异常描述及原因
用OkHttp访问时错误异常大概是这样子
javax.net.ssl.SSLHandshakeException: com.android.org.bouncycastle.jce.exception.ExtCertPathValidatorException:
Could not validate certificate: current time: Wed Feb 03 00:01:59 GMT+08:00 2010, validation time: Wed Nov 06 05:36:50 GMT+08:00 2013
HTTPS:超文本安全传输协议,和HTTP相比,多了一个SSL/TSL的认证过程,端口为443。
- 1.peer终端发送一个request,https服务端把支持的加密算法等以证书的形式返回一个身份信息(包含ca颁发机构和加密公钥等)。
- 2.获取证书之后,验证证书合法性。
- 3.随机产生一个密钥,并以证书当中的公钥加密。
- 4.request https服务端,把用公钥加密过的密钥传送给https服务端。
- 5.https服务端用自己的密钥解密,获取随机值。
- 6.之后双方传送数据都用此密钥加密后通信.
https的时序图:
处理方式 构建相应的ssl证书
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
}};
// Install the all-trusting trust manager
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts,
new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext
.getSocketFactory();
} catch (NoSuchAlgorithmException | KeyManagementException e) {
e.printStackTrace();
}