美文网首页
Android Https证书过期解决方案

Android Https证书过期解决方案

作者: Silence_xl | 来源:发表于2023-03-05 23:07 被阅读0次

    应该有很多小伙伴遇到这样一个问题,在线上已发布的app里,关于https的cer证书过期,从而导致app所有网络请求失效无法使用。
      这个时候有人就要说了,应急发布一个已更新最新cer证书的apk不就完事了么,其实没那么简单,iOS还好可以通过appstore提供的api查询到新版本,但android就不一样了,需要调用自己Server端提供的api接口查询到新版本,并获取apk下载路径,问题是https都不能访问了,如何请求到版本信息呢?
      博主在这里提供2种解决方案
      方案一:将版本信息接口让后台改成http(不推荐,后台因素不可控),或者将本地https的设置一个不安全校验(推荐),代码如下:

    private static OkHttpClient newOkHttpClient(int timeout){         HttpLoggingInterceptor logging = new HttpLoggingInterceptor();        logging.setLevel(HttpLoggingInterceptor.Level.BODY);         return new OkHttpClient.Builder()                .addInterceptor(new RequestInfoInterceptor())                //.addInterceptor(logging)                .addNetworkInterceptor(new TokenHeaderInterceptor())                .sslSocketFactory(Certificate.getSSLSocketFactory())                //设置不安全校验                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())                .readTimeout(timeout, TimeUnit.SECONDS)                .writeTimeout(timeout, TimeUnit.SECONDS)                .build();    }     /**     *获取HostnameVerifier      */    public static HostnameVerifier getUnSafeHostnameVerifier() {        HostnameVerifier hostnameVerifier = new HostnameVerifier() {            @Override            public boolean verify(String s, SSLSession sslSession) {                return true;            }        };        return hostnameVerifier;    }

    方案二:将xxx.cer证书改成动态读取(以文件的方式从app沙盒里面读取即可),在https证书即将过期时,从服务器下载最新的cer证书更新到沙盒里面,App每次初始化网络请求时读取sdcard最新的证书文件,这样App就永远不会出现https证书过期导致无法使用的问题,流程图如下:

    image.png

    这里粘贴关键设置cer证书的代码

        private static OkHttpClient newOkHttpClient(int timeout){         HttpLoggingInterceptor logging = new HttpLoggingInterceptor();        logging.setLevel(HttpLoggingInterceptor.Level.BODY);         return new OkHttpClient.Builder()                .addInterceptor(new RequestInfoInterceptor())                //.addInterceptor(logging)                .addNetworkInterceptor(new TokenHeaderInterceptor())                .sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"}))                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())                .readTimeout(timeout, TimeUnit.SECONDS)                .writeTimeout(timeout, TimeUnit.SECONDS)                .build();    }      /**     * 带证书的,从本地文件读取     * @param context     * @param certificatesFiles  本地文件(通过下载到本地)     * @return     */    public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) {        if (context == null) {            throw new NullPointerException("context == null");        }        CertificateFactory certificateFactory;        try {            certificateFactory = CertificateFactory.getInstance("X.509");            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());            keyStore.load(null, null);             for (int i = 0; i < certificatesFiles.length; i++) {                InputStream certificate = new FileInputStream(certificatesFiles[i]);                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));                 if (certificate != null) {                    certificate.close();                }            }            SSLContext sslContext = SSLContext.getInstance("TLS");            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());            trustManagerFactory.init(keyStore);            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());            return sslContext.getSocketFactory();        } catch (Exception e) {         }        return null;    }   /**     * 带证书的,从raw资源中读取     * @param context     * @param certificates  rawIds     * @return     */    public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {        if (context == null) {            throw new NullPointerException("context == null");        }        CertificateFactory certificateFactory;        try {            certificateFactory = CertificateFactory.getInstance("X.509");            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());            keyStore.load(null, null);             for (int i = 0; i < certificates.length; i++) {                InputStream certificate = context.getResources().openRawResource(certificates[i]);                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));                 if (certificate != null) {                    certificate.close();                }            }            SSLContext sslContext = SSLContext.getInstance("TLS");            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());            trustManagerFactory.init(keyStore);            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());            return sslContext.getSocketFactory();        } catch (Exception e) {         }        return null;    }

    总结一下,方案一需要App升级解决证书过期问题,方案二无需升级即可解决升级问题,小伙伴们,设置证书用哪种方式,心里有答案了吧。
    代码虽简单,就当做个笔记。

    相关文章

      网友评论

          本文标题:Android Https证书过期解决方案

          本文链接:https://www.haomeiwen.com/subject/vywpldtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|Android Https证书过期解决方案|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!