OkHttp使用Https(OkHttp版本3.8.1)
一、使用(4步搞定)
1.初始化OkHttpClient時設置sslSocketFactory,需要兩個參數。設置後即可訪問https
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(getSSLSocketFactory(), getTrustManager());
2.獲取信任庫getTrustManager()
// 獲取證書庫
KeyStore keystore = getKeyStore();
// 初始化信任庫工廠
TrustManagerFactory trustManagerFactory;
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keystore);
// 獲取信任庫
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
3.獲取證書庫getKeyStore()
private static KeyStore getKeyStore() throws Exception {
// 初始化證書
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
InputStream inputStream = App.instance.getAssets().open("client.cer");// 這裏導入SSL證書文件
Certificate cer = certificateFactory.generateCertificate(inputStream);
inputStream.close();
// 初始化證書庫,給證書庫設置證書
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, null); // 雙向驗證時使用
keystore.setCertificateEntry("trust", cer);
return keystore;
}
}
4.getSSLSocketFactory()
private static SSLSocketFactory getSSLSocketFactory() {
try {
// 獲取信任庫
X509TrustManager trustManager = getTrustManager();
// 初始化SSL上下文
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { trustManager }, null);
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
return sslSocketFactory;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
二、證書文件放在assets目錄下。
三、證書有自簽名證書和正式證書。自簽名證書是服務器的人用本地服務器的根證書自簽名的,證書驗證時會出現失敗。正式證書需要購買
1、使用自簽名證書時,要忽略證書驗證,即信任所有的證書。設置hostnameVerifier,重寫verify方法,返回true,即信任所有證書。默認的hHostnameVerifier對象,會驗證證書
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
2、正式證書的環境,根據服務器需求,可以只改url爲https,不爲設置sslSocketFactory,即可訪問服務器
查看源碼如何使用sslSocketFactory
/**源碼,有demo代碼*/
public Builder sslSocketFactory(
SSLSocketFactory sslSocketFactory, X509TrustManager trustManager) {...}
在訪問服務器成功後,獲取response中的header,傳入鍵值,即可獲取響應頭。需要全局保存這個header,再之後的每次網絡請求時都要添加header
Response response = call.execute();
response.header("app_token");//app_toekn響應頭的鍵值
Xutils3使用Https
一、使用
1.new請求參數,設置SslSocketFactory,一個參數。設置後即可訪問https
RequestParams params = new RequestParams(url);
params.setSslSocketFactory(sslContext.getSocketFactory());
2.獲取sslContext