https OkHttpClient 的使用

最新推荐文章于 2023-10-17 10:32:51 发布
最新推荐文章于 2023-10-17 10:32:51 发布
阅读量3.2k 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/aicpzl/article/details/53883923
版权 
/*
 * Copyright (C) 2015 Square, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.cardvlaue.sys.util;

import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

import okhttp3.CertificatePinner;
import okio.Buffer;

public final class CustomTrust {

    public final X509TrustManager trustManager;
    public final SSLSocketFactory sslSocketFactory;

    public CustomTrust() {
        try {
            trustManager = trustManagerForCertificates(trustedCertificatesInputStream());
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, new TrustManager[]{trustManager}, null);
            sslSocketFactory = sslContext.getSocketFactory();
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    /**
     * Returns an input stream containing one or more certificate PEM files. This implementation just
     * embeds the PEM files in Java strings; most applications will instead read this from a resource
     * file that gets bundled with the application.
     */
    private InputStream trustedCertificatesInputStream() {
        String myCertificationAuthority = "" +
                "-----BEGIN CERTIFICATE-----\n" +
                "MIICuDCCAiGgAwIBAgIJAIs736cLbpTUMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV\n" +
                "BAYTAkNOMREwDwYDVQQIDAhTaGFuZ2hhaTERMA8GA1UEBwwIU2hhbmdoYWkxEjAQ\n" +
                "BgNVBAoMCWNhcmR2YWx1ZTESMBAGA1UECwwJY2FyZHZhbHVlMRgwFgYDVQQDDA93\n" +
                "d3cuY3ZiYW9saS5jb20wHhcNMTYxMTI5MDIyMzA2WhcNMTgxMTI5MDIyMzA2WjB1\n" +
                "MQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5n\n" +
                "aGFpMRIwEAYDVQQKDAljYXJkdmFsdWUxEjAQBgNVBAsMCWNhcmR2YWx1ZTEYMBYG\n" +
                "A1UEAwwPd3d3LmN2YmFvbGkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +
                "gQDN3qqFHz4cBw47OJ2EuY+I+eG+FtPg+obapM9YunHzIslP/ySOyb1Zec6LvxUQ\n" +
                "tJSbrM8FM1UEvWstDI6ZBZ6C62545oF0IS78PyvOBtJYRJY/x26LRUnlSDAoadJl\n" +
                "xVzThRc6VPhHugNVQQSt9WTzdzisA6uU+6dc3RAZkGSbQQIDAQABo1AwTjAdBgNV\n" +
                "HQ4EFgQUdESB48DPV3NnR4eQqt3gb008tzMwHwYDVR0jBBgwFoAUdESB48DPV3Nn\n" +
                "R4eQqt3gb008tzMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCZdkn3\n" +
                "xxn0lE2SKHE29zaMvSwOuzaVophRRGBiPH+h1BTL+Cf0ujzHyx3NVngHHXPxNWX8\n" +
                "ZgJRssytSVpdOY05Quw7G4CCyEg+6/RK/RBKluy6RcBkqedAqBbV2qw1wvRPDDGn\n" +
                "1mIVq+RRJDHXNTTI3nRfI6o+BpOojaTEKxG4gQ==\n" +
                "-----END CERTIFICATE-----";
        return new Buffer()
                .writeUtf8(myCertificationAuthority)
                .inputStream();
    }

    /**
     * Returns a trust manager that trusts {@code certificates} and none other. HTTPS services whose
     * certificates have not been signed by these certificates will fail with a {@code
     * SSLHandshakeException}.
     * <p>
     * <p>This can be used to replace the host platform's built-in trusted certificates with a custom
     * set. This is useful in development where certificate authority-trusted certificates aren't
     * available. Or in production, to avoid reliance on third-party certificate authorities.
     * <p>
     * <p>See also {@link CertificatePinner}, which can limit trusted certificates while still using
     * the host platform's built-in trust store.
     * <p>
     * <h3>Warning: Customizing Trusted Certificates is Dangerous!</h3>
     * <p>
     * <p>Relying on your own trusted certificates limits your server team's ability to update their
     * TLS certificates. By installing a specific set of trusted certificates, you take on additional
     * operational complexity and limit your ability to migrate between certificate authorities. Do
     * not use custom trusted certificates in production without the blessing of your server's TLS
     * administrator.
     */
    private X509TrustManager trustManagerForCertificates(InputStream in)
            throws GeneralSecurityException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in);
        if (certificates.isEmpty()) {
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");
        }

