Android低版本(4.4)okhttp 网络适配

已于 2023-11-26 12:33:53 修改
阅读量2.3k 收藏 17
点赞数 23
文章标签: okhttp 网络
于 2023-11-26 12:28:08 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_54087854/article/details/134625241
版权

目录

访问网络时,出现错误:

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7eabc88: Failure in SSL library, usually a protocol error    error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version (external/openssl/ssl/s23_clnt.c:741 0xa4fb8d5c:0x00000000)

SSLSocket的setEnabledProtocols配置支持TLSv1.1,TLSv1.2协议

错误:java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

可以给客户端安装证书

除了给客户端安装证书外,还有其他的解决办法

1、忽略所有证书验证

2、自定义对证书验证(需要将证书提前放到assert文件夹中)

访问网络时,出现错误:

javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0xb7eabc88: Failure in SSL library, usually a protocol error
    error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version (external/openssl/ssl/s23_clnt.c:741 0xa4fb8d5c:0x00000000)

通过Https通信,客户端与服务端在SSL/TLS层建立安全连接前,涉及到版本协商过程。

Android 4.4默认支持的SSL/TLS版本是SSLv3(1996发布,2015弃用),TLSv1(1996发布)。但TLSv1.1,TLSv1.2(主流)实际上也是在其支持范围内的,需要人为去配置。

SSLSocketsetEnabledProtocols配置支持TLSv1.1,TLSv1.2协议

在okhttp中,建立Tls连接,创建套接字是通过SSLSocketFactory实现的,重写SSLSocketFactory,通过SSLSocketsetEnabledProtocols(String protocols[]),使其支持TLSv1.1,TLSv1.2。最后将其设置给OkHttpClient

SSLSocketFactory factory = new SSLSocketFactoryCompat(context);

// okhttpClient的builder
builder.sslSocketFactory(factory);
public class SSLSocketFactoryCompat extends SSLSocketFactory{
    private static final String[] TLS_V12_ONLY = {"TLSv1.2"};

    private final SSLSocketFactory delegate;

    public SSLSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException {
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, null, null);
        delegate = sc.getSocketFactory();
    }

    public SSLSocketFactoryCompat(SSLSocketFactory delegate) {
        if (delegate == null) {
            throw new NullPointerException();
        }
        this.delegate = delegate;
    }

    @Override
    public String[] getDefaultCipherSuites() {
        return delegate.getDefaultCipherSuites();
    }

    @Override
    public String[] getSupportedCipherSuites() {
        return delegate.getSupportedCipherSuites();
    }

    private Socket enableTls12(Socket socket) {
        if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 20) {
            if (socket instanceof SSLSocket) {
                ((SSLSocket) socket).setEnabledProtocols(TLS_V12_ONLY);
            }
        }
        return socket;
    }

    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        return enableTls12(delegate.createSocket(s, host, port, autoClose));
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException {
        return enableTls12(delegate.createSocket(host, port));
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
        return enableTls12(delegate.createSocket(host, port, localHost, localPort));
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        return enableTls12(delegate.createSocket(host, port));
    }

    @Override
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        return enableTls12(delegate.createSocket(address, port, localAddress, localPort));
    }
}

然而,通过上述配置后,有些url还是无法访问,会出现

错误:java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

这里我遇到的问题是客户端没有对应的根CA证书导致的

可以给客户端安装证书

在浏览器网站上,输入在Android上访问出错的url,点击链接-连接-证书有效-详细信息,证书链汇中选择最上面一个,导出根证书

导出后将文件传入Androidsd卡中,然后在设置中找到安装证书的选项。

或者,在代码中打开安装证书的设置

    /**
     * 安裝证书
     */
    public void installCert(Context context) {
        InputStream assetsIn = null;
        Intent intent = KeyChain.createInstallIntent();
        try {
            //获取证书流,注意参数为assets目录文件全名
            assetsIn = context.getAssets().open("a.cer");
            byte[] cert = new byte[10240];
            assetsIn.read(cert);
            javax.security.cert.X509Certificate x509 = null;
            try {
                x509 = javax.security.cert.X509Certificate.getInstance(cert);
                //将证书传给系统
                intent.putExtra(KeyChain.EXTRA_CERTIFICATE, x509.getEncoded());
            } catch (CertificateException e) {
                e.printStackTrace();
            }

