OkHttp3.0 添加SSL证书信任
okhttp作为Android主要的网络请求框架之一,对okhttp的使用介绍网上资料也是一堆一堆的。
okhttp一个简单的网络请求:
Request request = new Request.Builder().get().url("https://www.baidu.com").build();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
OkHttpClient client = builder.build();
client.newCall(request).enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
}
@Override
public void onResponse(Call call, Response response) throws IOException {
}
});
这段代码没啥技术难度。
在开发中,为了网络安全,一般会使用https,数字验证,加强网络安全。
okhttp提供了sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)方法,验证数字签名。
我先获取数字证书,这里使用百度数字证书。
获取到证书,把证书拷贝到asset文件下。
private SSLSocketFactory getSSLSocketFactory() throws NoSuchAlgorithmException, KeyManagementException { SSLContext context = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = {new MyX509TrustManager()}; context.init(null, trustManagers, new SecureRandom()); return context.getSocketFactory(); }
private class MyX509TrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (chain == null) { throw new CertificateException("checkServerTrusted: X509Certificate array is null"); } if (chain.length < 1) { throw new CertificateException("checkServerTrusted: X509Certificate is empty"); } if (!(null != authType && authType.equals("ECDHE_RSA"))) { throw new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA"); } //检查所有证书 try { TrustManagerFactory factory = TrustManagerFactory.getInstance("X509"); factory.init((KeyStore) null); for (TrustManager trustManager : factory.getTrustManagers()) { ((X509TrustManager) trustManager).checkServerTrusted(chain, authType); } } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } //获取本地证书中的信息 String clientEncoded = ""; String clientSubject = ""; String clientIssUser = ""; try { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); InputStream inputStream = getAssets().open("baidu.cer"); X509Certificate clientCertificate = (X509Certificate) certificateFactory.generateCertificate(inputStream); clientEncoded = new BigInteger(1, clientCertificate.getPublicKey().getEncoded()).toString(16); clientSubject = clientCertificate.getSubjectDN().getName(); clientIssUser = clientCertificate.getIssuerDN().getName(); } catch (IOException e) { e.printStackTrace(); } //获取网络中的证书信息 X509Certificate certificate = chain[0]; PublicKey publicKey = certificate.getPublicKey(); String serverEncoded = new BigInteger(1, publicKey.getEncoded()).toString(16); if (!clientEncoded.equals(serverEncoded)) { throw new CertificateException("server's PublicKey is not equals to client's PublicKey"); } String subject = certificate.getSubjectDN().getName(); if (!clientSubject.equals(subject)) { throw new CertificateException("server's subject is not equals to client's subject"); } String issuser = certificate.getIssuerDN().getName(); if (!clientIssUser.equals(issuser)) { throw new CertificateException("server's issuser is not equals to client's issuser"); } } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }
代码中使用 builder.sslSocketFactory(getSSLSocketFactory(), new MyX509TrustManager())启用数字证书验证
转载请说明出处:https://mp.csdn.net/postedit/80245887
源代码传送门
更多相关文章
- Android(安卓)使用 HTTPS
- android使用jre自带工具生成证书
- 生成android自签名证书流程
- Android(安卓)keystore 签名证书的作用以及如何生成
- Mac下用Charles实现Android(安卓)http和https抓包
- Android(安卓)签名详解
- Android签名文件转化为pk8和pem
- [置顶] NoHttp详解之Android使用Https
- Android(安卓)打包成APK