OKhttp实现自签名https请求

项目需求改变，需要更加安全的网络请求，然后就需要我们在android客户端实现单向认证请求。

直接上代码

---

public class OkHttpsManager {

// public static int REQ_TYPE = 3; // 1:http 2:https 3:https clientCA

private static String clientP12 = "www/client.p12";

// private static String p12Pwd="citicbank"; //测试密码 citicbank

//你的密码

private static String p12Pwd = "citicbank@"; // citicbank@ 正式密码

private static OkHttpsManager manager;

private OkHttpsManager(){}

public static OkHttpsManager getInstance(){

if(manager==null){

synchronized (OkHttpsManager.class) {

if(manager==null){

manager=new OkHttpsManager();

}

}

}

return manager;

}

/**

* 客户单证书 被 Okhttp 使用

*

* @return

* @throws Exception

*/

public  OkHttpClient mytrust()throws Exception{

  javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

  Log.e("sslt",trustAllCerts.length+"");

        javax.net.ssl.TrustManager tm = new miTM();

        trustAllCerts[0] = tm;

        javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");

        //客户端证书

        KeyManager[] clientkeyManagers =getClientKeyManager();

        sc.init(clientkeyManagers, trustAllCerts, null);

        OkHttpClient client = new OkHttpClient.Builder()

.connectTimeout(10, TimeUnit.SECONDS)

.sslSocketFactory(sc.getSocketFactory())

.readTimeout(5, TimeUnit.SECONDS).build();

        return client;

  }

public KeyManager[] getClientKeyManager() throws Exception {

// -----------客观端证书-----------------

KeyManager[] clientkeyManagers = null;

if (SwpConfig.REQ_TYPE == 3) {

try {

char[] pwd = p12Pwd.toCharArray();

KeyStore keyStore = KeyStore.getInstance("PKCS12");

InputStream astream = SwpConfig.getAppContext().getAssets()

.open(clientP12);

keyStore.load(astream, pwd);

KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");

kmf.init(keyStore, pwd);

clientkeyManagers = kmf.getKeyManagers();

Log.e("ssl",clientkeyManagers.length+"");

} catch (Exception e) {

}

}

if(clientkeyManagers==null){

throw new IllegalAccessError("clientkeymanagers do not null");

}

return clientkeyManagers;

}

  static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {

      public java.security.cert.X509Certificate[] getAcceptedIssuers() {

          return new X509Certificate[0];

      }

      public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {

          return true;

      }

      public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {

          return true;

      }

      public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)

              throws java.security.cert.CertificateException {

          return;

      }

      public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)

              throws java.security.cert.CertificateException {

          return;

      }

}

}

---

你可以直接把以上的代码复制到你的应用中，但是有些地方需要你注意一下

你要改的就是这两个代码，第一个参数是你你们公司自签名的文件在你项目的哪个位置

第二个参数是 你们公司签名的密码

注意：我的签名文件是.p12，如果你的不是，那可以参考一下其它人的代码。我对这个原理也不是很懂。只是实现了公司的需求。