服务器下载文件(crt+key转cer)
- 在jdk\bin文件下复制openssl.exe(链接有)
oppenssl.exe - 使用openssl x509 -in (你的服务器).crt -keyform (服务器私钥).key -out (Retrofit使用的Http).cer -outform der
Retrofit请求中配置
使用OkHttpClient.sslSocketFactory()设置Https请求
OkHttpClient build = new OkHttpClient.Builder() // .connectTimeout(20000, TimeUnit.MILLISECONDS) .connectTimeout(10000, TimeUnit.MILLISECONDS) .writeTimeout(10000, TimeUnit.MILLISECONDS) .readTimeout(10000, TimeUnit.MILLISECONDS) //设置Https请求 // .sslSocketFactory(sslSocketFactory) .build(); - sslSocketFactory的获取 SSLSocketFactory sslSocketFactory = null; try { //读取raw文件下的server.cer文件,刚刚得到的那个 sslSocketFactory = getSSLSocketFactory_Certificate(App.getApplication(),"BKS", R.raw.server); } catch (CertificateException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); }
getSSLSocketFactory_Certificate()
private static SSLSocketFactory getSSLSocketFactory_Certificate(Context context, String keyStoreType, int keystoreResId) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = context.getResources().openRawResource(keystoreResId); Certificate ca = cf.generateCertificate(caInput); caInput.close(); if(keyStoreType ==null|| keyStoreType.length() ==0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null,null); keyStore.setCertificateEntry("ca", ca); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); TrustManager[] wrappedTrustManagers = MyTrustManager.getWrappedTrustManagers( tmf.getTrustManagers()); // TrustManager[] wrappedTrustManagers =TrustManager.getWrappedTrustManagers(tmf.getTrustManagers()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers,null); return sslContext.getSocketFactory(); }
自定义的TrustManager -> MyTrustManager
public class MyTrustManager implements TrustManager { public static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) { final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0]; return new TrustManager[]{ new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return originalTrustManager.getAcceptedIssuers(); } public void checkClientTrusted(X509Certificate[] certs, String authType) { try{ originalTrustManager.checkClientTrusted(certs, authType); }catch(CertificateException e) { e.printStackTrace(); } } public void checkServerTrusted(X509Certificate[] certs, String authType) { try{ originalTrustManager.checkServerTrusted(certs, authType); }catch(CertificateException e) { e.printStackTrace(); } } } }; } }