        // Put the certificates a key store.
        char[] password = "password".toCharArray(); // Any password will work.
        KeyStore keyStore = newEmptyKeyStore(password);
        int index = 0;
        for (Certificate certificate : certificates) {
            String certificateAlias = Integer.toString(index++);
            keyStore.setCertificateEntry(certificateAlias, certificate);
        }

        // Use it to build an X509 trust manager.
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
                KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, password);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("Unexpected default trust managers:"
                    + Arrays.toString(trustManagers));
        }
        return (X509TrustManager) trustManagers[0];
    }

    private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            InputStream in = null; // By convention, 'null' creates an empty key store.
            keyStore.load(in, password);
            return keyStore;
        } catch (IOException e) {
            throw new AssertionError(e);
        }
    }

}

/**
     * PHP 服务器
     * <p/>
     * 默认超时时间
     *
     * @return RequestService
     */
    static RequestService newJsonClient() {
        CustomTrust ct = new CustomTrust();
        OkHttpClient client = new OkHttpClient.Builder()
                .addInterceptor(chain -> {
                    Request request = chain.request().newBuilder()
                            .addHeader("X-CRM-Application-Id", RequestConstants.APPLICATION_ID)
                            .addHeader("X-CRM-Version", RequestConstants.VERSION)
                            .addHeader("Content-Type", RequestConstants.JSON_TYPE)
                            .build();
                    return chain.proceed(request);
                })
                .sslSocketFactory(ct.sslSocketFactory, ct.trustManager)
                .hostnameVerifier((s, sslSession) -> true)
                .build();

        Retrofit retrofit = new Retrofit.Builder()
                .baseUrl(RequestConstants.BASE_URL)
                .client(client)
                .addConverterFactory(FastJsonConvertFactory.create())
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                .build();

