Android 忽略https证书

一、HttpUrlConnection/HttpsUrlConnection

添加以下类，直接调用HTTPSTrustManager.allowAllSSL()

还一种方式是创建HttpURLConnection对象之后，直接设置urlConnection.setSSLSocketFactory和urlConnection.setHostnameVerifier

注意：

1）allowAllSSL()需要在openConnection()之前调用；

2）由于HttpUrlConnection是HttpsUrlConnection的父类，HTTPSTrustManager.allowAllSSL()适用于两种方式。

package com.hzsun.handpos.utils;

import java.security.SecureRandom;

import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;

import javax.net.ssl.HttpsURLConnection;

import javax.net.ssl.SSLContext;

import javax.net.ssl.SSLSession;

import javax.net.ssl.TrustManager;

import javax.net.ssl.X509TrustManager;

public class HTTPSTrustManagerimplements X509TrustManager {

private static TrustManager[]trustManagers;

    private static final X509Certificate[]_AcceptedIssuers =new X509Certificate[]{};

    @Override

    public void checkClientTrusted (

X509Certificate[] x509Certificates, String s)

throws java.security.cert.CertificateException {

// To change body of implemented methods use File | Settings | File

// Templates.

    }

@Override

    public void checkServerTrusted(

X509Certificate[] x509Certificates, String s)

throws java.security.cert.CertificateException {

// To change body of implemented methods use File | Settings | File

// Templates.

    }

@Override

    public X509Certificate[]getAcceptedIssuers() {

return _AcceptedIssuers;

    }

public static void allowAllSSL() {

HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

@Override

            public boolean verify(String arg0, SSLSession arg1) {

// TODO Auto-generated method stub

                return true;

            }

});

        SSLContext context =null;

        if (trustManagers ==null) {

trustManagers =new TrustManager[] {new HTTPSTrustManager() };

        }

try {

context = SSLContext.getInstance("SSL");

            context.init(null, trustManagers, new SecureRandom());

        }catch (Exception e) {

e.printStackTrace();

        }

javax.net.ssl.SSLSocketFactory socketFactory =context.getSocketFactory();

        HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);

    }

}

二、OkHttp（由于Retrofit基于OkHttp，获取HttpClient之后设置方法同理）

通过以下方法创建OkHttpClient 对象

private static OkHttpClientgetUnsafeOkHttpClient() {

try {

// Create a trust manager that does not validate certificate chains

        final TrustManager[] trustAllCerts =new TrustManager[]{

new X509TrustManager() {

@Override

                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType){

}

@Override

                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {

}

@Override

                    public java.security.cert.X509Certificate[]getAcceptedIssuers() {

return new java.security.cert.X509Certificate[]{};

                    }

}

};

        // Install the all-trusting trust manager

        final SSLContext sslContext = SSLContext.getInstance("SSL");

        sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

        // Create an ssl socket factory with our all-trusting manager

        final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

        OkHttpClient.Builder builder =new OkHttpClient.Builder();

        builder.sslSocketFactory(sslSocketFactory);

        builder.hostnameVerifier(new HostnameVerifier() {

@Override

            public boolean verify(String hostname, SSLSession session) {

return true;

            }

});

        OkHttpClient okHttpClient = builder.build();

        return okHttpClient;

    }catch (Exception e) {

throw new RuntimeException(e);

    }

}