        } catch (IOException e) {
            e.printStackTrace();
        }
        //此处为给证书设置默认别名,第二个参数可自定义,设置后无需用户输入
        intent.putExtra("name", "gz");
        startActivity(intent);
    }

  

安装成功后,尝试是否可以访问链接。

除了给客户端安装证书外,还有其他的解决办法

1、忽略所有证书验证

2、自定义对证书验证(需要将证书提前放到assert文件夹中)

改造一下SSLSocketFactory


import android.content.Context;
import android.os.Build;
import android.util.Log;

import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;


public class SSLSocketFactoryCompat extends SSLSocketFactory{
    private static final String[] TLS_V12_ONLY = {"TLSv1.1"};
    private static final String TAG = "TAG";

    private final SSLSocketFactory delegate;
    private X509TrustManager trustManager;
    private Context context;

    public SSLSocketFactoryCompat(Context context) throws KeyManagementException, NoSuchAlgorithmException {
        this.context = context;
        /*
            a.cer是浏览器导出的CA根证书(这里没有用到,另外一个解决方法 安装到设备中的)
            j.pem证书中存储了服务器的公钥等信息,并没有经过CA机构的加密,一般是由服务器导出
         */

//        delegate = getSslSocketFactoryTrustALL();
        delegate = getSslSocketFactorySpecificVerify();
    }

    // 默认创建代理方式
    private SSLSocketFactory getSslSocketFactoryDefault() throws NoSuchAlgorithmException, KeyManagementException {
        final SSLSocketFactory delegate;
        SSLContext sc = SSLContext.getInstance("TLS");
        sc.init(null, null, null);
        delegate = sc.getSocketFactory();
        return delegate;
    }

    // 自定义证书校验
    private SSLSocketFactory getSslSocketFactorySpecificVerify() throws KeyManagementException, NoSuchAlgorithmException {
        final SSLSocketFactory delegate;
        SSLContext sc = SSLContext.getInstance("TLS");

        // 自定义证书验证
        trustManager = new X509TrustManager() {

            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                if (chain == null || chain.length == 0) {
                    throw new CertificateException("checkServerTrusted: X509Certificate array is null");
                }

                if (!(null != authType && authType.equals("ECDHE_RSA"))) {
                    throw new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA");
                }
                //判断证书是否是本地信任列表里颁发的证书(系统默认的验证)
                try {
                    TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
                    factory.init((KeyStore) null);
                    for (TrustManager trustManager : factory.getTrustManagers()) {
                        ((X509TrustManager) trustManager).checkServerTrusted(chain, authType);
                    }
                    Log.i("TAG", "checkServerTrusted: 本地");
                    return;//用系统的证书验证服务器证书,验证通过就不需要继续验证证书信息;也可以注释掉,继续走自己的服务器证书逻辑
                } catch (Exception e) {
                    Log.i(TAG, "checkServerTrusted: " + e.getMessage());
                    e.printStackTrace();
                    //注意这个地方不能抛异常,用系统的证书验证服务器证书,没通过就用自己的验证规则
//                        throw new CertificateException(e);
                }

                //获取本地证书中的信息
                String clientEncoded = "";//公钥
                String clientSubject = "";//颁发给
                String clientIssUser = "";//颁发机构
                try (InputStream inputStream = getAssetFileInputStream(context, "j.pem")) {
                    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                    X509Certificate clientCertificate = (X509Certificate) certificateFactory.generateCertificate(inputStream);
                    clientEncoded = new BigInteger(1, clientCertificate.getPublicKey().getEncoded()).toString(16);
                    clientSubject = clientCertificate.getSubjectDN().getName();
                    clientIssUser = clientCertificate.getIssuerDN().getName();
                    Log.i("TAG", "clientEncoded: " + clientEncoded);
                    Log.i("TAG", "clientSubject: " + clientSubject);
                    Log.i("TAG", "clientIssUser: " + clientIssUser);

