Android HTTPS之自签名证书认证(三)
来源:互联网 发布:好听个性的淘宝会员名 编辑:程序博客网 时间:2024/06/15 16:37
Okhttp从2.4升级到3.9.1对HTTPS认证的影响
严格意义上讲,本文不应属于这个系列,但由于前面两篇博客的代码是参考《Android Https相关完全解析 当OkHttp遇到Https》改写的,当时的okhttp框架的版本为2.4.0,但现在okhttp版本升级到了3.9.1,并且查了一下相关资料,发现okhttp从2.x到3.x版本的api变化比较大,因此我也尝试着将okhttp版本进行升级,并做简要记录与大家分享。
1.1 okhttp Jar包升级
将compile 'com.squareup.okhttp:okhttp:2.4.0'
更新为compile 'com.squareup.okhttp3:okhttp:3.9.1'
,Android Studio会自动下载3.9.1的okhttp jar包。
1.2 更新Api及修正相关编译错误
Rebuild project,会发现有许多错误
1.2.1 包名更新
Okhttp2.x的包名为com.squareup.okhttp
import com.squareup.okhttp.Call;import com.squareup.okhttp.Callback;import com.squareup.okhttp.OkHttpClient;import com.squareup.okhttp.Request;import com.squareup.okhttp.Response;
但okhttp3.x已经变为okhttp3,如上面的包名则相对应变为:
import okhttp3.Call;import okhttp3.Callback;import okhttp3.OkHttpClient;import okhttp3.Request;import okhttp3.Response;
1.2.2 OkHttpClient创建方式不同
okhttp2.x直接new OkHttpClient,而okhttp3.x 中提供了Builder,很好的使用了创建者设计模式
OkHttpClient.Builder okHttpClient = new OkHttpClient.Builder();
1.2.3 OkHttpClient参数的配置变化
之前okhttp2.x参数可以直接OkHttpClient.setConnectTimeout()设置,现在OkHttpClient使用创建者模式,需要在OkHttpClient.Builder上设置可配置的参数:
okHttpClient.connectTimeout(5, TimeUnit.SECONDS);okHttpClient.readTimeout(5, TimeUnit.SECONDS);
1.2.4 setCookieHandler变为cookieJar
okhttp2.x调用OkHttpClient的setCookieHandler方法,CookieHandler 的子类CookieManager实现了cookie的具体管理方法,
mOkHttpClient.setCookieHandler(new CookieManager(null, CookiePolicy.ACCEPT_ORIGINAL_SERVER));
okhttp3中已经没有setCookieHandler方法了,而改成了cookieJar,需要在OkHttpClient的Builder的cookieJar方法中设置。
okHttpClient.cookieJar(new CookieJar() { private final HashMap<HttpUrl, List<Cookie>> cookieStore = new HashMap<>(); @Override public void saveFromResponse(HttpUrl url, List<Cookie> cookies) { cookieStore.put(url, cookies); } @Override public List<Cookie> loadForRequest(HttpUrl url) { return null; }});
1.2.5 改造setSslSocketFactory
okhttp2.x的sslSocketFactory(SSLSocketFactory sslSocketFactory)已不推荐使用,取而代之的
public Builder sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)
因此我们可以将其改造为
mOkHttpClient = new OkHttpClient.Builder() .sslSocketFactory(sslContext.getSocketFactory(), trustManager) .build();
trustManager是X509TrustManager 的一个实例
trustManager = trustManagerForCertificates(certificates);
private X509TrustManager trustManagerForCertificates(InputStream in) throws GeneralSecurityException { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in); if (certificates.isEmpty()) { throw new IllegalArgumentException("expected non-empty set of trusted certificates"); } // Put the certificates a key store. char[] password = "123456".toCharArray(); // Any password will work. KeyStore keyStore = newEmptyKeyStore(password); int index = 0; for (Certificate certificate : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, certificate); } // Use it to build an X509 trust manager. KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers)); } return (X509TrustManager) trustManagers[0];}
所以
/****************************** * 单向认证 ******************************/public void setOneWayCertificates(InputStream... certificates)/******************************* 双向认证******************************/public void setTwoWayCertificates(InputStream clientcertificates, InputStream... certificates)
可分别改造为:
/****************************** * 单向认证 ******************************/public void setOneWayCertificates(InputStream certificates){ X509TrustManager trustManager; try{ trustManager = trustManagerForCertificates(certificates); SSLContext sslContext = SSLContext.getInstance("TLS"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init( null, new TrustManager[] { trustManager }, new SecureRandom()); mOkHttpClient = new OkHttpClient.Builder() .sslSocketFactory(sslContext.getSocketFactory(), trustManager) .build(); } catch (Exception e){ Log.e("OkHttpClientManager", e.getMessage()); }}/******************************* 双向认证******************************/public void setTwoWayCertificates(InputStream clientCertificates, InputStream certificates) { X509TrustManager