retrofit 添加SSL证书校验

作者: xiaotimel | 来源:发表于2020-08-22 15:24 被阅读0次

retrofit 添加SSL证书校验
android webview ssl校验
Spring Boot前后端分离项目配置SSL证书——HTTPS
SSL证书校验
SSL证书生成过程
iOS通过AFNetworking实现HTTPS双向认证
App SSL证书校验
SSL证书校验失败……
Nginx下配置SSL证书
一天一道面试题—— HTTPS

使用https时添加证书防止捉包

 public static class SSLParams {
        public SSLSocketFactory sSLSocketFactory;
        public X509TrustManager trustManager;
    }

读取ssl证书

 /**
     * 获去信任自签证书的trustManager
     *
     * @return 信任自签证书的trustManager
     * @throws GeneralSecurityException
     */
    public static HttpsUtils.SSLParams getSslSocketFactory(List<InputStream> certificates) {
        if (certificates == null || certificates.size() <= 0) {
            return null;
        }
        try {
            HttpsUtils.SSLParams sslParams = new HttpsUtils.SSLParams();
            //创建证书工厂
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);

            int index = 0;
            //将所有证书放入证书放入keystore中
            for (InputStream certificate : certificates) {
                String certificateAlias = Integer.toString(index++);
                Certificate cer = certificateFactory.generateCertificate(certificate);
                keyStore.setCertificateEntry(certificateAlias, cer);
                try {

                    if (certificate != null) {
                        certificate.close();
                    }

                } catch (IOException e) {
                    e.printStackTrace();
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);

            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            SSLContext sslContext = SSLContext.getInstance("TLS");
            final List<X509TrustManager> x509trustManagers = new ArrayList<X509TrustManager>();
            for (TrustManager tm : trustManagers) {
                if (tm instanceof X509TrustManager) {
                    x509trustManagers.add((X509TrustManager) tm);
                }
            }

            X509TrustManager trustManager = new X509TrustManager() {

                @Override
                public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {

                }

                @Override
                public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException, CertificateException {
                    for (X509TrustManager tm : x509trustManagers) {
                        tm.checkServerTrusted(x509Certificates, s);
                    }
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return new X509Certificate[0];
                }
            };

            sslContext.init(null, new TrustManager[]{trustManager}, null);
            sslParams.sSLSocketFactory = sslContext.getSocketFactory();
            sslParams.trustManager = trustManager;
            return sslParams;
        }catch (Exception e){
            e.printStackTrace();
        }
        return null;
    }

添加到retrofit中方

 private OkHttpClient mOkHttpClient;
 private OkHttpClient.Builder mBuilder;

private void init(){
mBuilder = new OkHttpClient.Builder();
mOkHttpClient = mBuilder.build();
mBuilder.sslSocketFactory(sslParams.sSLSocketFactory, sslParams.trustManager);
mRetrofit = new Retrofit.Builder()
                .client(mOkHttpClient)
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                .baseUrl(baseUrl)
                .build();
}