忽略SSL证书的方法
1.创建信任管理器的基本接口X509TrustManager
//获取TrustManager
private static TrustManager[] getTrustManager() {
//不校检证书链
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) {
//不校检客户端证书
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) {
//不校检服务器证书
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
//OKhttp3.0以前返回null,3.0以后返回new X509Certificate[]{};
}
}
};
return trustAllCerts;
}
2. 创建SSLSocketFactory
//获取这个SSLSocketFactory
//通过这个类我们可以获得SSLSocketFactory,这个东西就是用来管理证书和信任证书的
public static SSLSocketFactory getSSLSocketFactory() {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, getTrustManager(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
//获取HostnameVerifier
public static HostnameVerifier getHostnameVerifier() {
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
//未真正校检服务器端证书域名
return true;
}
};
return hostnameVerifier;
}
3. Okhttp相关配置
public OkHttpClient getOkHttpClient() {
if (mOkHttpClient == null) {
mOkHttpClient = new OkHttpClient.Builder()
.connectTimeout(15, TimeUnit.SECONDS)
.sslSocketFactory(new SSLSocketClient().getSSLSocketFactory())//配置
.hostnameVerifier(new SSLSocketClient().getHostnameVerifier())//配置
// .readTimeout(10, TimeUnit.SECONDS)
.build();
}
return mOkHttpClient;
}
亲测管用!!!!!!!
原文链接:Android https请求证书处理
网友评论