android Retrofit 配置https证书

使用环境:

       1 不愿项目数据外泄使用了https,

       2 讲cer证书转换成了bks文件,并存放只assets文件下

       3 

       if ( 联网方法不是retrofit  2.0 以上){

            return;

       }

       其他没什么限制,这篇也就是特例特讲。

使用方法:

  OkHttpClient sOkHttpClient = new OkHttpClient.Builder()
                .cookieJar(new CookieJarImpl(new PersistentCookieStore(Utils.getContext())))
                .addInterceptor(new BaseInterceptor(headers))
                .addInterceptor(new CacheInterceptor(Utils.getContext()))
                .addInterceptor(new LoggingInterceptor
                        .Builder()//构建者模式
                        .loggable(BuildConfig.DEBUG) //是否开启日志打印
                        .setLevel(Level.BASIC) //打印的等级
                        .log(Platform.INFO) // 打印类型
                        .request("Request") // request的Tag
                        .response("Response")// Response的Tag
                        .addHeader("log-header", "I am the log request header.") // 添加打印头, 注意 key 和 value 都不能是中文
                        .build()
                )
                .connectTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .writeTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .readTimeout(DEFAULT_TIMEOUT, TimeUnit.SECONDS)
                .connectionPool(new ConnectionPool(3, 2, TimeUnit.MINUTES))
                .build();

        HostnameVerifier hv1 = new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        };

        //通过反射拿到okhttpClient 对象,给sslParams的SSLSocketFactory赋值
        String workerClassName = "okhttp3.OkHttpClient";
        try {
            Class workerClass = Class.forName(workerClassName);
            Field hostnameVerifier = workerClass.getDeclaredField("hostnameVerifier");
            hostnameVerifier.setAccessible(true);
            hostnameVerifier.set(sOkHttpClient, hv1);
                
            Field sslSocketFactory = workerClass.getDeclaredField("sslSocketFactory");
            sslSocketFactory.setAccessible(true);
            //主要就是这一步
            //utils.getContext() 就是当前上下文对象
            //SSLSocketFactoryUtils代码在下面            sslSocketFactory.set(sOkHttpClient,SSLSocketFactoryUtils.getSSLSocketFactory(Utils.getContext()));
        } catch (Exception e) {
            e.printStackTrace();
        }

        retrofit = new Retrofit.Builder()
                .addConverterFactory(GsonConverterFactory.create())
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())
                .baseUrl(url)
                .client(sOkHttpClient)
                .build();

SSLSocketFactoryUtils代码:


public class SSLSocketFactoryUtils {

    /**
     * 获取bks文件的sslsocketfactory
     *
     * @param context
     * @return
     */
    public static SSLSocketFactory getSSLSocketFactory(Context context) {
        final String CLIENT_TRUST_PASSWORD = "123456";//信任证书密码,该证书默认密码是123456
        final String CLIENT_AGREEMENT = "TLS";//使用协议
        final String CLIENT_TRUST_KEYSTORE = "BKS";
        SSLContext sslContext = null;
        try {
            //取得SSL的SSLContext实例
            sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);
            //取得TrustManagerFactory的X509密钥管理器实例
            TrustManagerFactory trustManager = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            //取得BKS密库实例
            KeyStore tks = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);
            InputStream is = context.getResources().openRawResource(R.raw.shiqin);
            try {
                tks.load(is, CLIENT_TRUST_PASSWORD.toCharArray());
            } finally {
                is.close();
            }
            //初始化密钥管理器
            trustManager.init(tks);
            //初始化SSLContext
            sslContext.init(null, trustManager.getTrustManagers(), null);
            LogUtils.e("携带证书发送请求");
        } catch (Exception e) {
            e.printStackTrace();
            LogUtils.e("证书解析出问题");
            Log.e("SslContextFactory-->", e.getMessage());
        }
        return sslContext.getSocketFactory();
    }

}

 

集成报错:

​​​​Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:229)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:319)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:283)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:168)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.logging.LoggingInterceptor.intercept(LoggingInterceptor.java:75)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.CacheInterceptor.intercept(CacheInterceptor.java:31)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.kjq.common.utils.network.http.interceptor.BaseInterceptor.intercept(BaseInterceptor.java:32)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:254)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at okhttp3.RealCall.execute(RealCall.java:92)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.OkHttpCall.execute(OkHttpCall.java:180)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.adapter.rxjava2.CallExecuteObservable.subscribeActual(CallExecuteObservable.java:42)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Observable.subscribe(Observable.java:12246)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at retrofit2.adapter.rxjava2.BodyObservable.subscribeActual(BodyObservable.java:34)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Observable.subscribe(Observable.java:12246)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.Scheduler$DisposeTask.run(Scheduler.java:578)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.FutureTask.run(FutureTask.java:266)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:301)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
2020-06-18 12:46:51.004 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at java.lang.Thread.run(Thread.java:764)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err: Caused by: java.security.cert.CertificateException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.verifyChain(TrustManagerImpl.java:661)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:539)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrustedRecursive(TrustManagerImpl.java:605)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:495)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.checkTrusted(TrustManagerImpl.java:418)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.TrustManagerImpl.getTrustedChainForServer(TrustManagerImpl.java:339)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at android.security.net.config.NetworkSecurityTrustManager.checkServerTrusted(NetworkSecurityTrustManager.java:94)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at android.security.net.config.RootTrustManager.checkServerTrusted(RootTrustManager.java:88)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.Platform.checkServerTrusted(Platform.java:208)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.verifyCertificateChain(ConscryptFileDescriptorSocket.java:404)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.NativeCrypto.SSL_do_handshake(Native Method)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.NativeSsl.doHandshake(NativeSsl.java:375)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err:     at com.android.org.conscrypt.ConscryptFileDescriptorSocket.startHandshake(ConscryptFileDescriptorSocket.java:224)
2020-06-18 12:46:51.005 31586-31586/com.fanfareknowledge.pickupkinsfolk W/System.err: 	... 42 more

是的,就是这个报错:SSLHandshakeException

自此开始百度:

https://www.jianshu.com/p/64172ccfb73b

https://www.jianshu.com/p/995c0c7c8875

……

很多,但依然无效。

偶然一片博客指出retrofit 2.0以上,重写SSLContext的SSLSocketFactory  和TrustManager是无效的,

只能通过反射原理是retrofit默认信任全部证书。

至此,降低了retorfit的版本为1.9,在这个基础上使用其他常规的方法重写SSLSocketFactory就可以实现抓包时抓不到联网交互数据。

常规防范很多,retrofit 2.0版本也更新了不少东西,相比较以前更好用了很多。希望有关于retrofit2.0以上版本的cer证书配置方法更早接触…

 

更多讨论欢迎来询: 88627109

 

 

 

 

 

 

 

 

 

 

你可能感兴趣的:(日记,工作总结)