trustManager; try { trustManager = trustManagerForCertificates(certificates); SSLContext sslContext = SSLContext.getInstance("TLS"); //初始化keystore KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType()); clientKeyStore.load(clientCertificates, "123456".toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, "123456".toCharArray()); sslContext.init( keyManagerFactory.getKeyManagers(), new TrustManager[] { trustManager }, new SecureRandom()); mOkHttpClient = new OkHttpClient.Builder() .sslSocketFactory(sslContext.getSocketFactory(), trustManager) .build(); } catch (Exception e) { e.printStackTrace(); }}
1.2.6 Callback实现的接口和call的变化
okhttp2.x的callback方法是void onFailure(Request request, IOException e);void onResponse(Response response) throws IOException;
okhttp3.x 的Callback方法为void onFailure(Call call, IOException e);void onResponse(Call call, Response response) throws IOException;
okhttp3对Call做了更简洁的封装,okhttp3.x Call是个接口,okhttp的call是个普通class,一定要注意,无论哪个版本,call都不能执行多次,多次执行需要重新创建。于是
private void deliveryResult(final ResultCallback callback, Request request) { mOkHttpClient.newCall(request).enqueue(new Callback() { @Override public void onFailure(Request request, IOException e) { sendFailedStringCallback(request, e, callback); } @Override public void onResponse(Response response) throws IOException { try { final String string = response.body().string(); if (callback.mType == String.class) { sendSuccessResultCallback(string, callback); } else { Object o = mGson.fromJson(string, callback.mType); sendSuccessResultCallback(o, callback); } } catch (IOException e) { sendFailedStringCallback(response.request(), e, callback); } catch (JsonParseException e) { //Json解析的错误 sendFailedStringCallback(response.request(), e, callback); } } });}
就变为:
private void deliveryResult(final ResultCallback callback, Request request) { mOkHttpClient.newCall(request).enqueue(new Callback() { @Override public void onFailure(Call call, IOException e) { sendFailedStringCallback(call.request(), e, callback); } @Override public void onResponse(Call call, Response response) throws IOException { try { final String string = response.body().string(); if (callback.mType == String.class) { sendSuccessResultCallback(string, callback); } else { Object o = mGson.fromJson(string, callback.mType); sendSuccessResultCallback(o, callback); } } catch (IOException e) { sendFailedStringCallback(response.request(), e, callback); } catch (JsonParseException e) { //Json解析的错误 sendFailedStringCallback(response.request(), e, callback); } } });}
至此,改造完毕,我们分验证单向认证及双向认证均可得到如下log:
12-14 02:08:20.698 30391-30391/? D/MainActivity: Response is Hello world!
证明已可以正常通讯,说明我们okhttp3.x版本升级成功。
参考:
- https://github.com/square/okhttp/blob/3f7a3344a4c85aa3bbb879dabac5ee625ab987f3/samples/guide/src/main/java/okhttp3/recipes/CustomTrust.java#L54
- okhttp3与旧版本okhttp的区别分析
- okhttp3 使用详解及简单封装
完整代码可到我的github下载:
server: https://github.com/onroadtech/SpringbootBase/tree/springboot_https_self_signed_certificate_one_two_way_certificate
android:https://github.com/onroadtech/Android4HTTPS/tree/88aa11a9b224df1fd19a5120ff387e81dcd23867
本博文已同步发表于我的个人博客网站,欢迎转载指正并注明出处。
个人博客: www.onroad.tech
指正邮箱: onroad_tech@163.com
- Android HTTPS之自签名证书认证(三)
- Android HTTPS之自签名证书认证(一)
- Android HTTPS之自签名证书认证(二)
- 客户端认证自签名HTTPS证书
- Android实现https单双向认证及自签名证书生成方法
- android https遇到自签名证书/信任证书
- Android Https证书认证
- Android HTTPS如何10分钟实现自签名SSL证书
- Android使用OkHttp访问自签名证书的Https接口
- Android 用自签名证书实现https请求
- Android开发WebView加载自签名认证的https网址
- 为你的android App实现自签名的ssl证书(https)
- 为你的android App实现自签名的ssl证书(https)
- Cordova下自签名证书无法访问https问题(IOS和Android)
- TOMCAT 制作自签名 SSL(https) 证书
- iOS: HTTPS 与自签名证书
- iOS: HTTPS 与自签名证书
- iOS: HTTPS 与自签名证书
- Hadoop压缩
- UVA 439--Knight Moves
- CDH 的Cloudera Manager免费与收费版的对比表
- selenium+python自动化基础(定位元素...等)
- 在android平台上如何使用libdvbpsi
- Android HTTPS之自签名证书认证(三)
- Android中SAX解析XML
- Tuxera NTFS年终钜惠降临
- 利用PS快速去除图片中的红章子
- linux用户切换
- HDU 4506 小明系列故事——师兄帮帮忙【思维 快速幂 同余定理】
- win10下安装TensorFlow
- Lucene_简介
- 深入理解 PHP 之:Nginx 与 FPM 的工作机制