避免HttpClient的”javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated”异常

在开发https应用时，你的测试服务器常常没有一个（有效的）SSL证书。在你的客户端连接测试服务器时，如下的异常会被抛出：”javax.NET.ssl.SSLPeerUnverifiedException: peer not authenticated”。

解决方案：修改创建HttpClient的方式
分析：
1.需要告诉client使用一个不同的TrustManager。TrustManager是一个检查给定的证书是否有效的类。SSL使用的模式是X.509，对于该模式Java有一个特定的TrustManager，称为X509TrustManager。首先我们需要创建这样的TrustManager。
2.将TrustManager设置到我们的HttpClient。TrustManager只是被SSL的Socket所使用。Socket通过SocketFactory创建。对于SSL Socket，有一个SSLSocketFactory。当创建新的SSLSocketFactory时，你需要传入SSLContext到它的构造方法中。在SSLContext中，我们将包含我们新创建的TrustManager。

所以
1.创建的TrustManager
2.创建SSLContext：TLS是SSL的继承者，但是它们使用相同的SSLContext。
3.创建SSLSocketFactory
4.将SSLSocketFactory注册到我们的HttpClient上。这是在SchemeRegistry中完成的。
4.1.创建ClientConnectionManager
4.2.创建SchemeRegistry
5.生成HttpClient

代码：

[java] view plain copy

print?

1. import java.security.cert.CertificateException;  
2. import java.security.cert.X509Certificate;  
3.   
4. import javax.net.ssl.SSLContext;  
5. import javax.net.ssl.TrustManager;  
6. import javax.net.ssl.X509TrustManager;  
7.   
8. import org.apache.http.client.HttpClient;  
9. import org.apache.http.conn.ClientConnectionManager;  
10. import org.apache.http.conn.scheme.Scheme;  
11. import org.apache.http.conn.scheme.SchemeRegistry;  
12. import org.apache.http.conn.ssl.SSLSocketFactory;  
13. import org.apache.http.impl.client.DefaultHttpClient;  
14.   
15. public class WebClientDevWrapper {  
16.   
17.     public static HttpClient wrapClient(HttpClient base) {  
18.         try {  
19.             SSLContext ctx = SSLContext.getInstance("TLS");  
20.             X509TrustManager tm = new X509TrustManager() {  
21.                 public X509Certificate[] getAcceptedIssuers() {  
22.                     return null;  
23.                 }  
24.                 public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}  
25.                 public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}  
26.             };  
27.             ctx.init(null, new TrustManager[] { tm }, null);  
28.             SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);  
29.               
30.             ClientConnectionManager ccm=base.getConnectionManager();  
31.             SchemeRegistry registry = ccm.getSchemeRegistry();  
32.             registry.register(new Scheme("https", 443, ssf));  
33.             return new DefaultHttpClient(ccm, base.getParams());  
34.               
35.            /* SchemeRegistry registry = new SchemeRegistry(); 
36.             registry.register(new Scheme("https", 443, ssf)); 
37.             ThreadSafeClientConnManager mgr = new ThreadSafeClientConnManager(registry); 
38.             return new DefaultHttpClient(mgr, base.getParams());*/  
39.         } catch (Exception ex) {  
40.             ex.printStackTrace();  
41.             return null;  
42.         }  
43.     }  
44. }  

import java.security.cert.CertificateException;import java.security.cert.X509Certificate;import javax.net.ssl.SSLContext;import javax.net.ssl.TrustManager;import javax.net.ssl.X509TrustManager;import org.apache.http.client.HttpClient;import org.apache.http.conn.ClientConnectionManager;import org.apache.http.conn.scheme.Scheme;import org.apache.http.conn.scheme.SchemeRegistry;import org.apache.http.conn.ssl.SSLSocketFactory;import org.apache.http.impl.client.DefaultHttpClient;public class WebClientDevWrapper {    public static HttpClient wrapClient(HttpClient base) {        try {            SSLContext ctx = SSLContext.getInstance("TLS");            X509TrustManager tm = new X509TrustManager() {                public X509Certificate[] getAcceptedIssuers() {                    return null;                }                public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}                public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {}            };            ctx.init(null, new TrustManager[] { tm }, null);            SSLSocketFactory ssf = new SSLSocketFactory(ctx, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);                        ClientConnectionManager ccm=base.getConnectionManager();            SchemeRegistry registry = ccm.getSchemeRegistry();            registry.register(new Scheme("https", 443, ssf));            return new DefaultHttpClient(ccm, base.getParams());                       /* SchemeRegistry registry = new SchemeRegistry();            registry.register(new Scheme("https", 443, ssf));            ThreadSafeClientConnManager mgr = new ThreadSafeClientConnManager(registry);            return new DefaultHttpClient(mgr, base.getParams());*/        } catch (Exception ex) {            ex.printStackTrace();            return null;        }    }}