本文使用方法源自于网络,具体获取位置不详,写此以记于使用。
1.使用提前准备好的自定义证书形式。证书以.bks后缀,可以使用bcprov-jdk15on-xxx.jar进行转换,该文件下载后放于jdk的jdk1.8.0_131\jre\lib\ext目录下。转换方法:
使用:
public class SslContextFactory {
private static final String CLIENT_TRUST_PASSWORD = "xxxxx";//证书密码,转换生成时输入的
private static final String CLIENT_AGREEMENT = "TLS";//使用协议
private static final String CLIENT_TRUST_MANAGER = "X509";
private static final String CLIENT_TRUST_KEYSTORE = "BKS";
private SSLContext sslContext = null;
public SSLContext getSslSocket(Context context) {
try {
//取得SSL的SSLContext实例
sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);
//取得TrustManagerFactory的X509密钥管理器实例
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER);
//取得BKS密库实例
KeyStore tks = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
InputStream is = context.getResources().openRawResource(R.raw.key);
try {
tks.load(is, CLIENT_TRUST_PASSWORD.toCharArray());
} finally {
is.close();
}
//初始化密钥管理器
trustManagerFactory.init(tks);
//初始化SSLContext
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
} catch (Exception e) {
Log.e("SslContextFactory", e.getMessage());
}
return sslContext;
}
}
SSLSocketFactory sslSocketFactory = new SslContextFactory().getSslSocket(context).getSocketFactory();
okHttpClient = new OkHttpClient.Builder().sslSocketFactory(sslSocketFactory).build();
public <T> T buildService(String baseUrl, Class<T> service) {
Retrofit retrofit = new Retrofit.Builder()
.baseUrl(baseUrl)
.client(okHttpClient)
.addCallAdapterFactory(RxJavaCallAdapterFactory.create())
.addConverterFactory(GsonConverterFactory.create())
.build();
return retrofit.create(service);
}
给okhttp自定义验证规则
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;//通过所有验证(正式环境勿这样使用)
}
})