本文主要是介绍Okhttp3 配置Https访问(使用PKCS12)证书,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
STEP 1 放置证书文件
将PKCS12证书和相关的trustStore文件放置在res/raw目录下
STEP2 创建自定义SSLFactory
import android.content.Context;import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;/*** <b>类名称:</b> MineSSLFactory <br/>* <b>类描述:</b> <br/>* <b>创建人:</b> Lincoln <br/>* <b>修改人:</b> Lincoln <br/>* <b>修改时间:</b> 2017年03月29日 16:11<br/>* <b>修改备注:</b> <br/>** @version 1.0.0 <br/>*/
public class MineSSLFactory {private static final String KEY_STORE_TYPE_BKS = "bks";//证书类型private static final String KEY_STORE_TYPE_P12 = "PKCS12";//证书类型private static final String KEY_STORE_PASSWORD = "***";//证书密码(应该是客户端证书密码)private static final String KEY_STORE_TRUST_PASSWORD = "***";//授信证书密码(应该是服务端证书密码)public static SSLSocketFactory getSocketFactory(Context context) {InputStream trust_input = context.getResources().openRawResource(R.raw.client_trust);//服务器授信证书InputStream client_input = context.getResources().openRawResource(R.raw.client);//客户端证书try {SSLContext sslContext = SSLContext.getInstance("TLS");KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());trustStore.load(trust_input, KEY_STORE_TRUST_PASSWORD.toCharArray());KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);keyStore.load(client_input, KEY_STORE_PASSWORD.toCharArray());TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(trustStore);KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyManagerFactory.init(keyStore, KEY_STORE_PASSWORD.toCharArray());sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());SSLSocketFactory factory = sslContext.getSocketFactory();return factory;} catch (Exception e) {e.printStackTrace();return null;} finally {try {trust_input.close();client_input.close();} catch (IOException e) {e.printStackTrace();}}}
}
STEP3 将自定义的SSLFactory加载到OKhttpClient中
new OkHttpClient.Builder().addNetworkInterceptor(interceptor).addNetworkInterceptor(cacheInterceptor).addNetworkInterceptor(new StethoInterceptor())//将自定义SSLFactory加载到OKhttpClient,context对象就是Android 系统中常用的那个
.sslSocketFactory(HospitalSSLFactory.getSocketFactory(context)).retryOnConnectionFailure(true)//此处将hostnameVerifier 验证关闭掉,会使SSL的安全性降低,如果想要使用这个验证,请不要使用私签证书,注释掉下面这段代码,运行体验一下.hostnameVerifier((hostname, session) -> true).connectTimeout(50, TimeUnit.SECONDS).writeTimeout(50, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).build();以上代码配置完成后,只需要将Http协议换成Https协议即可使用.
这篇关于Okhttp3 配置Https访问(使用PKCS12)证书的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
