OkHttp 处理Https问题

onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
在之前接入php接口时是http没有任何问题完美跑通
但在正式环境下域名切换到https下就会出现一个异常
onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我以为是后台配置的ssl问题   我在项目中assets下也配置了ssl并在OkHttp下设置了路径
public static SSLSocketFactory getSslSocketFactory() {
     
        SSLContext sslContext = null;
        try {
     
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            Certificate ca;
            InputStream certificates = null;
            try {
     
                certificates = MyApplication.APP.getAssets().open("cmzk.cer");
                ca = certificateFactory.generateCertificate(certificates);
            } finally {
     
                if (certificates != null) {
     
                    certificates.close();
                }
            }
            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);
            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);
            sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, tmf.getTrustManagers(), null);
        } catch (Exception e) {
     
            e.printStackTrace();
        }
        return sslContext != null ? sslContext.getSocketFactory() : null;


    }

在创建OkHttp实例时配置ssl证书,发现并没任何用还是会抛出ssl异常

okHttpClient = new OkHttpClient.Builder()
                .connectTimeout(CON_TIME, TimeUnit.SECONDS)
                .readTimeout(READ_TIME, TimeUnit.SECONDS)
                .writeTimeout(WRITE_TIME, TimeUnit.SECONDS)
                .addNetworkInterceptor(internateInttercepter)
                .addInterceptor(appInterceptor)
                .sslSocketFactory(getSslSocketFactory())//设置https证书
                .hostnameVerifier(new HostnameVerifier() {
     
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
     
                        return true;
                })
                .cache(cache)
                .build();
到这里就很神奇了?
我没有配置ssl也会异常,我配置了还会异常  ****(口吐芬芳)
后来发现OkHttp默认验证SSL  那么给他关掉不久好了(想法 idea)
private SSLSocketFactory createSSLSocketFactory() {
     
        SSLSocketFactory ssfFactory = null;
        try {
     
            MyTrustManager mMyTrustManager = new MyTrustManager();
            SSLContext sc = SSLContext.getInstance("TLS");
            sc.init(null, new TrustManager[]{
     mMyTrustManager}, new SecureRandom());
            ssfFactory = sc.getSocketFactory();
        } catch (Exception ignored) {
     
            ignored.printStackTrace();
        }

        return ssfFactory;
    }
    //实现X509TrustManager接口
    public static class MyTrustManager implements X509TrustManager {
     
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
     
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
     
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
     
            return new X509Certificate[0];
        }
    }
        okHttpClient = new OkHttpClient.Builder()
                .connectTimeout(CON_TIME, TimeUnit.SECONDS)
                .readTimeout(READ_TIME, TimeUnit.SECONDS)
                .writeTimeout(WRITE_TIME, TimeUnit.SECONDS)
                .addNetworkInterceptor(internateInttercepter)
                .addInterceptor(appInterceptor)
//                .sslSocketFactory(getSslSocketFactory())//设置https证书
                .sslSocketFactory(createSSLSocketFactory())//忽略ssl验证
                .hostnameVerifier(new HostnameVerifier() {
     
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
     
                        return true;
                    }
                })
                .cache(cache)
                .build();
测试完美跑通!
*注意 Retrofit也是一样哦

针对https的处理,目前主要有两种方式:
客户端默认信任全部证书
对自签名网址进行证书的单独处理

你可能感兴趣的:(android,https,ssl,java)