一、证书认证
1、浏览器下载 server.cer 证书 添加至 assets
import android.util.Log;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.util.Arrays;
import java.util.Collection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class HttpsManager {
private static HttpsManager instance;
private static X509TrustManager trustManager;
private static SSLSocketFactory sslSocketFactory;
private HttpsManager(){
setSocketFactory();
}
public static HttpsManager getInstance(){
if (instance==null){
instance = new HttpsManager();
}
return instance;
}
private void setSocketFactory() {
try {
trustManager = trustManagerForCertificates(trustedCertificatesInputStream());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{trustManager}, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (GeneralSecurityException e) {
e.printStackTrace();
}
}
public X509TrustManager getManager(){
return trustManager;
}
public SSLSocketFactory getSslSocketFactory(){
return sslSocketFactory;
}
private InputStream trustedCertificatesInputStream() {
String servicesCertificationAuthority = ""
+"-----BEGIN CERTIFICATE-----\n" +
"content\n" +
"-----END CERTIFICATE-----\n";
String comodoRsaCertificationAuthority = ""
+ "-----BEGIN CERTIFICATE-----\n" +
"content\n" +
"-----END CERTIFICATE-----\n";
String entrustRootCertificateAuthority = ""
+ "-----BEGIN CERTIFICATE-----\n" +
"content\n" +
"-----END CERTIFICATE-----\n";
try {
return BaseApplication.getApplication().getAssets().open("server.cer");
} catch (IOException e) {
Log.e("Error","Trans fail");
return null;
}
}
private X509TrustManager trustManagerForCertificates(InputStream in) throws
GeneralSecurityException {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in);
if (certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted certificates");
}
// Put the certificates a key store.
char[] password = "password".toCharArray(); // Any password will work.
KeyStore keyStore = newEmptyKeyStore(password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
// Use it to build an X509 trust manager.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null; // By convention, 'null' creates an empty key store.
keyStore.load(in, password);
return keyStore;
} catch (IOException e) {
throw new AssertionError(e);
}
}
}
2、网络访问时使用
HttpsManager manager = HttpsManager.getInstance();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(manager.getSslSocketFactory(), manager.getManager());
二、信任所有证书
1、SSLSocketFactory 和 TrustAllHostnameVerifier
@SuppressLint("TrulyRandom")
private static SSLSocketFactory createSSLSocketFactory() {
SSLSocketFactory sSLSocketFactory = null;
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{new TrustAllManager()},
new SecureRandom());
sSLSocketFactory = sc.getSocketFactory();
} catch (Exception e) {
}
return sSLSocketFactory;
}
private static class TrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private static class TrustAllHostnameVerifier implements HostnameVerifier {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
2、网络访问时使用
OkHttpClient.Builder builder = new OkHttpClient.Builder();
builder.sslSocketFactory(createSSLSocketFactory());
builder.hostnameVerifier(new TrustAllHostnameVerifier());