SSLPeerUnverifiedException (Unirest)

Question

我刚开始使用API(包括官方的和非官方的)，我使用的是一个叫做JavaSnap的API。我一直在处理示例代码的一个非常基本的实现，但一直遇到错误。以下是非常基本的代码：

Snapchat snapchat = Snapchat.login("xxxx", "xxxxx");

首先，我遇到了大量的ClassNotFound错误，不得不继续下载apache模块(公用组件、httpcomponents等)。为了允许程序进展，但作为类文件，这意味着我不能同时看到我需要下载的模块。所以如果有人想告诉我我做错了什么，那就放心吧。

无论如何，现在清除了所有的ClassNotFound异常(我希望)，我得到了以下异常：

com.mashape.unirest.http.exceptions.UnirestException: javax.net.ssl.SSLPeerUnverifiedException: Host name 'feelinsonice-hrd.appspot.com' does not match the certificate subject provided by the peer (CN=*.appspot.com, O=Google Inc, L=Mountain View, ST=California, C=US)
    at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:146)
    at com.mashape.unirest.request.BaseRequest.asJson(BaseRequest.java:68)
    at com.habosa.javasnap.Snapchat.requestJson(Snapchat.java:953)
    at com.habosa.javasnap.Snapchat.login(Snapchat.java:160)
    at Tester.go(Tester.java:21)

据我所知，这是因为我需要启用对所有证书的信任，然而，要做到这一点，我相信我需要在SSLSocketFactorys中使用SSLSocketFactorys，但我不能真正开始处理这个问题，因为我只有JavaSnap API的源代码，并且对堆栈进行跟踪--我可以编辑的最新方法是：

private static HttpResponse<JsonNode> requestJson(String path, Map<String, Object> params, File file) throws UnirestException {
        MultipartBody req = prepareRequest(path, params, file);

        // Execute and return response as JSON
        HttpResponse<JsonNode> resp = req.asJson();

        // Record
        lastRequestPath = path;
        lastResponse = resp;
        lastResponseBodyClass = JsonNode.class;

        return resp;

我的问题是，我的想法真的正确吗？

如果我是，如何实现我的目标，消除这个错误/信任证书？如果我不是，那实际上有什么问题？

非常感谢

Answer 1

我回答这个老问题是为了记住我的搜索，证书错误解决方案是来自几个地方的组合。

• https://github.com/Mashape/unirest-java/issues/70，我从哪里开始的。
• http://literatejava.com/networks/ignore-ssl-certificate-errors-apache-httpclient-4-4/非常好的解释。
• http://www.baeldung.com/httpclient-ssl，所有版本的解决方案。

import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;

import javax.net.ssl.SSLContext;
import javax.security.cert.CertificateException;
import javax.security.cert.X509Certificate;

import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;

import com.mashape.unirest.http.HttpResponse;
import com.mashape.unirest.http.JsonNode;
import com.mashape.unirest.http.Unirest;
import com.mashape.unirest.http.exceptions.UnirestException;

public class XXX {

    private static HttpClient unsafeHttpClient;

    static {
        try {
            SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy() {
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }
            }).build();

            unsafeHttpClient = HttpClients.custom().setSSLContext(sslContext)
                    .setSSLHostnameVerifier(new NoopHostnameVerifier()).build();

        } catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException e) {
            e.printStackTrace();
        }
    }

    public static HttpClient getClient() {
        return unsafeHttpClient;
    }

    public static void main(String[] args) {

        try {
            HttpClient creepyClient = RestUnirestClient.getClient();
            Unirest.setHttpClient(creepyClient);

            HttpResponse<JsonNode> response = Unirest.get("https://httpbin.org/get?show_env=1").asJson();
            System.out.println(response.getBody().toString());

        } catch (UnirestException e) {
            e.printStackTrace();
        }
    }
}