美文网首页Android开发
Android 5.0以下Glide加载https图片问题

Android 5.0以下Glide加载https图片问题

作者: 阳光男孩joe | 来源:发表于2017-03-08 19:42 被阅读2045次

    glide加载https图片:https://futurestud.io/tutorials/glide-module-example-accepting-self-signed-https-certificates#0

    OkHttp在4.4及以下不支持TLS协议的解决方法:

    http://www.cnblogs.com/daquexian/p/5883585.html

    在做超理论坛app的过程中,遇到许多用户反馈在他们的手机上客户端不能访问网络,我问了他们的手机型号和Android系统版本,全部是5.0以下的,之后我自己运行API19(4.4)的Android模拟器,也遇到了同样的错误。

    错误信息如下:

    javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x79f145b0: Failure in SSL library, usually a protocol error

    error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

    因为之前没有太多接触过网络协议,这个问题也确实很难搜到,所以我找了很久,才找到了原因:Android 4.4及以下的系统默认不支持TLS协议,所以遇到使用TLS协议的网站就无法访问了。

    解决方法如下:创建一个SSLSocketFactoryCompat.java文件,内容如下:

    import java.io.IOException;

    import java.net.InetAddress;

    import java.net.Socket;

    import java.net.UnknownHostException;

    import java.security.GeneralSecurityException;

    import java.util.Arrays;

    import java.util.HashSet;

    import java.util.LinkedList;

    import java.util.List;

    import javax.net.ssl.SSLContext;

    import javax.net.ssl.SSLSocket;

    import javax.net.ssl.SSLSocketFactory;

    import javax.net.ssl.X509TrustManager;

    public class SSLSocketFactoryCompat extends SSLSocketFactory {

    private SSLSocketFactory defaultFactory;

    // Android 5.0+ (API level21) provides reasonable default settings

    // but it still allows SSLv3

    // https://developer.android.com/about/versions/android-5.0-changes.html#ssl

    static String protocols[] = null, cipherSuites[] = null;

    static {

    try {

    SSLSocket socket = (SSLSocket)SSLSocketFactory.getDefault().createSocket();

    if (socket != null) {

    /* set reasonable protocol versions */

    // - enable all supported protocols (enables TLSv1.1 and TLSv1.2 on Android <5.0)

    // - remove all SSL versions (especially SSLv3) because they're insecure now

    List protocols = new LinkedList<>();

    for (String protocol : socket.getSupportedProtocols())

    if (!protocol.toUpperCase().contains("SSL"))

    protocols.add(protocol);

    SSLSocketFactoryCompat.protocols = protocols.toArray(new String[protocols.size()]);

    /* set up reasonable cipher suites */

    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP) {

    // choose known secure cipher suites

    List allowedCiphers = Arrays.asList(

    // TLS 1.2

    "TLS_RSA_WITH_AES_256_GCM_SHA384",

    "TLS_RSA_WITH_AES_128_GCM_SHA256",

    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",

    "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",

    "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",

    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",

    "TLS_ECHDE_RSA_WITH_AES_128_GCM_SHA256",

    // maximum interoperability

    "TLS_RSA_WITH_3DES_EDE_CBC_SHA",

    "TLS_RSA_WITH_AES_128_CBC_SHA",

    // additionally

    "TLS_RSA_WITH_AES_256_CBC_SHA",

    "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",

    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",

    "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",

    "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA");

    List availableCiphers = Arrays.asList(socket.getSupportedCipherSuites());

    // take all allowed ciphers that are available and put them into preferredCiphers

    HashSet preferredCiphers = new HashSet<>(allowedCiphers);

    preferredCiphers.retainAll(availableCiphers);

    /* For maximum security, preferredCiphers should *replace* enabled ciphers (thus disabling

    * ciphers which are enabled by default, but have become unsecure), but I guess for

    * the security level of DAVdroid and maximum compatibility, disabling of insecure

