android - 如何在 Retrofit 中使用 ssl 证书发出 https 请求

标签 android ssl https retrofit okhttp

我有一个 .p12 证书文件,我使用 SSL Converter将其转换为 .pem 证书文件。然后我在我的 android 代码中使用该 pem 证书文件,如下所示:

OkHttpClient okHttpClient = new OkHttpClient();
        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream instream = context.getResources().openRawResource(R.raw.pem_certificate);
            Certificate ca;
            ca = cf.generateCertificate(instream);
            KeyStore kStore = KeyStore.getInstance(KeyStore.getDefaultType());
            kStore.load(null, null);
            kStore.setCertificateEntry("ca", ca);
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            tmf.init(kStore);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            sslContext.init(null, tmf.getTrustManagers(), null);
            okHttpClient.setSslSocketFactory(sslContext.getSocketFactory());
        } catch (CertificateException
                | KeyStoreException
                | NoSuchAlgorithmException
                | IOException
                | KeyManagementException e) {
            e.printStackTrace();
        }

        baseURL = endpoint;
        RestAdapter restAdapter = new RestAdapter.Builder()
                .setEndpoint(baseURL)
                .setClient(new OkClient(okHttpClient))
                .build();

        service = restAdapter.create(DishService.class);

但是这段代码不起作用。在“ca = cf.generateCertificate(instream);”行失败带有 CertificateException 消息。

最佳答案 

public class RetrofitBuilder {

private static Retrofit retrofit = null;
private static final String BASE_URL = BuildConfig.BASE_URL;
private static final String API_VERSION = BuildConfig.VERSION;

private static OkHttpClient.Builder httpClientBuilder = null;

public static Retrofit getInstance(Context context) {
    if (retrofit == null) {

        httpClientBuilder = new OkHttpClient.Builder().readTimeout(5, TimeUnit.SECONDS);
        initHttpLogging();
        initSSL(context);

        Retrofit.Builder builder = new Retrofit.Builder()
                .baseUrl(BASE_URL + API_VERSION)
                .addConverterFactory(GsonConverterFactory.create())
                .client(httpClientBuilder.build());


        retrofit = builder.build();

    }
    return retrofit;
}


private static void initHttpLogging() {
    HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
    logging.setLevel(HttpLoggingInterceptor.Level.BODY);
    if (BuildConfig.DEBUG) httpClientBuilder.addInterceptor(logging);
}

private static void initSSL(Context context) {

    SSLContext sslContext = null;
    try {
        sslContext = createCertificate(context.getResources().openRawResource(R.raw.cert));
    } catch (CertificateException | IOException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) {
        e.printStackTrace();
    }

    if(sslContext!=null){
        httpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), systemDefaultTrustManager());
    }

}

private static SSLContext createCertificate(InputStream trustedCertificateIS) throws CertificateException, IOException, KeyStoreException, KeyManagementException, NoSuchAlgorithmException{

    CertificateFactory cf = CertificateFactory.getInstance("X.509");
    Certificate ca;
    try {
        ca = cf.generateCertificate(trustedCertificateIS);
    } finally {
        trustedCertificateIS.close();
    }

    // creating a KeyStore containing our trusted CAs
    String keyStoreType = KeyStore.getDefaultType();
    KeyStore keyStore = KeyStore.getInstance(keyStoreType);
    keyStore.load(null, null);
    keyStore.setCertificateEntry("ca", ca);

    // creating a TrustManager that trusts the CAs in our KeyStore
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
    tmf.init(keyStore);

    // creating an SSLSocketFactory that uses our TrustManager
    SSLContext sslContext = SSLContext.getInstance("TLS");
    sslContext.init(null, tmf.getTrustManagers(), null);
    return sslContext;

}

private static X509TrustManager systemDefaultTrustManager() {

    try {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        }
        return (X509TrustManager) trustManagers[0];
    } catch (GeneralSecurityException e) {
        throw new AssertionError(); // The system has no TLS. Just give up.
    }

}

}

在阅读了大量的帖子、博客和要点之后,我终于找到了一种方法。这对我有用。

关于android - 如何在 Retrofit 中使用 ssl 证书发出 https 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30779533/

上一篇:android - 在共享元素转换中淡出英雄 View 的 child

下一篇:android - 如何反序列化 JSON 对象但将特定字段保留为字符串而不是嵌套对象?

相关文章:

python - 如何在没有 HTTPS 的情况下运行 Django 1.6 LiveServerTestCase?

android - 使用 XML 将动画 PNG 图像显示到我在 android 中的布局

android 未知 Chrome 错误 : -6

android - OkHttp + Retrofit libssl 在两种方式的 SSL 身份验证中崩溃

node.js - 套接字 [SSL : CERTIFICATE_VERIFY_FAILED] (_ssl. c :590) from Client. py 到 Node Server.js

linux - 错误 : httpd24-tools conflicts with httpd-tools-2. 2.34-1.16.amzn1.x86_64

android - NPE 在 android.webkit.WebView.onWindowFocusChanged

android - 具有不兼容的支持库与编译SDK版本的影响

curl - Heroku SSL 问题给我验证失败

authentication - 使用 HTTPS 进行客户端-服务器通信

©2024 IT工具网  联系我们