I'm working on a Java program that will send POST requests to a website for my company to use. We do not own this website, they are separate from us. I've been fighting with various ways to actually pass it the very picky parameters it wants in order for me to do work on it from a program (as opposed to doing it manually).

我正在开发一个 Java 程序，该程序会将 POST 请求发送到我的公司使用的网站。我们不拥有本网站，他们与我们分开。我一直在用各种方法来实际传递它想要的非常挑剔的参数，以便我从程序中对其进行处理（而不是手动进行）。

I've found that the Apache HttpClient 4.3 seems to be my best route for actually trying to access it, anything results in a angry response from the website telling me my username and password and not valid/authorized.

我发现 Apache HttpClient 4.3 似乎是我实际尝试访问它的最佳途径，任何事情都会导致网站的愤怒响应告诉我我的用户名和密码并且无效/未授权。

But then I got an error because the site certificate doesn't match, I contacted their support and they reportedly share an infrastructure with another site so the certificate mismatch is expected.

但是后来我收到一个错误，因为站点证书不匹配，我联系了他们的支持人员，据报道他们与另一个站点共享一个基础设施，因此预计证书不匹配。

So I went commandline and generated a keystore, passed that to the program and then got the error "java.security.cert.CertificateException: No subject alternative DNS name matching".

所以我去命令行并生成了一个密钥库，将它传递给程序，然后得到错误“java.security.cert.CertificateException：没有主题替代 DNS 名称匹配”。

Some hunting lead me to utilize a verifier, which removed errors.

一些狩猎让我使用了一个验证器，它消除了错误。

Then I realized that I can't make URLConnection/HttpsURLConnection and HttpClient/HttpPost work together. That's where I'm stuck. I'm not sure how to make the code that handles my keystore, TrustManager, SSLSocketFactory, etc connect to the part where I actually have to connect and POST.

然后我意识到我不能让 URLConnection/HttpsURLConnection 和 HttpClient/HttpPost 一起工作。这就是我被困的地方。我不确定如何使处理我的密钥库、TrustManager、SSLSocketFactory 等的代码连接到我实际必须连接和 POST 的部分。

Code that handles the certificates and verification:

处理证书和验证的代码：

  InputStream in = new FileInputStream(new File("C:\Program Files (x86)\Java\jre7\bin\my.keystore")); 
   KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); 
    ks.load(in, "blahblah".toCharArray()); 
in.close(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); 
    tmf.init(ks);
     X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0]; 
     SSLContext context = SSLContext.getInstance("TLS"); 
     context.init(null, new TrustManager[] {defaultTrustManager}, null); 
     javax.net.ssl.SSLSocketFactory sslSocketFactory = context.getSocketFactory();

URL url = new URL("https://emailer.driveclick.com/dbadmin/xml_post.pl"); 

     URLConnection con = url.openConnection(); 
    ((HttpsURLConnection) con).setSSLSocketFactory(sslSocketFactory); 
   ((HttpsURLConnection) con).setHostnameVerifier(new Verifier());
     con.connect(); 
    in = con.getInputStream();

Code that should be connecting me to the website:

应该将我连接到网站的代码：

 try {
        //log into the website

        String url2 = "https://emailer.driveclick.com/dbadmin/xml_post.pl";
        HttpClient client = HttpClientBuilder.create().build();



        HttpPost post = new HttpPost(url2);


        post.setHeader("User-Agent", USER_AGENT);

        List<BasicNameValuePair> urlParameters = new ArrayList<>();
        urlParameters.add(new BasicNameValuePair("username", "namefoo"));
        urlParameters.add(new BasicNameValuePair("api_password", "passfoo"));

        post.setEntity(new UrlEncodedFormEntity(urlParameters));

        org.apache.http.HttpResponse response = client.execute(post);

        System.out.println("\nSending 'POST' request to URL : " + url2);
        System.out.println("Post parameters : " + post.getEntity());
        System.out.println("Response Code : " + response.getStatusLine().getStatusCode());

        BufferedReader rd = new BufferedReader(new InputStreamReader(response.getEntity().getContent()));
        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = rd.readLine()) != null)
        {
            result.append(line);
        }
        System.out.println(result.toString());
    } catch (UnsupportedEncodingException ex) {
        Logger.getLogger(LastFileMove.class.getName()).log(Level.SEVERE, null, ex);
    } catch (IOException ex) {
        Logger.getLogger(LastFileMove.class.getName()).log(Level.SEVERE, null, ex);
    }

EDIT: I forgot to include the little class I made for the Verifier that I referenced.

编辑：我忘了包括我为我引用的验证器制作的小类。

public class Verifier implements HostnameVerifier 
{

public boolean verify(String arg0, SSLSession arg1) {
        return true;   // mark everything as verified
}
}

Update 5/8/2014SSLConext and Verifier are now set up like this:

2014 年 5 月8 日更新 SSLConext和验证程序现在设置如下：

SSLContext sslContext = SSLContexts.custom()
    .useTLS()
    .loadTrustMaterial(ks)
    .build(); 
X509HostnameVerifier verifier = new AbstractVerifier() 
{
@Override
public void verify(final String host, final String[] 
cns, final String[] subjectAlts) throws SSLException 
{
    verify(host, cns, subjectAlts, true);
}
};

And I've gone ahead and changed my HttpClient to a closeable one here:

我已经继续将我的 HttpClient 更改为可关闭的：

CloseableHttpClient client = HttpClients.custom()
sslSocketFactory)
.setHostnameVerifier(verifier)
.setSslcontext(sslContext)
.build();

And I'm back to having "javax.net.ssl.SSLException: hostname in certificate didn't match" errors. Suggestions?

我又回到了“javax.net.ssl.SSLException：证书中的主机名不匹配”错误。建议？