Retrofit支持https

1信任所有https請(qǐng)求

okHttpClient設(shè)置sslSocketFactory,hostnameVerifier

OkHttpClient okHttpClient = new OkHttpClient.Builder()
                .connectTimeout(5, TimeUnit.SECONDS)
                .readTimeout(10, TimeUnit.SECONDS)
                .sslSocketFactory(getSSLSocketFactory(),new TrustAllCerts())
                .hostnameVerifier(getHostnameVerifier())
                .build();
Retrofit retrofit = new Retrofit.Builder().baseUrl(url)
                .client(okHttpClient)
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                .addConverterFactory(GsonConverterFactory.create())
                .build();

getSSLSocketFactory()方法如下:

public static SSLSocketFactory getSSLSocketFactory() {
        SSLSocketFactory ssfFactory = null;

        try {
            SSLContext sc = SSLContext.getInstance("TLS");
            sc.init(null, new TrustManager[]{new CustomTrustManager()}, new SecureRandom());

            ssfFactory = sc.getSocketFactory();
        } catch (Exception e) {
        }

        return ssfFactory;
    }

其中CustomTrustManager類很簡(jiǎn)單只需實(shí)現(xiàn)X509TrustManager

public class CustomTrustManager implements X509TrustManager{
    @Override
    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {

    }

    @Override
    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {

    }

    @Override
    public X509Certificate[] getAcceptedIssuers() {
        return new X509Certificate[0];
    }
}

getHostnameVerifier()如下,return true就可以

public static HostnameVerifier getHostnameVerifier() {
  HostnameVerifier   hostnameVerifier= new HostnameVerifier() {
  public boolean verify(String hostname, SSLSession session) {
                 return true;
            }
        };
        return hostnameVerifier;
    }

2信任證書和指定的url地址

改動(dòng)上面getSSLSocketFactory(),getHostnameVerifier()方法即可,代碼如下:

public static int[] certificates = {R.raw.mycer};
    protected static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {

        if (context == null) {
            throw new NullPointerException("context == null");
        }

        CertificateFactory certificateFactory;
        SSLContext sslContext=null;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);

            for (int i = 0; i < certificates.length; i++) {
                InputStream certificate = context.getResources().openRawResource(certificates[i]);
                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));

                if (certificate != null) {
                    certificate.close();
                }
            }
            sslContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());

        }catch (Exception e){
            e.printStackTrace();
        }
        return sslContext.getSocketFactory();
    }

R.raw.mycer是自行導(dǎo)入在res/raw/Mycer.cer證書,如圖

Jietu20171122-112229@2x.png

getHostnameVerifier()代碼如下

 public  static String urls[] = {"url1","url2"};

    public static HostnameVerifier getHostnameVerifier() {

        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                boolean verifier = false;
                for (String host : urls) {
                    if (host.equalsIgnoreCase(hostname)) {
                        verifier = true;
                    }
                }
                return verifier;
            }
        };
        return hostnameVerifier;
    }

上面public static String urls[] = {"url1","url2"},url1,url2是你需要信任的服務(wù)器地址,例如上方new Retrofit.Builder().baseUrl(url)中url="https://test2-mytest.com:8888/mytest/",url1相對(duì)應(yīng)就是test2-mytest.com,驗(yàn)證時(shí)會(huì)自動(dòng)去掉https。

上述四個(gè)方法可任意組合,信任指定路徑,或者所有路徑,帶證書或者不帶證書。

最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡(jiǎn)書系信息發(fā)布平臺(tái),僅提供信息存儲(chǔ)服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,551評(píng)論 19 139
  • retrofit中如何正確的使用https? 很多文章對(duì)客戶端https的使用都是很模糊的,不但如此,有些開發(fā)者直...
    流水潺湲閱讀 1,301評(píng)論 3 27
  • https://nodejs.org/api/documentation.html 工具模塊 Assert 測(cè)試 ...
    KeKeMars閱讀 6,603評(píng)論 0 6
  • 清明假期,天氣晴,便與朋友相約一起騎自行車出去走走。 前一天傍晚去跑了一個(gè)半程馬拉松的距離,用時(shí)1小時(shí)45分鐘。晚...
    夜郎西閱讀 332評(píng)論 0 1
  • 1.最差的:母雞式溝通 表現(xiàn):看到客戶就兩眼放光,拉著客戶就講個(gè)沒完,也不管客戶喜不喜歡聽、想不想聽,也不去了解客...
    清揚(yáng)_a059閱讀 226評(píng)論 0 0

友情鏈接更多精彩內(nèi)容