新建HttpCertUtils.java文件,在Android项目任意位置即可
import android.content.Context;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
public class HttpCertUtils {
//信任所有证书
public static void setTrustAllCertificate(OkHttpClient.Builder okHttpClientBuilder) {
try {
SSLContext sc = SSLContext.getInstance("TLS");
X509TrustManager trustAllManager =new X509TrustManager() {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
};
sc.init(null,new TrustManager[]{trustAllManager},new SecureRandom());
okHttpClientBuilder.sslSocketFactory(sc.getSocketFactory(), trustAllManager);
okHttpClientBuilder.hostnameVerifier((hostname, session) ->true);
}catch (Exception e) {
e.printStackTrace();
}
}
//只信任指定证书(传入字符串)
public static void setCertificate(Context context, OkHttpClient.Builder okHttpClientBuilder, String cerStr) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
ByteArrayInputStream byteArrayInputStream =new ByteArrayInputStream(cerStr.getBytes());
Certificate ca = certificateFactory.generateCertificate(byteArrayInputStream);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null,null);
keyStore.setCertificateEntry("ca", ca);
byteArrayInputStream.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(),new SecureRandom());
okHttpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0]);
okHttpClientBuilder.hostnameVerifier((hostname, session) ->true);
}catch (Exception e) {
e.printStackTrace();
}
}
//只信任指定证书(传入raw资源ID)
public static void setCertificate(Context context, OkHttpClient.Builder okHttpClientBuilder,int cerResID) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
InputStream inputStream = context.getResources().openRawResource(cerResID);
Certificate ca = certificateFactory.generateCertificate(inputStream);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null,null);
keyStore.setCertificateEntry("ca", ca);
inputStream.close();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(),new SecureRandom());
okHttpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0]);
okHttpClientBuilder.hostnameVerifier((hostname, session) ->true);
}catch (Exception e) {
e.printStackTrace();
}
}
//批量信任证书
public static void setCertificates(Context context, OkHttpClient.Builder okHttpClientBuilder,int... cerResIDs) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null,null);
for (int i =0; i < cerResIDs.length; i++) {
Certificate ca = certificateFactory.generateCertificate(context.getResources().openRawResource(cerResIDs[i]));
keyStore.setCertificateEntry("ca" + i, ca);
}
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(),new SecureRandom());
okHttpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) tmf.getTrustManagers()[0]);
okHttpClientBuilder.hostnameVerifier((hostname, session) ->true);
}catch (Exception e) {
e.printStackTrace();
}
}
}