程序博客网 > 好听个性的淘宝会员名

Android HTTPS之自签名证书认证(三)

来源:互联网 发布:好听个性的淘宝会员名 编辑:程序博客网 时间:2024/06/15 16:37

Okhttp从2.4升级到3.9.1对HTTPS认证的影响

严格意义上讲,本文不应属于这个系列,但由于前面两篇博客的代码是参考《Android Https相关完全解析 当OkHttp遇到Https》改写的,当时的okhttp框架的版本为2.4.0,但现在okhttp版本升级到了3.9.1,并且查了一下相关资料,发现okhttp从2.x到3.x版本的api变化比较大,因此我也尝试着将okhttp版本进行升级,并做简要记录与大家分享。

1.1 okhttp Jar包升级

compile 'com.squareup.okhttp:okhttp:2.4.0'更新为compile 'com.squareup.okhttp3:okhttp:3.9.1',Android Studio会自动下载3.9.1的okhttp jar包。

1.2 更新Api及修正相关编译错误

Rebuild project,会发现有许多错误

1.2.1 包名更新

Okhttp2.x的包名为com.squareup.okhttp

import com.squareup.okhttp.Call;import com.squareup.okhttp.Callback;import com.squareup.okhttp.OkHttpClient;import com.squareup.okhttp.Request;import com.squareup.okhttp.Response;

但okhttp3.x已经变为okhttp3,如上面的包名则相对应变为:

import okhttp3.Call;import okhttp3.Callback;import okhttp3.OkHttpClient;import okhttp3.Request;import okhttp3.Response;

1.2.2 OkHttpClient创建方式不同

okhttp2.x直接new OkHttpClient,而okhttp3.x 中提供了Builder,很好的使用了创建者设计模式

OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();

1.2.3 OkHttpClient参数的配置变化

之前okhttp2.x参数可以直接OkHttpClient.setConnectTimeout()设置,现在OkHttpClient使用创建者模式,需要在OkHttpClient.Builder上设置可配置的参数:

okHttpClient.connectTimeout(5, TimeUnit.SECONDS);okHttpClient.readTimeout(5, TimeUnit.SECONDS);

1.2.4 setCookieHandler变为cookieJar

okhttp2.x调用OkHttpClient的setCookieHandler方法,CookieHandler 的子类CookieManager实现了cookie的具体管理方法,

mOkHttpClient.setCookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER));

okhttp3中已经没有setCookieHandler方法了,而改成了cookieJar,需要在OkHttpClient的Builder的cookieJar方法中设置。

okHttpClient.cookieJar(new CookieJar() {    private final HashMap<HttpUrl, List<Cookie>> cookieStore = new HashMap<>();    @Override    public void saveFromResponse(HttpUrl url, List<Cookie> cookies) {        cookieStore.put(url, cookies);    }    @Override    public List<Cookie> loadForRequest(HttpUrl url) {        return null;    }});

1.2.5 改造setSslSocketFactory

okhttp2.x的sslSocketFactory(SSLSocketFactory sslSocketFactory)已不推荐使用,取而代之的

public Builder sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)

因此我们可以将其改造为

mOkHttpClient = new OkHttpClient.Builder()                        .sslSocketFactory(sslContext.getSocketFactory(), trustManager)                        .build();

trustManager是X509TrustManager 的一个实例

trustManager = trustManagerForCertificates(certificates);
private X509TrustManager trustManagerForCertificates(InputStream in)    throws GeneralSecurityException {    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");    Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in);    if (certificates.isEmpty()) {        throw new IllegalArgumentException("expected non-empty set of trusted certificates");    }    // Put the certificates a key store.    char[] password = "123456".toCharArray(); // Any password will work.    KeyStore keyStore = newEmptyKeyStore(password);    int index = 0;    for (Certificate certificate : certificates) {        String certificateAlias = Integer.toString(index++);        keyStore.setCertificateEntry(certificateAlias, certificate);    }    // Use it to build an X509 trust manager.    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(            KeyManagerFactory.getDefaultAlgorithm());    keyManagerFactory.init(keyStore, password);    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(            TrustManagerFactory.getDefaultAlgorithm());    trustManagerFactory.init(keyStore);    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();    if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {        throw new IllegalStateException("Unexpected default trust managers:"                + Arrays.toString(trustManagers));    }    return (X509TrustManager) trustManagers[0];}

所以

/****************************** *  单向认证 ******************************/public void setOneWayCertificates(InputStream... certificates)/*******************************  双向认证******************************/public void setTwoWayCertificates(InputStream clientcertificates, InputStream... certificates)

可分别改造为:

/****************************** *  单向认证 ******************************/public void setOneWayCertificates(InputStream certificates){    X509TrustManager trustManager;    try{        trustManager = trustManagerForCertificates(certificates);        SSLContext sslContext = SSLContext.getInstance("TLS");        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());        TrustManagerFactory trustManagerFactory =                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());        trustManagerFactory.init(keyStore);        sslContext.init(                null,                new TrustManager[] { trustManager },                new SecureRandom());        mOkHttpClient = new OkHttpClient.Builder()                .sslSocketFactory(sslContext.getSocketFactory(), trustManager)                .build();    } catch (Exception e){        Log.e("OkHttpClientManager", e.getMessage());    }}/*******************************  双向认证******************************/public void setTwoWayCertificates(InputStream clientCertificates, InputStream certificates) {    X509TrustManager trustManager;    try {        trustManager = trustManagerForCertificates(certificates);        SSLContext sslContext = SSLContext.getInstance("TLS");        //初始化keystore        KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());        clientKeyStore.load(clientCertificates, "123456".toCharArray());        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());        keyManagerFactory.init(clientKeyStore, "123456".toCharArray());        sslContext.init(                keyManagerFactory.getKeyManagers(),                new TrustManager[] { trustManager },                new SecureRandom());        mOkHttpClient = new OkHttpClient.Builder()                .sslSocketFactory(sslContext.getSocketFactory(), trustManager)                .build();    } catch (Exception e) {        e.printStackTrace();    }}