                } catch (Exception e) {
                    e.printStackTrace();
                    throw new CertificateException(e);
                }

                //获取网络中的证书信息
                X509Certificate certificate = chain[0];
                PublicKey publicKey = certificate.getPublicKey();
                String serverEncoded = new BigInteger(1, publicKey.getEncoded()).toString(16);

                if (!clientEncoded.equals(serverEncoded)) {
                    Log.i("TAG", "checkServerTrusted: server's PublicKey is not equals to client's PublicKey");
                    throw new CertificateException("server's PublicKey is not equals to client's PublicKey");
                }
                String subject = certificate.getSubjectDN().getName();
                if (!clientSubject.equals(subject)) {
                    Log.i("TAG", "checkServerTrusted: server's SubjectDN is not equals to client's SubjectDN");
                    throw new CertificateException("server's SubjectDN is not equals to client's SubjectDN");
                }
                String issuser = certificate.getIssuerDN().getName();
                if (!clientIssUser.equals(issuser)) {
                    Log.i("TAG", "checkServerTrusted: server's IssuerDN is not equals to client's IssuerDN");
                    throw new CertificateException("server's IssuerDN is not equals to client's IssuerDN");
                }
            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };

        sc.init(null, new TrustManager[]{trustManager}, new SecureRandom());
        delegate = sc.getSocketFactory();

        return delegate;
    }



    // 信任所有证书
    private SSLSocketFactory getSslSocketFactoryTrustALL() throws NoSuchAlgorithmException, KeyManagementException {
        final SSLSocketFactory delegate;
        trustManager = new X509TrustManager() {

            @Override
            public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            }

            @Override
            public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

            }

            @Override
            public X509Certificate[] getAcceptedIssuers() {
                Log.i("TAG", "getAcceptedIssuers: ");
                return new X509Certificate[0];
            }
        };
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
        delegate = sslContext.getSocketFactory();

        return delegate;
    }

    public SSLSocketFactoryCompat(SSLSocketFactory delegate) {
        if (delegate == null) {
            throw new NullPointerException();
        }
        this.delegate = delegate;
    }

    @Override
    public String[] getDefaultCipherSuites() {
        Log.i(TAG, "getDefaultCipherSuites: ");
        return delegate.getDefaultCipherSuites();
    }

    @Override
    public String[] getSupportedCipherSuites() {
        Log.i(TAG, "getSupportedCipherSuites: ");
        return delegate.getSupportedCipherSuites();
    }

    private Socket enableTls12(Socket socket) {
        Log.i(TAG, "enableTls12: ");
        if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 20) {
            if (socket instanceof SSLSocket) {
                ((SSLSocket) socket).setEnabledProtocols(TLS_V12_ONLY);
            }
        }
        return socket;
    }

    @Override
    public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
        Log.i(TAG, "createSocket: ");
        return enableTls12(delegate.createSocket(s, host, port, autoClose));
    }

    @Override
    public Socket createSocket(String host, int port) throws IOException {
        Log.i(TAG, "createSocket: ");
        return enableTls12(delegate.createSocket(host, port));
    }

    @Override
    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
        Log.i(TAG, "createSocket: ");
        return enableTls12(delegate.createSocket(host, port, localHost, localPort));
    }

    @Override
    public Socket createSocket(InetAddress host, int port) throws IOException {
        Log.i(TAG, "createSocket: ");
        return enableTls12(delegate.createSocket(host, port));
    }

    @Override
    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
        Log.i(TAG, "createSocket: ");
        return enableTls12(delegate.createSocket(address, port, localAddress, localPort));
    }
    private static InputStream getAssetFileInputStream(Context context, String assetsFileName) {
        try {
            return context.getAssets().open(assetsFileName);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }
}

