okhttp3.0使用https访问网络

一.okhttp信任所有证书(不建议使用)

1.新TrustAllcert类实现X509TrustManager接口：

public class TrustAllCerts implements X509TrustManager {      @Override        public void checkClientTrusted(X509Certificate[] chain, String authType) {}      @Override        public void checkServerTrusted(X509Certificate[] chain, String authType) {}      @Override        public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}    }    

2.初始化OKHttpClient进行配置：

OkHttpClient.Builder builder = new OkHttpClient.Builder();         builder.connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS);         builder.sslSocketFactory(createSSLSocketFactory());         builder.hostnameVerifier(new HostnameVerifier() {             @Override             public boolean verify(String hostname, SSLSession session) {                 return true;             }         });  private static SSLSocketFactory createSSLSocketFactory() {          SSLSocketFactory ssfFactory = null;          try {              SSLContext sc = SSLContext.getInstance("TLS");              sc.init(null, new TrustManager[]{new TrustAllCerts()}, new SecureRandom());              ssfFactory = sc.getSocketFactory();          } catch (Exception e) {          }          return ssfFactory;      }  

二.okhttp使用自签证书(建议)

1.将证书(一般是cer结尾的文件)放到工程的assets里面.

2. 将证书的流数据传入生成SSLSocketFactory .

 public SSLSocketFactory getSslSocketFactory(InputStream certificates) {        SSLContext sslContext = null;        try {            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");            Certificate ca;            try {                ca = certificateFactory.generateCertificate(certificates);            } finally {                certificates.close();            }            // Create a KeyStore containing our trusted CAs            String keyStoreType = KeyStore.getDefaultType();            KeyStore keyStore = KeyStore.getInstance(keyStoreType);            keyStore.load(null, null);            keyStore.setCertificateEntry("ca", ca);            // Create a TrustManager that trusts the CAs in our KeyStore            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);            tmf.init(keyStore);            // Create an SSLContext that uses our TrustManager            sslContext = SSLContext.getInstance("TLS");            sslContext.init(null, tmf.getTrustManagers(), null);        } catch (Exception e) {            e.printStackTrace();        }        return sslContext != null ? sslContext.getSocketFactory() : null;    }

注意:这里可以将证书放到assets文件夹里面然后获取:

InputStream inputStream = null;        try {            inputStream = BaseApplication.getmAppContext().getAssets().open("s12306.cer");        } catch (IOException e) {            e.printStackTrace();        }

也可以将证书copy出来定义成字符串常量进行设置(这样就不用将证书打包到apk里面了):

 private String BOOK12306 = "这里填写上证书"InputStream inputStream1 = null;        try {            inputStream1 = new ByteArrayInputStream(BOOK12306.getBytes("UTF-8"));        } catch (UnsupportedEncodingException e) {            e.printStackTrace();        }

3.对okhttp进行设置就可以了.

 OkHttpClient okHttpClient = new OkHttpClient.Builder()                .sslSocketFactory(getSslSocketFactory(inputStream))                .readTimeout(7676, TimeUnit.MILLISECONDS)                .connectTimeout(7676, TimeUnit.MILLISECONDS)                .addInterceptor(logInterceptor)                .addInterceptor(interceptor)                .build();