okhttp3證書解決方式

使用okttp3訪問https時不配置證書或者忽略證書會報錯:

java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

可以采用兩種方式:
第一種:根據自己的證書服務器來配置,達到一對一的效果,每個商業app都應該有自己的證書設置,這樣能保證訪問的安全性。
第二種:在okhttp中設置信任所有證書

今天介紹第二種,具體方式采用下面的工具類:

public class RxUtils {

@SuppressLint("TrulyRandom")
public static SSLSocketFactory createSSLSocketFactory() {
    SSLSocketFactory sSLSocketFactory = null;
    try {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, new TrustManager[]{new TrustAllManager()},
                new SecureRandom());
        sSLSocketFactory = sc.getSocketFactory();
    } catch (Exception ignored) {
    }
    return sSLSocketFactory;
}

public static class TrustAllManager implements X509TrustManager {
    @SuppressLint("TrustAllX509TrustManager")
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
    }

    @SuppressLint("TrustAllX509TrustManager")
    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType)
            throws CertificateException {
    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}

public static class TrustAllHostnameVerifier implements HostnameVerifier {
    @SuppressLint("BadHostnameVerifier")
    @Override
    public boolean verify(String hostname, SSLSession session) {
        return true;
    }
 }
}

在okhttp中配置:

private void initOkHttpClient() {
    if (mOkHttpClient == null) {
        synchronized (this) {
            if (mOkHttpClient == null) {
                OkHttpClient.Builder builder = new OkHttpClient.Builder();
                HttpLoggingInterceptor loggingInterceptor =
                        new HttpLoggingInterceptor((message) -> Logger.i(message));
                loggingInterceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
                mOkHttpClient= builder.addInterceptor(loggingInterceptor)
                        .addInterceptor(new DefaultHeaderInterceptor())
                        .connectTimeout(TIME_OUT, TimeUnit.SECONDS)
                        .readTimeout(TIME_OUT, TimeUnit.SECONDS)
                        .writeTimeout(TIME_OUT, TimeUnit.SECONDS)
                        .sslSocketFactory(RxUtils.createSSLSocketFactory())
                        .hostnameVerifier(new RxUtils.TrustAllHostnameVerifier())
                        .retryOnConnectionFailure(true).build();
            }
        }
    }

}

或者kotlin:

 val client = OkHttpClient.Builder()
                            .addInterceptor(interceptor)
                            .addInterceptor(HeadInterceptor())
                            .retryOnConnectionFailure(true)
                            .connectTimeout(5, TimeUnit.SECONDS)
                            .readTimeout(600, TimeUnit.SECONDS)
                            .writeTimeout(600, TimeUnit.SECONDS)
                            .hostnameVerifier( RxUtils.TrustAllHostnameVerifier())
                            .sslSocketFactory(RxUtils.createSSLSocketFactory(), TrustAllCerts())
                            .retryOnConnectionFailure(true)
                            .build()




class TrustAllCerts : X509TrustManager {
    @SuppressLint("TrustAllX509TrustManager")
    override fun checkClientTrusted(chain: Array<X509Certificate>, authType: String) {
    }

    @SuppressLint("TrustAllX509TrustManager")
    override fun checkServerTrusted(chain: Array<X509Certificate>, authType: String) {
    }

    override fun getAcceptedIssuers(): Array<X509Certificate?> {
        return arrayOfNulls(0)
    }
}

完成 ! 記住okhttp3以前返回值是有區別的

最后編輯于
?著作權歸作者所有,轉載或內容合作請聯系作者
平臺聲明:文章內容(如有圖片或視頻亦包括在內)由作者上傳并發布,文章內容僅代表作者本人觀點,簡書系信息發布平臺,僅提供信息存儲服務。

推薦閱讀更多精彩內容