半摆
关注
Android各版本的适配和兼容保姆级教程(万字长文持续更新)
大模型大数据攻城狮的专栏
10-29 559
Android系统自2008年首次发布以来,经历了多次重大升级,每个版本都有独特的代号和关键特性。以下是Android主要版本及其代号的简要概述:版本代号发布日期关键特性1.0无2008初始版本2.0Eclair2009改进UI和性能3.0Honeycomb2011针对平板优化4.02011统一手机和平板界面4.4KitKat2013引入“OK, Google”语音指令5.0Lollipop2014推出Material Design6.02015。
Android面试八股文】谈谈OkHttp框架的原理(深度剖析源码)
最新发布
字节卷动
07-13 905
OkHttp是一个开源的网络请求框架,由Square公司开发和维护,用于在 Android 和 Java 应用中发送和接收HTTP请求。Google在Android4.4以后开始将源码中的底层实现替换为OKHttp,同时现在流行的Retrofit框架底层同样是使用OKHttp的。它提供了简单而强大的API,支持同步和异步请求,并在性能和可扩展性方面表现优秀。主要特性和优势:支持 HTTP/2 和 SPDY。
Android 4.4 以下,OkHttp访问Https报错,设置了sslSocketFactory仍无效的解决方法
LittleFogCat的专栏
03-04 1780
Android4.4以下,使用OkHttp可能会报错:SSL handshake aborted: ssl=0x6b712c90: Failure in SSL library, usually a protocol error error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
okhttp3对Android5.0以下版本不兼容问题
m0_37735448的博客
10-28 4624
okhttp3对Android5.0以下版本不兼容问题 问题描述 Android5.0以下版本在使用okhttp3发送请求的时候会报如下错误 Exception Ljava/lang/IllegalStateException; thrown while initializing Lokhttp3/internal/platform/Platform; 原因调查 这是因为okhttp3支持的...
android 4.4 okhttp,Android开发之OkHttp3.4.x
weixin_42512103的博客
05-28 568
HTTP是现代应用程序访问网络的一种方式。网络中很多请求就是使用的http方式,来访问网络的。Android4.4开始,HttpUrlConnection开始使用okhttp作为底层实现。实现原理如下图:这篇博客简单说一下okhttp的使用。文字部分没有讲清楚的,可以查看代码里面的注释。首先看一下okHttp怎么工作的。首先我们看看一个okhttp完整的网络访问,都涉及到了那几个类(这里先说核心...
android 4.4 okhttp,android4.4之后的HttpUrlConnection的实现是基于okhttp
weixin_42149145的博客
05-28 305
transientURLStreamHandler handler;public URL(String spec) throwsMalformedURLException {this(null, spec);}publicURL(URL context, String spec, URLStreamHandler handler)throwsMalformedURLException{//.../...
Okhttp https Android 5.0 以下TLS 版本过低握手失败
xiaolongonly的博客
09-10 4467
异常如下: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x610df808: Failure in SSL library, usually a protocol error ...
OKHTTP Android 4.0+ 最低版本 3.13
vistaup的博客
08-11 504
Gradle OkHttp 4’s minimum requirements are Java 8+ and Android 5+. These requirements werefirst introducedwith OkHttp 3.13. from: https://square.github.io/okhttp/upgrading_to_okhttp_4/
OkHttp4.4及以下不支持TLS协议的解决方法
weixin_30268071的博客
09-18 789
错误信息如下: javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL handshake aborted: ssl=0x79f145b0: Failure in SSL library, usually a protocol error error:1407742E:SSL rou...
android4.4 ssl版本查看,OkHttp4.4及以下不支持TLS协议的解决方法
weixin_39620653的博客
05-26 1368
在做超理论坛app的过程中,遇到许多用户反馈在他们的手机上客户端不能访问网络,我问了他们的手机型号和Android系统版本,全部是5.0以下的,之后我自己运行API19(4.4)Android模拟器,也遇到了同样的错误。错误信息如下:javax.net.ssl.SSLHandshakeException: javax.net.ssl.SSLProtocolException: SSL hands...
