Https请求握手验证方式，对相应域名进行认证通过

对于Https请求，在握手期间，如果 URL 的主机名和服务器的标识主机名不匹配，则验证机制可以回调此接口的实现程序来确定是否应该允许此连接。

策略可以是基于证书的或依赖于其他验证方案。

当验证 URL 主机名使用的默认规则失败时会回调到HttpsURLConnection.setDefaultHostnameVerifier。

因此，我们可以通过实现自己的HostnameVerifier子类来对相应的域名进行认证通过

这里是对所有请求的域名都认为是通过的

package com.xxx.common.util;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;

public class TrustAllHttpsCertificatesUtil {

static class TrustAllHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
};

static class TrustAllTrustManager implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}

public boolean isServerTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}

public boolean isClientTrusted(
java.security.cert.X509Certificate[] certs) {
return true;
}

public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}

public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType)
throws java.security.cert.CertificateException {
return;
}
}

public static void trustAll() throws Exception {
TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];
TrustManager tm = new TrustAllTrustManager();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

HttpsURLConnection.setDefaultHostnameVerifier(new TrustAllHostnameVerifier());
}

}

通过调用TrustAllHttpsCertificatesUtil.trustAll方法就可能启动新的验证回调机制。

在Web项目中，可以通过使用filter来调用TrustAllHttpsCertificatesUtil.trustAll()方法。

package com.xxx.common.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.log4j.Logger;

import com.xxx.common.util.TrustAllHttpsCertificatesUtil;

public class TrustAllHttpsCertificatesFilter implements Filter {

private static final Logger LOG = Logger.getLogger(TrustAllHttpsCertificatesFilter.class);

@Override
public void init(FilterConfig filterConfig) throws ServletException {
try {
TrustAllHttpsCertificatesUtil.trustAll();
} catch (Exception e) {
e.printStackTrace();
LOG.error(e);
}
}

@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
chain.doFilter(request, response);
}

@Override
public void destroy() {

}

}

然后在项目的web.xml中配置这个filter

<filter>
<filter-name>trustAllHttpsCertificatesFilter</filter-name>
<filter-class>com.xxx.common.filter.TrustAllHttpsCertificatesFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>trustAllHttpsCertificatesFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>