package org.oauth2.client4j.utils;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
public abstract class SSLUtils {
/*
* SSLContext sslContext = SSLContext.getInstance("SSL");
*
* // set up a TrustManager that trusts everything
* sslContext.init(null, new TrustManager[] { new X509TrustManager()
* { public X509Certificate[] getAcceptedIssuers() { return null; }
*
* public void checkClientTrusted(X509Certificate[] certs, String
* authType) { }
*
* public void checkServerTrusted(X509Certificate[] certs, String
* authType) { } } }, new SecureRandom());
*/
//new TrustSelfSignedStrategy
// SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
//信任所有证书的连接,不能作为正式使用
public static CloseableHttpClient createSSLInsecureClient() {
try {
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(
null, new TrustStrategy() {
public boolean isTrusted(X509Certificate[] chain,
String authType) throws CertificateException {
return true;
}
}).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext);
return HttpClients.custom().setSSLSocketFactory(sslsf).build();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
}
return HttpClients.createDefault();
}
}