1 .运维工程师从阿里云导出的证书.
服务器端证书
客户端证书
如果不清楚每种证书是干什么用的可以自己查查.https://www.chinassl.net/ssltools/convert-ssl.html
2.转换证书
服务器端证书里我们需要214410367490223.pfx,pfx类型的证书是携带私钥的,我们需要转换成cer类型把私钥删除.
我用的是linux系统,windwos安装openssl可以参考http://blog.csdn.net/leiwuxing/article/details/51692547
server.cer生成后再把它转成bks,这里就需要一个jar包工具bcprov-jdk16-141.jar,参考和下载http://www.itkeyword.com/doc/8039243769809676x164/openssl-c++-ca
到这里服务器端的证书就转换完成了.
因为给的客户端证书里有我们需要的格式(client.p12),所以就不要转换了.
3.把server.bks和client.p12放到项目的assets目录下
4.代码设置
public class SSL {
private final static String SERVER_PFX_PASSWORD = "214410367490223";
private final static String CLIENT_P12_PASSWORD = "koAe5h8F";
public static SSLSocketFactory getSSLSocketFactory(Context context) {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(getKeyManagerFactory(context).getKeyManagers(), getTrustManagerFactory(context).getTrustManagers(), null);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
return sslContext != null ? sslContext.getSocketFactory() : null;
}
/**
*client端
* @param context
* @return
*/
public static KeyManagerFactory getKeyManagerFactory(Context context){
KeyStore keyStore = null;
KeyManagerFactory keyManagerFactory = null;
try {
keyStore = KeyStore.getInstance("PKCS12");
InputStream ksIn = context.getAssets().open("client.p12");
keyStore.load(ksIn, CLIENT_P12_PASSWORD.toCharArray());
ksIn.close();
keyManagerFactory = KeyManagerFactory.getInstance("X509");
keyManagerFactory.init(keyStore, CLIENT_P12_PASSWORD.toCharArray());
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return keyManagerFactory;
}
/**
*server端
* @param context
* @return
*/
public static TrustManagerFactory getTrustManagerFactory(Context context){
KeyStore trustStore = null;
TrustManagerFactory trustManagerFactory = null;
try {
trustStore = KeyStore.getInstance("bks");
InputStream tsIn = context.getAssets().open("server.bks");
trustStore.load(tsIn, SERVER_PFX_PASSWORD.toCharArray());
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return trustManagerFactory;
}
}
OkHttpClient okHttpClient = new OkHttpClient.Builder() .readTimeout(31000, TimeUnit.MILLISECONDS) .connectTimeout(31000, TimeUnit.MILLISECONDS) .addInterceptor(interceptor)//增加这个会导致CountingRequestBody执行两次 .addInterceptor(new MInterceptor()) .cache(cache) .build();
这时候请把域名前面改成https.