准备工作
1)电脑支持keytool命令(自行百度)
2)下载bcprov-jdk16-146.jar
3)server develper 提供自签名的证书server.cer
4) server.cer 转 server.bks
bcprov-jdk16-146.jar 和server.cer放在同一个文件夹中,在该文件夹中打开cmd,执行:
keytool -importcert -v -trustcacerts -file “server.cer” -alias server_alias -keystore “server.bks” -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath “bcprov-jdk16-146.jar” -storetype BKS -storepass password
注意:bcprov-jdk16-146.jar版本不一样的修改命令,password 是自己设置的校验密码。
开发
1)server.bks放在raw文件夹下面。
2)创建SslSocketClient类
package xxx;
import android.content.Context;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
/**
* Created by wxa.
* 忽略https证书验证
*/
public class SslSocketClient {
/**
* 获取bks文件的sslsocketfactory.
*
* @param context c
* @return s
*/
public static SSLSocketFactory getSslSocketFactory(Context context) {
//信任证书密码,就是server.cer转成server.bks时指定的password
final String client_trust_password = "password";
final String serverUrl = "192.168.1.1";//自己服务器的IP
final String client_agreement = "TLS";//使用协议
final String client_trust_keystore = "BKS";
SSLContext sslContext = null;
try {
//取得SSL的SSLContext实例
sslContext = SSLContext.getInstance(client_agreement);
//取得TrustManagerFactory的X509密钥管理器实例
TrustManagerFactory trustManager = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
//取得BKS密库实例
KeyStore tks = KeyStore.getInstance(client_trust_keystore);
InputStream is = context.getResources().openRawResource(R.raw.server);
try {
tks.load(is, client_trust_password.toCharArray());
} finally {
is.close();
}
//初始化密钥管理器
trustManager.init(tks);
//初始化SSLContext
sslContext.init(null, trustManager.getTrustManagers(), null);
} catch (Exception ex) {
ex.printStackTrace();
LogUtils.dTag("SslContextFactory", ex.getMessage());
}
return sslContext.getSocketFactory();
}
/**
* 获取HostnameVerifier.
*
* @return h
*/
public static HostnameVerifier getHostnameVerifier() {
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
if (s.equals(serverUrl)) {
return true;
}
return false;
}
};
return hostnameVerifier;
}
}
3)Retrofit 中的代码
//网络请求 Retrofit2
client = new OkHttpClient.Builder()
.connectTimeout(MAXTIME, TimeUnit.SECONDS)
.readTimeout(MAXTIME, TimeUnit.SECONDS)
.writeTimeout(MAXTIME, TimeUnit.SECONDS)
.addInterceptor(loggingInterceptor)
.sslSocketFactory(SslSocketClient.getSslSocketFactory(ActivityUtils.getTopActivity()))
.hostnameVerifier(SslSocketClient.getHostnameVerifier())
.addInterceptor(new RequestInterceptor())
.build();
关键代码:
.sslSocketFactory(SslSocketClient.getSslSocketFactory(ActivityUtils.getTopActivity()))
.hostnameVerifier(SslSocketClient.getHostnameVerifier())
网友评论