search

xingePush / xinge-api-java

信鸽ServerSDK-Java版本
54 stars 29 forks source link

1.2.0 XingeApp中证书是不是没有考虑到ssl证书问题 #23

Open bhtj27 opened 6 years ago

bhtj27 commented 6 years ago

在XingeApp类:掉了一句https.setHostnameVerifier(new TrustAnyHostnameVerifier());吧,不然ssl证书验证过不去。

private JSONObject callRestful(String apiAddress, String jsonRequestString) {

    URL url;
    HttpURLConnection http = null;
    InputStreamReader isr = null;
    BufferedReader br = null;
    String ret = "";
    String temp;
    JSONObject jsonRet = null;

    try {
        url = new URL(null, apiAddress, new com.sun.net.ssl.internal.www.protocol.https.Handler());
        URLConnection con = url.openConnection();
        http = (HttpURLConnection) con;
        http.setRequestMethod(RESTAPI_V3.HTTP_POST);
        http.setDoOutput(true);
        http.setRequestProperty("Authorization", "Basic " + authStringEnc);

        byte[] out = jsonRequestString.getBytes(StandardCharsets.UTF_8);
        int length = out.length;

        http.setFixedLengthStreamingMode(length);
        http.setRequestProperty("Content-Type", "application/json; charset=UTF-8");

        http.connect();
        try {
            OutputStream os = http.getOutputStream();
            os.write(out);

        } catch (Exception e) {

        }

        http.getOutputStream().flush();
        http.getOutputStream().close();
        isr = new InputStreamReader(http.getInputStream());
        br = new BufferedReader(isr);
        while ((temp = br.readLine()) != null) {
            ret += temp;
        }
        jsonRet = new JSONObject(ret);

    } catch (MalformedURLException e) {
        jsonRet = new JSONObject();
        jsonRet.put("ret_code", 10100);
        jsonRet.put("err_msg", stringifyError(e));

    } catch (IOException e) {
        jsonRet = new JSONObject();
        jsonRet.put("ret_code", 10101);
        jsonRet.put("err_msg", stringifyError(e));

    } finally {
        if (br != null) {
            try {
                br.close();
            } catch (IOException e) {
                // ignore
            }
        }
        if (isr != null) {
            try {
                isr.close();
            } catch (IOException e) {
                // ignore
            }
        }
        if (http != null) {
            http.disconnect();
        }
    }

    return jsonRet;
}
caofangkun commented 6 years ago

@bhtj27 我看如下代码位置是有 https.setHostnameVerifier(new TrustAnyHostnameVerifier()); 这行代码的

https://github.com/xingePush/xinge-api-java/blob/master/src/main/java/com/tencent/xinge/XingeApp.java#L97

bhtj27 commented 6 years ago

@bhtj27 我看如下代码位置是有 https.setHostnameVerifier(new TrustAnyHostnameVerifier()); 这行代码的

https://github.com/xingePush/xinge-api-java/blob/master/src/main/java/com/tencent/xinge/XingeApp.java#L97

我说的是1.2.0的jar,不是mater分支,当时直接用最新的1.2.0的jar包,直接报错。最后才换成1.1.8的

xiaoshyang commented 6 years ago

callRestful 为何加synchronized 关键字,不都是局部变量吗?