    * ciphers should be a server-side task */

    // add preferred ciphers to enabled ciphers

    HashSet enabledCiphers = preferredCiphers;

    enabledCiphers.addAll(new HashSet<>(Arrays.asList(socket.getEnabledCipherSuites())));

    SSLSocketFactoryCompat.cipherSuites = enabledCiphers.toArray(new String[enabledCiphers.size()]);

    }

    }

    } catch (IOException e) {

    throw new RuntimeException(e);

    }

    }

    public SSLSocketFactoryCompat(X509TrustManager tm) {

    try {

    SSLContext sslContext = SSLContext.getInstance("TLS");

    sslContext.init(null, (tm != null) ? new X509TrustManager[] { tm } : null, null);

    defaultFactory = sslContext.getSocketFactory();

    } catch (GeneralSecurityException e) {

    throw new AssertionError(); // The system has no TLS. Just give up.

    }

    }

    private void upgradeTLS(SSLSocket ssl) {

    // Android 5.0+ (API level21) provides reasonable default settings

    // but it still allows SSLv3

    // https://developer.android.com/about/versions/android-5.0-changes.html#ssl

    if (protocols != null) {

    ssl.setEnabledProtocols(protocols);

    }

    if (Build.VERSION.SDK_INT < Build.VERSION_CODES.LOLLIPOP && cipherSuites != null) {

    ssl.setEnabledCipherSuites(cipherSuites);

    }

    }

    @Override

    public String[] getDefaultCipherSuites() {

    return cipherSuites;

    }

    @Override

    public String[] getSupportedCipherSuites() {

    return cipherSuites;

    }

    @Override

    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {

    Socket ssl = defaultFactory.createSocket(s, host, port, autoClose);

    if (ssl instanceof SSLSocket)

    upgradeTLS((SSLSocket)ssl);

    return ssl;

    }

    @Override

    public Socket createSocket(String host, int port) throws IOException, UnknownHostException {

    Socket ssl = defaultFactory.createSocket(host, port);

    if (ssl instanceof SSLSocket)

    upgradeTLS((SSLSocket)ssl);

    return ssl;

    }

    @Override

    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException, UnknownHostException {

    Socket ssl = defaultFactory.createSocket(host, port, localHost, localPort);

    if (ssl instanceof SSLSocket)

    upgradeTLS((SSLSocket)ssl);

    return ssl;

    }

    @Override

    public Socket createSocket(InetAddress host, int port) throws IOException {

    Socket ssl = defaultFactory.createSocket(host, port);

    if (ssl instanceof SSLSocket)

    upgradeTLS((SSLSocket)ssl);

    return ssl;

    }

    @Override

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {

    Socket ssl = defaultFactory.createSocket(address, port, localAddress, localPort);

    if (ssl instanceof SSLSocket)

    upgradeTLS((SSLSocket)ssl);

    return ssl;

    }

    }

    在创建OkHttpClient的时候,添加这个SSLSocketFactory(我用单例模式来每次获取同一个全局的OkHttpClient,每个人的实现不一定一样,从我的代码里参考问题的解决方法就好):

    public synchronized static OkHttpClient getClient(){

    if (okHttpClient == null) {

    OkHttpClient.Builder builder = new OkHttpClient.Builder();

    try {

    // 自定义一个信任所有证书的TrustManager,添加SSLSocketFactory的时候要用到

    final X509TrustManager trustAllCert =

    new X509TrustManager() {

    @Override

    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {

    }

    @Override

    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {

    }

    @Override

    public java.security.cert.X509Certificate[] getAcceptedIssuers() {

    return new java.security.cert.X509Certificate[]{};

    }

    };

    final SSLSocketFactory sslSocketFactory = new SSLSocketFactoryCompat(trustAllCert);

    builder.sslSocketFactory(sslSocketFactory, trustAllCert);

    } catch (Exception e) {

    throw new RuntimeException(e);

    }

    okHttpClient = builder.build();

    }

    return okHttpClient;

    }

    相关文章

      网友评论

        本文标题:Android 5.0以下Glide加载https图片问题

        本文链接:https://www.haomeiwen.com/subject/bacigttx.html