webview.setWebViewClient(new WebViewClient() {
@Override
public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
if (error.getPrimaryError() == SslError.SSL_DATE_INVALID // 日期不正确
|| error.getPrimaryError() == SslError.SSL_EXPIRED // 日期不正确
|| error.getPrimaryError() == SslError.SSL_INVALID // webview BUG
|| error.getPrimaryError() == SslError.SSL_UNTRUSTED) { // 根证书丢失
if (chkMySSLCNCert(error.getCertificate())) {
handler.proceed(); // 如果证书一致,忽略错误
}
}
}
private boolean chkMySSLCNCert(SslCertificate cert) {
byte[] MySSLCNSHA256 = { 35, 76, 110, -121, -68, -104, -12, 84, 39, 119, -55,
101, 95, -8, -90, 9, 36, -108, 5, -57, 76, -98, -19, -73, 91, -37, 18,
64, 32, -41, 0, 109 }; //证书指纹
Bundle bundle = SslCertificate.saveState(cert);
byte[] bytes = bundle.getByteArray("x509-certificate");
if (bytes != null) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate ca = cf.generateCertificate(new ByteArrayInputSteam(bytes));
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] Key = sha256.digest(((X509Certificate) ca).getEncoded());
return Arrays.equals(key, MySSLCNSHA256);
} catch (Exception Ex) {}
}
return false;
}
}
取消
评论