Https 忽略证书验证

1、Https证书验证失败,异常信息:

Trust anchor for certification path not found.

Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
        at com.android.org.conscrypt.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:361)
        at com.android.okhttp.Connection.connectTls(Connection.java:235)
        at com.android.okhttp.Connection.connectSocket(Connection.java:199)
        at com.android.okhttp.Connection.connect(Connection.java:172)
        at com.android.okhttp.Connection.connectAndSetOwner(Connection.java:367)
        at com.android.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:130)
        at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:330)
        at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:247)

2、忽略证书代码:

CropUtil.java

public static SSLSocketFactory getUnsafeSslSocketFactory(){
        try {
            final TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return new java.security.cert.X509Certificate[]{};
                        }
                    }
            };

            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

            return sslContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

TrustAllHostnameVerifier.kt

import javax.net.ssl.HostnameVerifier
import javax.net.ssl.SSLSession

class TrustAllHostnameVerifier : HostnameVerifier {
    override fun verify(hostname: String?, session: SSLSession?): Boolean {
        return true
    }
}

3、使用:

ExoPlayer播放器忽略Https验证(HttpsURLConnection):

override fun onCreate(savedInstanceState: Bundle?) {
    HttpsURLConnection.setDefaultSSLSocketFactory(CropUtil.getUnsafeSslSocketFactory())
    HttpsURLConnection.setDefaultHostnameVerifier(TrustAllHostnameVerifier())
}

Retrofit2中使用:


OkHttpClient client = new OkHttpClient();

// 自定义SSLSocket, 忽略验证客户端和服务端证书。
client.setSslSocketFactory(sslSocketFactory);
// 信任手机所有CA证书
client.setHostnameVerifier(TrustAllHostnameVerifier());
// client.hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)

Retrofit retrofit = new Retrofit.Builder().baseUrl(ApiManager.SERVICE_ENDPOINT)
		.addConverterFactory(GsonConverterFactory.create())
		.addCallAdapterFactory(RxJavaCallAdapterFactory.create()).client(client).build();

4、OKHTTP sslSocketFactory() 过期

Using ‘sslSocketFactory(SSLSocketFactory): OkHttpClient.Builder’ is an error

报错:clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 9+

JDK升级后,OKHTTP sslsocketfactory 过期,原因是单参数的 构造函数 被弃用。

OkHttpClient clinet = new OkHttpClient.Builder()
    .sslSocketFactory(sslSocketFactory, trustManager)
    .build();

解决方案:

public class HttpsUtil{
 
    //获取这个SSLSocketFactory
    public static SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, getTrustManager(), new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
 
    //获取TrustManager
    private static TrustManager[] getTrustManager() {
        return new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) {
                    }
 
                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) {
                    }
 
                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[]{};
                    }
                }
        };
    }
 
    //获取HostnameVerifier
    public static HostnameVerifier getHostnameVerifier() {
        return (s, sslSession) -> true;
    }
 
    public static X509TrustManager getX509TrustManager() {
        X509TrustManager trustManager = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            trustManager = (X509TrustManager) trustManagers[0];
        } catch (Exception e) {
            e.printStackTrace();
        }
 
        return trustManager;
    }
}

调用实例:

 final OkHttpClient okHttpClient = new OkHttpClient.Builder()
            .readTimeout(60, TimeUnit.SECONDS)
            .connectTimeout(60, TimeUnit.SECONDS)
            // 自定义SSLSocket, 忽略验证客户端和服务端证书。
//            .sslSocketFactory(HttpsUtil.getSSLSocketFactory())
            .sslSocketFactory(HttpsUtil.getSSLSocketFactory(), HttpsUtil.getX509TrustManager())
            // 信任手机所有CA证书
            .hostnameVerifier(HttpsUtil.getHostnameVerifier())
//                .hostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)
            .build();

你可能感兴趣的:(代码块,Retrofit2,https,android,java,忽略证书)