retrofit 添加SSL证书校验
2020-08-22 本文已影响0人
xiaotimel
使用https时添加证书防止捉包
public static class SSLParams {
public SSLSocketFactory sSLSocketFactory;
public X509TrustManager trustManager;
}
读取ssl证书
/**
* 获去信任自签证书的trustManager
*
* @return 信任自签证书的trustManager
* @throws GeneralSecurityException
*/
public static HttpsUtils.SSLParams getSslSocketFactory(List<InputStream> certificates) {
if (certificates == null || certificates.size() <= 0) {
return null;
}
try {
HttpsUtils.SSLParams sslParams = new HttpsUtils.SSLParams();
//创建证书工厂
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
//将所有证书放入证书放入keystore中
for (InputStream certificate : certificates) {
String certificateAlias = Integer.toString(index++);
Certificate cer = certificateFactory.generateCertificate(certificate);
keyStore.setCertificateEntry(certificateAlias, cer);
try {
if (certificate != null) {
certificate.close();
}
} catch (IOException e) {
e.printStackTrace();
}
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
SSLContext sslContext = SSLContext.getInstance("TLS");
final List<X509TrustManager> x509trustManagers = new ArrayList<X509TrustManager>();
for (TrustManager tm : trustManagers) {
if (tm instanceof X509TrustManager) {
x509trustManagers.add((X509TrustManager) tm);
}
}
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException, CertificateException {
for (X509TrustManager tm : x509trustManagers) {
tm.checkServerTrusted(x509Certificates, s);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
sslContext.init(null, new TrustManager[]{trustManager}, null);
sslParams.sSLSocketFactory = sslContext.getSocketFactory();
sslParams.trustManager = trustManager;
return sslParams;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
添加到retrofit中方
private OkHttpClient mOkHttpClient;
private OkHttpClient.Builder mBuilder;
private void init(){
mBuilder = new OkHttpClient.Builder();
mOkHttpClient = mBuilder.build();
mBuilder.sslSocketFactory(sslParams.sSLSocketFactory, sslParams.trustManager);
mRetrofit = new Retrofit.Builder()
.client(mOkHttpClient)
.addCallAdapterFactory(RxJava2CallAdapterFactory.create())
.baseUrl(baseUrl)
.build();
}
