因为最近公司的open api服务器访问协议换成了https,所以 android 在使用okhttp 走https 访问的时候遇到了证书信任的问题,
在这里把我走过的弯路记下来,一如既往的话不多说,上码:
OkHttpClient sClient = new OkHttpClient();
// 设置超时时间
sClient.setConnectTimeout(8000, TimeUnit.MILLISECONDS);
sClient.setReadTimeout(8000, TimeUnit.MILLISECONDS);
// 注册拦截器
sClient.interceptors().add(new BaseInterceptor(context));
第一种方式:
sClient.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
运行结果:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
11-26 11:17:57.264 17106-17268/com.dooioo.addressbook W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:410)
11-26 11:17:57.264 17106-17268/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
11-26 11:17:57.264 17106-17268/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
11-26 11:17:57.264 17106-1726
以失败告终!!!!!
经过多处查询后采用
第二种方案:
sClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
怀着侥幸的心理运行了一下
运行结果:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
11-27 16:18:54.417 16801-16946/com.dooioo.addressbook W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:410)
11-27 16:18:54.417 16801-16946/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
11-27 16:18:54.417 16801-16946/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
11-27 16:18:54.427 16801-16946/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connect(Connection.java:172)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:410)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectTls(Connection.java:235)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectSocket(Connection.java:199)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connect(Connection.java:172)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
11-27 16:18:54.427 16801-16946/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.Connection.connectAndSetOwner(Connection.java:367)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:128)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:328)
11-27 16:18:54.427 16801-16943/com.dooioo.addressbook W/System.err: at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:245)
同样还是以失败而告终呢,这下怎么办呢,总不能说部解决吧,只好硬着头皮继续找资料
最终的解决方案:
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}}, new SecureRandom());
sClient.setSslSocketFactory(sc.getSocketFactory());
sClient.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
最终解决问题,成功信任所有证书!!!!
当然了,这个最好是用在开发环境上,正式环境的证书信息,最好不要用这种全部信任的方式,不然https 就形同虚设了……
对应的问题请移步>>>>>>>>>Android https 信任