Okhttp3 配置Https访问(使用PKCS12)证书

STEP 1 放置证书文件

将PKCS12证书和相关的trustStore文件放置在res/raw目录下
这里写图片描述

STEP2 创建自定义SSLFactory

import android.content.Context;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

/**
 * <b>类名称:</b> MineSSLFactory <br/>
 * <b>类描述:</b> <br/>
 * <b>创建人:</b> Lincoln <br/>
 * <b>修改人:</b> Lincoln <br/>
 * <b>修改时间:</b> 2017年03月29日 16:11<br/>
 * <b>修改备注:</b> <br/>
 *
 * @version 1.0.0 <br/>
 */
public class MineSSLFactory {
    private static final String KEY_STORE_TYPE_BKS = "bks";//证书类型
    private static final String KEY_STORE_TYPE_P12 = "PKCS12";//证书类型


    private static final String KEY_STORE_PASSWORD = "***";//证书密码(应该是客户端证书密码)
    private static final String KEY_STORE_TRUST_PASSWORD = "***";//授信证书密码(应该是服务端证书密码)

    public static SSLSocketFactory getSocketFactory(Context context) {
        InputStream trust_input = context.getResources().openRawResource(R.raw.client_trust);//服务器授信证书
        InputStream client_input = context.getResources().openRawResource(R.raw.client);//客户端证书
        try {
            SSLContext sslContext = SSLContext.getInstance("TLS");
            KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
            trustStore.load(trust_input, KEY_STORE_TRUST_PASSWORD.toCharArray());
            KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);
            keyStore.load(client_input, KEY_STORE_PASSWORD.toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, KEY_STORE_PASSWORD.toCharArray());
            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
            SSLSocketFactory factory = sslContext.getSocketFactory();
            return factory;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        } finally {
            try {
                trust_input.close();
                client_input.close();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
}

STEP3 将自定义的SSLFactory加载到OKhttpClient中

new OkHttpClient.Builder()
                .addNetworkInterceptor(interceptor)
                .addNetworkInterceptor(cacheInterceptor)
                .addNetworkInterceptor(new StethoInterceptor())
                //将自定义SSLFactory加载到OKhttpClient,context对象就是Android 系统中常用的那个
.sslSocketFactory(HospitalSSLFactory.getSocketFactory(context))
                .retryOnConnectionFailure(true)
                //此处将hostnameVerifier 验证关闭掉,会使SSL的安全性降低,如果想要使用这个验证,请不要使用私签证书,注释掉下面这段代码,运行体验一下
                .hostnameVerifier((hostname, session) -> true)
                .connectTimeout(50, TimeUnit.SECONDS)
                .writeTimeout(50, TimeUnit.SECONDS)
                .readTimeout(30, TimeUnit.SECONDS)
                .build();

以上代码配置完成后,只需要将Http协议换成Https协议即可使用.

已标记关键词 清除标记
©️2020 CSDN 皮肤主题: 撸撸猫 设计师:设计师小姐姐 返回首页