fix:解决内部自签证书https协议url文件无法下载的问题 (#396)

Co-authored-by: 鞠玉果 <juyg5@chinaunicom.cn>
2 years ago · ac3b0cb652
2 changed files with 48 additions and 0 deletions
--- a/server/src/main/java/cn/keking/utils/DownloadUtils.java
+++ b/server/src/main/java/cn/keking/utils/DownloadUtils.java
@ -35,6 +35,12 @@ public class DownloadUtils {
     * @return 本地文件绝对路径
     */
    public static ReturnResponse<String> downLoad(FileAttribute fileAttribute, String fileName) {
+        // 忽略ssl证书
+        try {
+            SslUtils.ignoreSsl();
+        } catch (Exception e) {
+            logger.error("忽略SSL证书异常:", e);
+        }
        String urlStr = fileAttribute.getUrl().replaceAll("\\+", "%20");
        ReturnResponse<String> response = new ReturnResponse<>(0, "下载成功!!!", "");
        String realPath = DownloadUtils.getRelFilePath(fileName, fileAttribute);
--- a/server/src/main/java/cn/keking/utils/SslUtils.java
+++ b/server/src/main/java/cn/keking/utils/SslUtils.java
@ -0,0 +1,42 @@
+package cn.keking.utils;
+
+import javax.net.ssl.*;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+
+/**
+ * @author 鞠玉果
+ */
+public class SslUtils {
+
+    private static void trustAllHttpsCertificates() throws Exception {
+        TrustManager[] trustAllCerts = new TrustManager[1];
+        TrustManager tm = new miTM();
+        trustAllCerts[0] = tm;
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustAllCerts, null);
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
+
+    static class miTM implements TrustManager, X509TrustManager {
+        public X509Certificate[] getAcceptedIssuers() {
+            return null;
+        }
+
+        public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
+        }
+
+        public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
+        }
+    }
+
+    /**
+     * 忽略HTTPS请求的SSL证书，必须在openConnection之前调用
+     */
+    public static void ignoreSsl() throws Exception {
+        HostnameVerifier hv = (urlHostName, session) -> true;
+        trustAllHttpsCertificates();
+        HttpsURLConnection.setDefaultHostnameVerifier(hv);
+    }
+
+}