🔒 修复 #I5LA7X

IJPay-Core/src/main/java/com/ijpay/core/http/AbstractHttpDelegate.java

 package com.ijpay.core.http;
 
 import cn.hutool.core.io.FileUtil;
+import cn.hutool.core.net.SSLContextBuilder;
+import cn.hutool.core.net.SSLProtocols;
 import cn.hutool.http.HttpRequest;
 import cn.hutool.http.HttpResponse;
 import cn.hutool.http.HttpUtil;
-import cn.hutool.http.ssl.SSLSocketFactoryBuilder;
 import com.ijpay.core.IJPayHttpResponse;
 
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLSocketFactory;
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 import java.util.Map;
@@ -241,14 +244,9 @@ public abstract class AbstractHttpDelegate {
     public String upload(String url, String data, String certPath, String certPass, String filePath, String protocol) {
         try {
             File file = FileUtil.newFile(filePath);
+            SSLSocketFactory sslSocketFactory = getSslSocketFactory(certPath, null, certPass, protocol);
             return HttpRequest.post(url)
-                    .setSSLSocketFactory(SSLSocketFactoryBuilder
-                            .create()
-                            .setProtocol(protocol)
-                            .setKeyManagers(getKeyManager(certPass, certPath, null))
-                            .setSecureRandom(new SecureRandom())
-                            .build()
-                    )
+                    .setSSLSocketFactory(sslSocketFactory)
                     .header("Content-Type", "multipart/form-data;boundary=\"boundary\"")
                     .form("file", file)
                     .form("meta", data)
@@ -270,7 +268,7 @@ public abstract class AbstractHttpDelegate {
      * @return {@link String}  请求返回的结果
      */
     public String upload(String url, String data, String certPath, String certPass, String filePath) {
-        return upload(url, data, certPath, certPass, filePath, SSLSocketFactoryBuilder.TLSv1);
+        return upload(url, data, certPath, certPass, filePath, SSLProtocols.TLSv1);
     }
 
     /**
@@ -285,14 +283,9 @@ public abstract class AbstractHttpDelegate {
      */
     public String post(String url, String data, String certPath, String certPass, String protocol) {
         try {
+            SSLSocketFactory socketFactory = getSslSocketFactory(certPath, null, certPass, protocol);
             return HttpRequest.post(url)
-                    .setSSLSocketFactory(SSLSocketFactoryBuilder
-                            .create()
-                            .setProtocol(protocol)
-                            .setKeyManagers(getKeyManager(certPass, certPath, null))
-                            .setSecureRandom(new SecureRandom())
-                            .build()
-                    )
+                    .setSSLSocketFactory(socketFactory)
                     .body(data)
                     .execute()
                     .body();
@@ -301,6 +294,7 @@ public abstract class AbstractHttpDelegate {
         }
     }
 
+
     /**
      * post 请求
      *
@@ -311,7 +305,7 @@ public abstract class AbstractHttpDelegate {
      * @return {@link String} 请求返回的结果
      */
     public String post(String url, String data, String certPath, String certPass) {
-        return post(url, data, certPath, certPass, SSLSocketFactoryBuilder.TLSv1);
+        return post(url, data, certPath, certPass, SSLProtocols.TLSv1);
     }
 
     /**
@@ -326,14 +320,9 @@ public abstract class AbstractHttpDelegate {
      */
     public String post(String url, String data, InputStream certFile, String certPass, String protocol) {
         try {
+            SSLSocketFactory sslSocketFactory = getSslSocketFactory(certPass, certFile, null, protocol);
             return HttpRequest.post(url)
-                    .setSSLSocketFactory(SSLSocketFactoryBuilder
-                            .create()
-                            .setProtocol(protocol)
-                            .setKeyManagers(getKeyManager(certPass, null, certFile))
-                            .setSecureRandom(new SecureRandom())
-                            .build()
-                    )
+                    .setSSLSocketFactory(sslSocketFactory)
                     .body(data)
                     .execute()
                     .body();
@@ -352,7 +341,7 @@ public abstract class AbstractHttpDelegate {
      * @return {@link String} 请求返回的结果
      */
     public String post(String url, String data, InputStream certFile, String certPass) {
-        return post(url, data, certFile, certPass, SSLSocketFactoryBuilder.TLSv1);
+        return post(url, data, certFile, certPass, SSLProtocols.TLSv1);
     }
 
     /**
@@ -496,10 +485,18 @@ public abstract class AbstractHttpDelegate {
         if (certFile != null) {
             clientStore.load(certFile, certPass.toCharArray());
         } else {
-            clientStore.load(new FileInputStream(certPath), certPass.toCharArray());
+            clientStore.load(Files.newInputStream(Paths.get(certPath)), certPass.toCharArray());
         }
         KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
         kmf.init(clientStore, certPass.toCharArray());
         return kmf.getKeyManagers();
     }
+
+    private SSLSocketFactory getSslSocketFactory(String certPath, InputStream certFile, String certPass, String protocol) throws Exception {
+        SSLContextBuilder sslContextBuilder = SSLContextBuilder.create();
+        sslContextBuilder.setProtocol(protocol);
+        sslContextBuilder.setKeyManagers(getKeyManager(certPass, certPath, certFile));
+        sslContextBuilder.setSecureRandom(new SecureRandom());
+        return sslContextBuilder.buildChecked().getSocketFactory();
+    }
 }