最近发现在做https请求时,会报出SSL握手异常
javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException: Could not validate certificate signature.
仔细看了下,用HttpUrlConnection做https请求,应该是没有信任所有证书,导致请求失败的。
上网学习了一下,发现需要实现X509TrustManager接口创建一个证书,然后使用我们自己创建的信任管理器初始化SSLContext 对象。
private static void trustAllHosts() { TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public java.security.cert.X509Certificate[] getAcceptedIssuers() { return new java.security.cert.X509Certificate[] {}; } public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { Log.i("skyapp" , "checkClientTrusted" ); } public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { Log.i("skyapp" , "checkServerTrusted" ); } } }; try { SSLContext sc = SSLContext.getInstance("TLS" ); sc.init(null , trustAllCerts, new java.security.SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); } catch (Exception e) { e.printStackTrace(); } }
在我们HttpURLConnection调用openConnection之前,执行一下trustAllHosts方法,信任所有证书,即可正常进行https请求。
以上是HttpURLConnection类证书信任问题导致的https请求异常解决方案,而如果用到HttpClient的话,则需要另外的解决方法。
在HttpClient执行excute之前,执行以下语句即可
SSLSocketFactory.getSocketFactory().setHostnameVerifier( new AllowAllHostnameVerifier());