android Retrofit 配置https证书

最新推荐文章于 2024-08-27 11:30:29 发布
最新推荐文章于 2024-08-27 11:30:29 发布
阅读量2.4k 收藏 2
点赞数 1
分类专栏: 日记 工作总结 文章标签: retrofit2.0 https ssl android ca证书
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/csdn_loveQingQing/article/details/106829408
版权

使用环境:

       1 不愿项目数据外泄使用了https,

       2 讲cer证书转换成了bks文件,并存放只assets文件下

       3 

       if ( 联网方法不是retrofit  2.0 以上){

            return;

       }

       其他没什么限制,这篇也就是特例特讲。

使用方法:

  OkHttpClient sOkHttpClient = new OkHttpClient.Builder()
                .cookieJar(new CookieJarImpl(new PersistentCookieStore(Utils.getContext())))
                .addInterceptor(new BaseInterceptor(headers))
                .addInterceptor(new CacheInterceptor(Utils.getContext()))
                .addInterceptor(new LoggingInterceptor
                        .Builder()//构建者模式
                        .loggable(BuildConfig.DEBUG) //是否开启日志打印
                        .setLevel(Level.BASIC) //打印的等级
                        .log(Platform.INFO) // 打印类型
                        .request("Request") // request的Tag
                        .response("Response")// Response的Tag
                        .addHeader("log-header", "I am the log request header.") // 添加打印头, 注意 key 和 value 都不能是中文
                        .build()
                )
                .connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .connectionPool(new ConnectionPool(3, 2, TimeUnit.MINUTES))
                .build();

        HostnameVerifier hv1 = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        //通过反射拿到okhttpClient 对象,给sslParams的SSLSocketFactory赋值
        String workerClassName = "okhttp3.OkHttpClient";
        try {
            Class workerClass = Class.forName(workerClassName);
            Field hostnameVerifier = workerClass.getDeclaredField("hostnameVerifier");
            hostnameVerifier.setAccessible(true);
            hostnameVerifier.set(sOkHttpClient, hv1);
                
            Field sslSocketFactory = workerClass.getDeclaredField("sslSocketFactory");
            sslSocketFactory.setAccessible(true);
            //主要就是这一步
            //utils.getContext() 就是当前上下文对象
            //SSLSocketFactoryUtils代码在下面            sslSocketFactory.set(sOkHttpClient,SSLSocketFactoryUtils.getSSLSocketFactory(Utils.getContext()));
        } catch (Exception e) {
            e.printStackTrace();
        }

        retrofit = new Retrofit.Builder()
                .addConverterFactory(GsonConverterFactory.create())
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                .baseUrl(url)
                .client(sOkHttpClient)
                .build();

SSLSocketFactoryUtils代码:


public class SSLSocketFactoryUtils {

    /**
     * 获取bks文件的sslsocketfactory
     *
     * @param context
     * @return
     */
    public static SSLSocketFactory getSSLSocketFactory(Context context) {
        final String CLIENT_TRUST_PASSWORD = "123456";//信任证书密码,该证书默认密码是123456
        final String CLIENT_AGREEMENT = "TLS";//使用协议
        final String CLIENT_TRUST_KEYSTORE = "BKS";
        SSLContext sslContext = null;
        try {
            //取得SSL的SSLContext实例
            sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);
            //取得TrustManagerFactory的X509密钥管理器实例
            TrustManagerFactory trustManager = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            //取得BKS密库实例
            KeyStore tks = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
            InputStream is = context.getResources().openRawResource(R.raw.shiqin);
            try {
                tks.load(is, CLIENT_TRUST_PASSWORD.toCharArray());
            } finally {
                is.close();
            }
            //初始化密钥管理器
            trustManager.init(tks);
            //初始化SSLContext
            sslContext.init(null, trustManager.getTrustManagers(), null);
            LogUtils.e("携带证书发送请求");
        } catch (Exception e) {
            e.printStackTrace();
            LogUtils.e("证书解析出问题");
            Log.e("SslContextFactory-->", e.getMessage());
        }
        return sslContext.getSocketFactory();
    }

