Okhttp3 配置Https访问(使用PKCS12)证书

STEP 1 放置证书文件

将PKCS12证书和相关的trustStore文件放置在res/raw目录下

STEP2 创建自定义SSLFactory

import android.content.Context;import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;/*** 类名称： MineSSLFactory 
* 类描述： 
* 创建人： Lincoln 
* 修改人： Lincoln 
* 修改时间： 2017年03月29日 16:11
* 修改备注： 
** @version 1.0.0 
*/
public class MineSSLFactory {private static final String KEY_STORE_TYPE_BKS = "bks";//证书类型private static final String KEY_STORE_TYPE_P12 = "PKCS12";//证书类型private static final String KEY_STORE_PASSWORD = "***";//证书密码（应该是客户端证书密码）private static final String KEY_STORE_TRUST_PASSWORD = "***";//授信证书密码（应该是服务端证书密码）public static SSLSocketFactory getSocketFactory(Context context) {InputStream trust_input = context.getResources().openRawResource(R.raw.client_trust);//服务器授信证书InputStream client_input = context.getResources().openRawResource(R.raw.client);//客户端证书try {SSLContext sslContext = SSLContext.getInstance("TLS");KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());trustStore.load(trust_input, KEY_STORE_TRUST_PASSWORD.toCharArray());KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);keyStore.load(client_input, KEY_STORE_PASSWORD.toCharArray());TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());trustManagerFactory.init(trustStore);KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());keyManagerFactory.init(keyStore, KEY_STORE_PASSWORD.toCharArray());sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());SSLSocketFactory factory = sslContext.getSocketFactory();return factory;} catch (Exception e) {e.printStackTrace();return null;} finally {try {trust_input.close();client_input.close();} catch (IOException e) {e.printStackTrace();}}}
}

STEP3 将自定义的SSLFactory加载到OKhttpClient中

new OkHttpClient.Builder().addNetworkInterceptor(interceptor).addNetworkInterceptor(cacheInterceptor).addNetworkInterceptor(new StethoInterceptor())//将自定义SSLFactory加载到OKhttpClient,context对象就是Android 系统中常用的那个
.sslSocketFactory(HospitalSSLFactory.getSocketFactory(context)).retryOnConnectionFailure(true)//此处将hostnameVerifier 验证关闭掉,会使SSL的安全性降低,如果想要使用这个验证,请不要使用私签证书,注释掉下面这段代码,运行体验一下.hostnameVerifier((hostname, session) -> true).connectTimeout(50, TimeUnit.SECONDS).writeTimeout(50, TimeUnit.SECONDS).readTimeout(30, TimeUnit.SECONDS).build();

以上代码配置完成后,只需要将Http协议换成Https协议即可使用.

本文来自互联网用户投稿，文章观点仅代表作者本人，不代表本站立场，不承担相关法律责任。如若转载，请注明出处。 如若内容造成侵权/违法违规/事实不符，请点击【内容举报】进行投诉反馈！