Android4.4 API 源码
03-28
Android 4.4,也被称为KitKat,是Google在2013年推出的Android操作系统版本。这个版本的API源码提供了深入理解Android系统工作原理的机会,对于开发者来说是一份宝贵的资源。下面,我们将深入探讨Android 4.4 API...
android4.4 retrofit2 java.lang.NoSuchMethodError: com.google.gson.Gson.newJsonReader
qq_28673213的博客
09-16 784
W/System.err(11368): java.lang.NoSuchMethodError: com.google.gson.Gson.newJsonReader W/System.err(11368): at retrofit2.converter.gson.GsonResponseBodyConverter.convert(GsonResponseBodyConverter.java:37) W/System.err(11368): at retrofit2.converter.gson
AndroidokHttp攻略
Misdirection_XG的博客
01-31 542
最终获取response方法 httpCodec.openResponseBody(response)。httpCodec的实现有两个,Http1Codec 和 Http2Codec。Http1Codec,Http2Codec原理一样,内部就是通过Okio.buffer去请求网络。从以上代码可以看到,不管是同步请求还是异步请求,都涉及了拦截器链的处理,最终返回Response。链接:https://juejin.cn/post/7064596735795920904。作者:复制粘贴改改改。
android4.4之后的HttpUrlConnection的实现是基于okhttp
weixin_30622107的博客
12-11 290
首先看HttpUrlConnection使用 URL url = new URL("http://www.baidu.com"); HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); urlConnection.setRequestMethod("get"); urlConnection...
Android 不同机型兼容问题 Android vivo4.4版本对okhttp包兼容问题
简公子的博客
09-09 1736
1、Android vivo4.4版本对okhttp包兼容问题,报错:java.lang.ExceptionInInitializerError; 解决:原来的依赖为: implementation 'com.squareup.okhttp3:okhttp:4.0.1',调整为:implementation 'com.squareup.okhttp3:okhttp:3.12.0'; 兼容问题,...
Android OkHttp(一)初识
程序员七哥
10-18 2756
目前在Android开发中,开源的网络请求框架有Android-async-http  ,Volley,Okhttp等,这几种框架都是市面上主流的,每种都有各自的优点。今天主要来看看Okhttp。之前的项目中没有使用过Okhttp,所以这篇文章也是自己对Okhttp的初步认识,如有错误,欢迎指出! 一、概述。 OkHttp官网地址:http://square.github.io/okhtt
关于okhttp 3.14.0 版本在Android 4.4 版本上报ExceptionInInitializerError错误
u011125199的博客
03-28 4543
今天我们发布了OkHttp 3.13。有了这个更新,我们正在提出项目的要求: Android 2.3+ / API 9+(2010年12月发布) Java 7+(2011年7月发布) 对此: Android 5.0+ / API 21+(2014年11月发布) Java 8+(2014年3月发布) 切断旧设备是一个严重的变化,我们不会轻易做到!我想解释为什么我们这样做,我们正在做什么来尽量...
retrofit、okhttp3在Android4.4报NoSuchMethodError、Expected Android API level 21+ but was 19错误的解决方法
qq_42165012的博客
10-25 2170
retrofit、okhttp3在Android4.4报NoSuchMethodError错误的解决方法;retrofit、okhttp3适配Android4.4
retrofit2 + okhttp3 在android4.4运行报错问题
仰望星空的博客
11-26 1045
okhttp3 官方声明兼容4.4 需要使用 3.12.x 版本即可 retrofit2 引入兼容 4.4则使用 2.6.x 及以下版本 以上可能可以 我没试。
适用于Android 4.4okhttp3.12.1版本测试体验
1. **Android版本支持**:OkHttp3.12.1版本经过测试,证实能够在Android 4.4(KitKat)版本上正常工作。这意味着开发者可以使用该版本的库构建兼容该Android版本的应用。 2. **网络权限**:从Android 4.4开始,HTTP...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值