吼吼~又是周一了,抽个空在这了写下上周的配置HTTPS的笔记,在Android的网络开发当中目前主流的网络请求框架无非是Retrofit,现在已经2.0版本了,配合RXJava的异步 编程更是完美的结合。
前段时间因为业务需要将项目的请求方式更换成HTTPS(相比较于传统的HTTP一种更加安全的网络传输协议,需要在客户端中添加特定的SSL证书)。
开始:
Retrofit默认使用的请求客户端是OkHttpClient, 因此,HTTPS的配置就交给了OkHttpClient 。我们需要给OkHttpClient添加SSLSocketFactory。
1.首先当然是证书啦,我们需要将对应的后缀为 .cer 证书文件导入到项目工程的资源目录下,在这里我放在了raw的资源下(ssl_support.cer文件),其他资源目录也可以哒嘿嘿~,比如assets路径下。
2.自定义请求客户端代码getOkHttpClient()方法:
public synchronized OkHttpClient getOkHttpClient() { if (okHttpClient == null) { ClearableCookieJar cookieJar = new PersistentCookieJar(new SetCookieCache(), new SharedPrefsCookiePersistor(TJApp.getIns())); HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor(); interceptor.setLevel(HttpLoggingInterceptor.Level.BODY); okHttpClient = new OkHttpClient.Builder() .sslSocketFactory(TJSSLUtil.getSSLSocketFactory()) //具体的实现在最后贴出代码 .addInterceptor(interceptor) .cookieJar(cookieJar) .build(); } return okHttpClient; }
3.将客户端设置到Retrofit的初始化当中去:
Retrofit retrofit = new Retrofit.Builder() .baseUrl(ApiCst.ROOT_URL) //你的HTTPS URL统一请求头地址 .client(TJApp.getIns().getOkHttpClient()) .addCallAdapterFactory(RxJavaCallAdapterFactory.create()) .addConverterFactory(GsonConverterFactory.create()) .build();
4.获取getSSLSocketFactory()方法的具体实现:
private static final String CLIENT_AGREEMENT = "TLS";//使用协议 private static final String CLIENT_TRUST_MANAGER = "X.509"; //SSL加密 private static final String CLIENT_TRUST_KEYSTORE = "BKS"; //证书类型 private static final int[] CERTIFICATES = {R.raw.ssl_support}; //证书资源的ID /** * * @return */ public static SSLSocketFactory getSSLSocketFactory() { CertificateFactory certificateFactory; SSLContext sslContext = null; try { certificateFactory = CertificateFactory.getInstance(CLIENT_TRUST_MANAGER); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); for (int i = 0; i < CERTIFICATES.length; i++) { InputStream certificate = TJApp.getIns().getResources().openRawResource(CERTIFICATES[i]); keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate)); if (certificate != null) { certificate.close(); } } sslContext = SSLContext.getInstance(CLIENT_AGREEMENT); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); } catch (Exception e) { LogUtils.e("SslContextFactory", e.getMessage()); } return sslContext.getSocketFactory(); }
到这里为止,通过以上的简单配置就可以完成Retrofit中HTTPS的请求了。
PS:在项目中更换HTTPS可能会有第三方的一些SDK, 类似于百度,新浪,七牛等等,可能需要另行自己做好相应的网络请求适配支持。