Retrofit處理https請求

  • 問題描述
    一些通過CA認(rèn)證的,https是可以直接訪問的,但一些自簽名證書,用retrofit直接訪問則會走到onFailure里,錯誤信息是無法通過證書驗證。

onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
比如下面這樣。

        String baseUrl = "https://kyfw.12306.cn/";
        OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
        Retrofit retrofit = new Retrofit.Builder().baseUrl(baseUrl).client(clientBuilder.build()).build();
        HttpsInterf httpsInterf = retrofit.create(HttpsInterf.class);
        Call<ResponseBody> responseBodyCall = httpsInterf.get();
        responseBodyCall.enqueue(new Callback<ResponseBody>() {
            @Override
            public void onResponse(Call<ResponseBody> call, Response<ResponseBody> response) {
                Log.d("ZFDT", "onResponse: " + response.body().toString());
            }

            @Override
            public void onFailure(Call<ResponseBody> call, Throwable t) {
                Log.d("ZFDT", "onFailure: " + t.getLocalizedMessage());
            }
        });
  • 解決辦法:
  1. 首先把證書放到assets下面。如果你是chrome瀏覽器的話,請按CTRL+SHIFT+I打開開發(fā)者工具,點擊Security->View certificate->詳細(xì)信息->復(fù)制到文件
image.png
  1. 增加下面的方法
/**
  * 通過okhttpClient來設(shè)置證書
  * @param clientBuilder OKhttpClient.builder
  * @param certificates 讀取證書的InputStream
  */
    public void setCertificates(OkHttpClient.Builder clientBuilder, InputStream... certificates) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            int index = 0;
            for (InputStream certificate : certificates) {
                String certificateAlias = Integer.toString(index++);
                keyStore.setCertificateEntry(certificateAlias, certificateFactory
                        .generateCertificate(certificate));
                try {
                    if (certificate != null)
                        certificate.close();
                } catch (IOException e) {
                }
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
                    TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:"
                        + Arrays.toString(trustManagers));
            }
            X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            clientBuilder.sslSocketFactory(sslSocketFactory, trustManager);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
  1. 在建立retrofit實例前,調(diào)用上面的方法即可。
        String baseUrl = "https://kyfw.12306.cn/";
        OkHttpClient.Builder clientBuilder = new OkHttpClient.Builder();
        try {
            setCertificates(clientBuilder,getAssets().open("https12306.cer"));
        } catch (IOException e) {
            e.printStackTrace();
        }

        Retrofit retrofit = new Retrofit.Builder().baseUrl(baseUrl).client(clientBuilder.build()).build();
        HttpsInterf httpsInterf = retrofit.create(HttpsInterf.class);
        Call<ResponseBody> responseBodyCall = httpsInterf.get();
        responseBodyCall.enqueue(new Callback<ResponseBody>() {
            @Override
            public void onResponse(Call<ResponseBody> call, Response<ResponseBody> response) {
                Log.d("ZFDT", "onResponse: " + response.body().toString());
            }

            @Override
            public void onFailure(Call<ResponseBody> call, Throwable t) {
                Log.d("ZFDT", "onFailure: " + t.getLocalizedMessage());
            }
        });
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • 前言 使用Retrofit已經(jīng)一段時間了,這貨挺好用的,還很特別,特別是使用接口來定義請求方式,這用法讓我對它的源...
    帶心情去旅行閱讀 3,453評論 3 21
  • 說到目前最火的網(wǎng)絡(luò)請求庫,那肯定是的非Retrofit莫屬了,如果你還不了解Retrofit如何使用,如果你想讓自...
    koala_閱讀 11,826評論 8 34
  • 開始使用Retrofit 首先先聲明一個用于請求的接口 Converter.Factory factory = G...
    zyc_214閱讀 434評論 0 0
  • Retrofit 源碼解析 簡單用法 Retrofit最簡單的用法就是定義一個接口,創(chuàng)建Retrofit對象,調(diào)用...
    Kingty閱讀 943評論 3 14
  • 雙手合十 感謝今天經(jīng)歷的每一件事 遇到的每一個人 感謝 今天上午兩節(jié)康基 兩節(jié)體育課 才感覺到 很對看似...
    姜小禪閱讀 206評論 0 0

友情鏈接更多精彩內(nèi)容