}

 

集成报错:

​​​​Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:319)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:283)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:168)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.logging.LoggingInterceptor.intercept(LoggingInterceptor.java:75)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.CacheInterceptor.intercept(CacheInterceptor.java:31)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.BaseInterceptor.intercept(BaseInterceptor.java:32)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.RealCall.execute(RealCall.java:92)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:180)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.adapter.rxjava2.CallExecuteObservable.subscribeActual(CallExecuteObservable.java:42)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Observable.subscribe(Observable.java:12246)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.adapter.rxjava2.BodyObservable.subscribeActual(BodyObservable.java:34)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Observable.subscribe(Observable.java:12246)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:578)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.lang.Thread.run(Thread.java:764)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err: 	... 42 more

是的,就是这个报错:SSLHandshakeException

自此开始百度:

https://www.jianshu.com/p/64172ccfb73b

https://www.jianshu.com/p/995c0c7c8875

……

很多,但依然无效。

偶然一片博客指出retrofit 2.0以上,重写SSLContext的SSLSocketFactory  和TrustManager是无效的,

只能通过反射原理是retrofit默认信任全部证书。

至此,降低了retorfit的版本为1.9,在这个基础上使用其他常规的方法重写SSLSocketFactory就可以实现抓包时抓不到联网交互数据。

常规防范很多,retrofit 2.0版本也更新了不少东西,相比较以前更好用了很多。希望有关于retrofit2.0以上版本的cer证书配置方法更早接触…

 

更多讨论欢迎来询: 88627109

 

 

 

 

 

 

 

 

 

 

