Retrofit +Okhttp 的Https校验

准备工作

 1)电脑支持keytool命令（自行百度）
 2）下载bcprov-jdk16-146.jar
 3）server develper 提供自签名的证书server.cer
 4) server.cer 转 server.bks

bcprov-jdk16-146.jar 和server.cer放在同一个文件夹中，在该文件夹中打开cmd，执行：

keytool -importcert -v -trustcacerts -file “server.cer” -alias server_alias -keystore “server.bks” -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath “bcprov-jdk16-146.jar” -storetype BKS -storepass password

注意：bcprov-jdk16-146.jar版本不一样的修改命令，password 是自己设置的校验密码。

开发

1)server.bks放在raw文件夹下面。
2）创建SslSocketClient类

package xxx;
import android.content.Context;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
/**
 * Created by wxa.
 * 忽略https证书验证
 */
public class SslSocketClient {
    /**
     * 获取bks文件的sslsocketfactory.
     *
     * @param context c
     * @return s
     */
    public static SSLSocketFactory getSslSocketFactory(Context context) {
  //信任证书密码，就是server.cer转成server.bks时指定的password
        final String client_trust_password = "password";
        final String serverUrl = "192.168.1.1";//自己服务器的IP
        final String client_agreement = "TLS";//使用协议
        final String client_trust_keystore = "BKS";
        SSLContext sslContext = null;
        try {
            //取得SSL的SSLContext实例
            sslContext = SSLContext.getInstance(client_agreement);
            //取得TrustManagerFactory的X509密钥管理器实例
            TrustManagerFactory trustManager = TrustManagerFactory
                    .getInstance(TrustManagerFactory.getDefaultAlgorithm());
            //取得BKS密库实例
            KeyStore tks = KeyStore.getInstance(client_trust_keystore);
            InputStream is = context.getResources().openRawResource(R.raw.server);
            try {
                tks.load(is, client_trust_password.toCharArray());
            } finally {
                is.close();
            }
            //初始化密钥管理器
            trustManager.init(tks);
            //初始化SSLContext
            sslContext.init(null, trustManager.getTrustManagers(), null);
        } catch (Exception ex) {
            ex.printStackTrace();
            LogUtils.dTag("SslContextFactory", ex.getMessage());
        }
        return sslContext.getSocketFactory();
    }

    /**
     * 获取HostnameVerifier.
     *
     * @return h
     */
    public static HostnameVerifier getHostnameVerifier() {
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                if (s.equals(serverUrl)) {
                    return true;
                }
                return false;
            }
        };
        return hostnameVerifier;
    }
}

3)Retrofit 中的代码

        //网络请求 Retrofit2
        client = new OkHttpClient.Builder()
                .connectTimeout(MAXTIME, TimeUnit.SECONDS)
                .readTimeout(MAXTIME, TimeUnit.SECONDS)
                .writeTimeout(MAXTIME, TimeUnit.SECONDS)
                .addInterceptor(loggingInterceptor)
           .sslSocketFactory(SslSocketClient.getSslSocketFactory(ActivityUtils.getTopActivity()))
                .hostnameVerifier(SslSocketClient.getHostnameVerifier())
                .addInterceptor(new RequestInterceptor())
                .build();

关键代码：

.sslSocketFactory(SslSocketClient.getSslSocketFactory(ActivityUtils.getTopActivity()))
.hostnameVerifier(SslSocketClient.getHostnameVerifier())