1.2.6 Callback实现的接口和call的变化

okhttp2.x的callback方法是void onFailure(Request request, IOException e);void onResponse(Response response) throws IOException; okhttp3.x 的Callback方法为void onFailure(Call call, IOException e);void onResponse(Call call, Response response) throws IOException;okhttp3对Call做了更简洁的封装,okhttp3.x Call是个接口,okhttp的call是个普通class,一定要注意,无论哪个版本,call都不能执行多次,多次执行需要重新创建。于是

private void deliveryResult(final ResultCallback callback, Request request) {    mOkHttpClient.newCall(request).enqueue(new Callback() {        @Override        public void onFailure(Request request, IOException e) {            sendFailedStringCallback(request, e, callback);        }        @Override        public void onResponse(Response response) throws IOException {            try {                final String string = response.body().string();                if (callback.mType == String.class) {                    sendSuccessResultCallback(string, callback);                } else {                    Object o = mGson.fromJson(string, callback.mType);                    sendSuccessResultCallback(o, callback);                }            } catch (IOException e) {                sendFailedStringCallback(response.request(), e, callback);            } catch (JsonParseException e) {  //Json解析的错误                sendFailedStringCallback(response.request(), e, callback);            }        }    });}

就变为:

private void deliveryResult(final ResultCallback callback, Request request) {    mOkHttpClient.newCall(request).enqueue(new Callback() {        @Override        public void onFailure(Call call, IOException e) {            sendFailedStringCallback(call.request(), e, callback);        }        @Override        public void onResponse(Call call, Response response) throws IOException {            try {                final String string = response.body().string();                if (callback.mType == String.class) {                    sendSuccessResultCallback(string, callback);                } else {                    Object o = mGson.fromJson(string, callback.mType);                    sendSuccessResultCallback(o, callback);                }            } catch (IOException e) {                sendFailedStringCallback(response.request(), e, callback);            } catch (JsonParseException e) {  //Json解析的错误                sendFailedStringCallback(response.request(), e, callback);            }        }    });}

至此,改造完毕,我们分验证单向认证及双向认证均可得到如下log:

12-14 02:08:20.698 30391-30391/? D/MainActivity: Response is Hello world!

证明已可以正常通讯,说明我们okhttp3.x版本升级成功。

参考:

  • https://github.com/square/okhttp/blob/3f7a3344a4c85aa3bbb879dabac5ee625ab987f3/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java#L54
  • okhttp3与旧版本okhttp的区别分析
  • okhttp3 使用详解及简单封装

完整代码可到我的github下载:

server: https://github.com/onroadtech/SpringbootBase/tree/springboot_https_self_signed_certificate_one_two_way_certificate

android:https://github.com/onroadtech/Android4HTTPS/tree/88aa11a9b224df1fd19a5120ff387e81dcd23867

本博文已同步发表于我的个人博客网站,欢迎转载指正并注明出处。
个人博客: www.onroad.tech
指正邮箱: onroad_tech@163.com

阅读全文
0 0
好听个性的淘宝会员名 好听个性的淘宝会员名
原创粉丝点击
热门IT博客
淘宝怎样开店铺淘宝怎样开店铺
淘宝同学和淘宝淘宝同学和淘宝
资产配置知乎
淘宝懒人软件
seo软文代写
淘宝经营类目在哪改
js 0除以0 nan
网络支付的风险
网络电视用什么宽带好
武汉烽火众智 知乎
虚拟化与云计算 pdf
美国最新api数据
网络流行语字母缩写
java游戏安卓
台式机电源检测软件
晒自拍的软件
企业邮箱域名格式
js作用域和作用域链
分析师跟踪数据
单片机modbus通讯协议
热门问题 老师的惩罚 人脸识别 我在镇武司摸鱼那些年 重生之率土为王 我在大康的咸鱼生活 盘龙之生命进化 天生仙种 凡人之先天五行 春回大明朝 姑娘不必设防,我是瞎子 包公墓 沈阳墓地 墓地邂逅 青浦墓地 成都墓地 上海陵园 宠物墓地 墓园价格 深圳墓地 龙泉墓园 长沙陵园 宠物陵园 北京墓地网 哈尔滨墓地 一块墓地多少钱 北京陵园墓地价格 沈阳墓地价格一般多少 永福墓园 深圳墓地价格表 上海市墓地价格 坟墓 网上墓地 墓地价钱 天津墓地 石家庄陵园 广州墓园 陵园墓地 墓园服务 墓地收费 选购墓地 重庆墓地 常山陵园 福州陵园 卖墓地 沧州墓地 上海浦东新区公墓 一头母驴让两头公驴配 公猫绝育后几天可以摘头套 公头 公和堂狮子头 五头公驴配一头母驴

程序博客网,程序员的互联网技术博客家园。csdn论坛精品 msdn技术资料都在这里