shability_X
关注
专栏目录
Retrofit中如何正确的使用https
Floating Cat
09-24 3万+
很多文章对客户端https的使用都是很模糊的,不但如此,有些开发者直接从网上拷贝一些使用https的“漏洞”代码,无形之中让客户端处在一种高风险的情况下。今天我们就对有关https使用的问题进行深入的探讨,希望能解决以往的困惑。对于https,需要了解其工作原理的可以参考https是如何工作的?,更多关于https的问题我会站在客户端的角度在后面陆陆续续的写出来。证书锁定 简介首先来说说什么是证书
Android 使用retrofit方式请求https信任手机所有CA证书
qq_57440341的博客
04-20 1040
Android 使用retrofit方式请求https信任手机所有CA证书 请求示例代码片段如下所示: ` /** * 自定义SSLSocket, 忽略验证客户端和服务端证书。 * @return * @throws Exception */ private static SSLSocketFactory getSSLSocketFactory() throws Exception { final TrustManager[] trustAllCerts = new TrustManage
网络请求RetrofitAndroid开发)
m0_73771815的博客
06-15 424
Retrofit是对http网络请求框架的封装,一般由okhttp来负责网络请求,retrofit对请求接口进行封装。retrofit通过接口和注解来描述我们的网络请求,然后通过client去调用okhttp框架,通过addConverterFactory来实现对返回的json数据进行处理,转换成我们需要的数据类型 ,可以理解为okhttp的加强版,底层封装了Okhttp。本文将以Retrofit为例,因为它结合了OkHttp的优势,并且提供了更加优雅的API设计。
【uniapp】Trust anchor for certification path not found. 找不到证书路径的信任锚。临时应急解决方案
最新发布
qq_36687211的博客
08-27 683
跳过证书验证(具有一定的风险,仅作为临时应急处理)在request.js接口废止中配置。联系相关人员更换证书版本。证书修改过,颁发者不同。
Android开发 - Retrofit 2 使用自签名的HTTPS证书进行API请求
weixin_34401479的博客
10-19 213
为了确保数据传输的安全,现在越来越多的应用使用Https的方式来进行数据传输,使用https有很多有点,比如: HTTPS协议是由SSL+HTTP协议构建的可进行加密传输、身份认证的网络协议,要比http协议安全,可防止数据在传输过程中不被窃取、改变,确保数据的完整性。 HTTPS是现行架构下最安全的解决方案,虽然不是绝对安全,但它大幅增加了中间人攻击的成本。 但是即使使用HTTPS有很多有点...
android Retrofit 使用 HTTPS
ff_hh的博客
04-19 1804
   创建 OkHttpClient 配置基本信息private static OkHttpClient okHttpClient = new OkHttpClient.Builder() .writeTimeout(TIMEOUT, TimeUnit.SECONDS) //配置SSlSocketFactory .sslSocketFactory(S...
android retrofit https,android – 如何在Retrofit中使用ssl证书进行https请求
weixin_33764387的博客
05-27 321
我有一个.p12证书文件,我使用SSL Converter将其转换为.pem证书文件.然后我在我的android代码中使用那个pem证书文件,如下所示:OkHttpClient okHttpClient = new OkHttpClient();try {CertificateFactory cf = CertificateFactory.getInstance("X.509");InputStr...
Android Retrofit网络请求https处理
pwbqpwbq的博客
12-15 1134
因为Retrofit本身的okhttp不能直接请求证书不安全的https,若加了SSL证书的话,可用以下方法解决: 第一步:下载jar包 jdk默认情况下是不支持BKS证书格式,需要额外下载jar包,具体步骤如下: 1、下载jar包,下载地址 https://www.bouncycastle.org/download/bcprov-ext-jdk15on-154.jar 2、将下载好的bcprov-ext-jdk15on-154.jar复制到%JDK_HOME%\jre\lib\ext下 3、用文
Android Okhttp请求https配置信任证书
Chen_xiaobao的博客
08-17 1822
Android Okhttp请求https配置信任证书
Android HTTPS 自制证书实现双向认证(OkHttp + Retrofit + Rxjava)
2401_84123357的博客
04-28 721
try {// 服务器端需要验证的客户端证书,其实就是客户端的keystore// 客户端信任的服务器端证书//读取证书//加载证书//初始化SSLContext} catch (KeyStoreException e) {…}//省略各种异常处理,请自行添加。
Android-retrofit2极简封装极简接入
08-13
retrofit2 极简封装,极简接入
Retrofit添加认证支持.zip
10-10
Retrofit添加认证支持.zip,在改造的基础上构建的库,用于简单地处理经过身份验证的请求
Android Retrofit HTTPS 单向认证 双向认证
06-12 3337
由于最近要做一个安全性比较高的项目,因此需要用到HTTPS进行双向认证。客户端基于Retrofit + Rxjava+EventBus来实现
retrofit自签名证书
maqingbin8888的专栏
10-30 318
利用证书自签名发送 public class WxConfiguration implements ResourceLoaderAware @Setter private ResourceLoader resourceLoader; ------------------- @Bean WxPayApi wxPayApi(WxPayConfig config, WxPayCod...
retrofit遇上https自签名证书
wusj的博客
01-09 434
转载自: https://blog.csdn.net/u013768203/article/details/72874242 最近来了家新公司,后台设计在非线上环境用自签名证书,线上环境用CA证书,然后发了份.cer公钥给我.让我在客户端处理一下. 我查了很多博客,只言片语的, HTTPS的流程也比较长, 今天调试好了,贴出连续的代码给大家看一下. https有2种情况 单向验证...
Retrofit使用https
小天花藏
12-28 256
最近CTO使用第三方app评测工具检测到项目中没有使用https。接口的请求地址都是https的只是都设置了忽略证书证书 在PC上https证书是cer格式,但是Android的似乎不支持,反正我使用cer的证书报了"Trust anchor for certification path not found"这个错误。网上看到有人将cer证书转换成bks证书问题就完美解决了。 BKS证书制作...
Retrofit支持https
zzqFive的博客
11-22 523
android retrofit https
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值