介紹完了。如果您還想了解更多內(nèi)容，請?jiān)谟疑辖撬阉鱐OY模板網(wǎng)以前的文章或繼續(xù)瀏覽下面的相關(guān)文章，希望大家以后多多支持TOY模板網(wǎng)！