        return retrofit.create(RequestService.class);
    }

aicpzl
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Android Studio OkHttpClient使用教程详解
01-20
本次来记录下OkHttpClient使用OkHttpClient是用来完成android 客户端对服务端请求的工具。 首先记住,使用网络的时候一定要加入权限,加入到AndroidMainfest.xml中 ”android.permission.INTERNET”> 在初次...
Java通过OKHttp发送https请求(忽略认证)
chuyouyinghe的专栏
11-08 2649
封装: package gj.okhttp3; import okhttp3.OkHttpClient; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.security.KeyManagementException; import
OkHttp Https 证书忽略
专注Android ,直到世界尽头
12-28 1250
1、实现X509TrustManager 接口。2、创建Client 客户端时使用Trust。
okhttp使用https忽略证书验证
热门推荐
依旧00的专栏
05-24 2万+
X509TrustManager xtm = new X509TrustManager() { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) { } @Override
【android】Okhttp3信任所有证书设置
鸡排小农的博客
08-08 3820
okhttp信任所有证书,采用的是忽略https认证,自己构建一个x509认证,默认通过,再传到ssl配置工厂中,再用okhttpclient发送请求的时候就不会再报证书错误。
Android OkHttp信任所有证书
yangjunjin的博客
07-20 1210
一、创建OkHttpClient mOkHttpClient = new OkHttpClient.Builder() .retryOnConnectionFailure(false)//允许失败重试 .readTimeout(TIMEOUT, TimeUnit.SECONDS)//设置读取超时时间 .writeTimeout(TIMEOUT, TimeUnit.SECONDS)//设置写的超时时间 .connectTimeout(TIME
OkHttpClient依赖架包
07-16
okhttp_3.2.0的jar包,在eclipse和Android studio下使用okhttp需要依赖的jar包,同时也包含了使用okhttp需要依附的okio架包
关于Android Studio中使用OkHttpClient访问网络需要第三方模拟器的问题
09-14
在黑马程序员教材《Android移动应用开发基础案例教程》中,有一个仿美团项目案例,需要使用OkHttpClient访问网络,教材中说需要使用第三方模拟器,否则访问不到数据。实际上,在清单文件AndroidManifest.xml进行一定...
OkHttpMockTest:使用 MockWebServerRule 测试 OkHttpClient
07-04
OkHttpMockTest 使用 MockWebServerRule 测试 OkHttpClient。 @RunWith ( RobolectricTestRunner . class)public class ItemObservableTest { @Module ( injects = ItemObservableTest . class, includes = App...
Cordova-plugin-okhttp:用于使用 OkHttpClient 的 Cordova 插件
06-01
Cordova-plugin-okhttp 用于使用 OkHttpClient 的 Cordova 插件
Android okhttp https TrustManager简单总结
菜鸟博客
01-25 2908
okhttp源码解析中详细的分析了下其内部原理,现在就okhttp配置https的东东做一个简单的笔记。 网上查询的一些Okhttp中忽略HTTPS验证的代码如下所示。 TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X
android使用Okhttp发送https请求时信任所有证书
乐活青年的博客
08-29 3338
1、首先创建TrustAllCerts类,如下: package com.baicells.baiboss.api.safe; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import...
关于OKHttpHttps的认证问题(全部信任)
Gordongao的博客
10-28 1万+
亲测很管用,步骤如下: 1,新TrustAllcert类实现X509TrustManager接口: public class TrustAllCerts implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType
OkhttpHttps
chuyouyinghe的专栏
11-08 3075
引子: okhttp是一款开源的网络访问框架,支持http以及https的访问。 今天,我研究的是如何用 okhttp库 来访问https 的站点。 研究的结论先摆出来: 1)如果这个HTTPS站点,是经过了权威证书颁发机构CA的认证,那么你可以像访问普通HTTP那样来访问https。 2)如果这个HTTS站点,没有经过CA认证,那我们有两种方式来访问它。   其一,让okhttpClient信任所有的https,这是比较简单粗暴的做法。   其二,一个比较文艺的做法,下载该https站点的证
OkHttp配置HTTPS访问+服务器部署
氷泠
03-30 4441
1 概述 okhttp配置https访问,需要 2 OkHttp介绍 OkHttp是一款开源的处理网络请求的轻量级框架,有Square公司贡献,用于替代HttpUrlConnection与Apache HttpClient,目前Github上有36.4k的star.优点有 共享socket,HTTP/2支持所有连接到同一个主机的请求共享socket 连接池可以减少请求延迟 缓存响应数据减少重复的...
OkHttpClient进行Https请求(信任所有证书)
qq_25933249的博客
09-02 4298
//创建信任所有证书的OkHttpClient public static OkHttpClient getHttps() { OkHttpClient okHttpClient = new OkHttpClient.Builder() .hostnameVerifier(new HostnameVerifier() { @Override .
OKHttp实现Https请求
听海的博客
09-25 1万+
1.HTTPS定义 HTTPS全称为Hyper Text Transfer Protocol over Secure Socket Layer或是Hypertext Transfer Protocol Secure 中文含义为“超文本传输安全协议” 。是以安全为目标的HTTP通道。简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。...
OkHttpClient 发送https请求
最新发布
yangchuang11的博客
10-17 330
【代码】OkHttpClient 发送https请求。
OkHttphttps处理
VipPetergee的博客
07-13 1927
一、Https处理 1、简介 OkHttp试图平衡两个互相竞争的问题 1)连接数 支持连接基于BoringSSL和OpenSSL尽可能多的host地址 2)安全性 支持证书验证和数据传输加密 在进行HTTPS服务器的连接时,OkHttp 需要知道要提供哪些TLS 版本和加密组件。 想要实现最大化连接的客户端,会使用过时的 TLS 版本和弱性能加密组件。 想要最大限度提高安全性的客户端将仅限于最新的 TLS 版本和性能最强的加密组件 BoringSSL BoringSSL 是谷歌创建的
okhttpclient使用
08-18
- *1* *2* *3* [Okhttp使用详解](https://blog.csdn.net/sunqunsunqun/article/details/51661195)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值