幸亏通过一个朋友找到了以下这个简便的开源库
https://github.com/lizhangqu/CoreUtil
然后用里面的SSLUtil,10分钟就解决了。
实现自签名SSL证书
1.访问以上开源库网址下载SSLUtil
2.把服务器生成的自签名证书cer文件放到在assets目录下,这里以demo.cer做示范
3.初始化SSLSocketFactory
在http请求类的constructor中添加以下代码,这里以HttpRequest做示范
socketFactory = SSLUtil.getSSLSocketFactory(context.getAssets().open("demo.cer"));
4.添加信任https证书
在new OKHttpClient后添加以下代码
if (url.startsWith("https://") && socketFactory != null) {
client.setSslSocketFactory(socketFactory);
}
以上这几步就是全部步骤了,如果你还是觉得麻烦,推荐使用Android-ZBLibray这个Android快速开发框架,里面自签名已全部封装好,只需替换下demo.cer文件即可。
Android快速开发框架-ZBLibrary 源码下载地址如下:
https://github.com/TommyLemon/Android-ZBLibrary
下面是sslutis
packagezafu.edu.cn.coreutil;
importjava.io.IOException;
importjava.io.InputStream;
importjava.security.KeyStore;
importjava.security.KeyStoreException;
importjava.security.NoSuchAlgorithmException;
importjava.security.SecureRandom;
importjava.security.UnrecoverableKeyException;
importjava.security.cert.CertificateException;
importjava.security.cert.CertificateFactory;
importjavax.net.ssl.KeyManager;
importjavax.net.ssl.KeyManagerFactory;
importjavax.net.ssl.SSLContext;
importjavax.net.ssl.SSLSocketFactory;
importjavax.net.ssl.TrustManagerFactory;
/**
* Https 证书工具类
* User:lizhangqu([email protected])
* Date:2015-09-02
* Time: 12:52
*/
publicclassSSLUtil{
//使用命令keytool -printcert -rfc -file srca.cer 导出证书为字符串,然后将字符串转换为输入流,如果使用的是okhttp可以直接使用new Buffer().writeUtf8(s).inputStream()
/**
* 返回SSLSocketFactory
*
* @param certificates 证书的输入流
* @return SSLSocketFactory
*/
publicstaticSSLSocketFactorygetSSLSocketFactory(InputStream...certificates) {
returngetSSLSocketFactory(null,certificates);
}
/**
* 双向认证
* @param keyManagers KeyManager[]
* @param certificates 证书的输入流
* @return SSLSocketFactory
*/
publicstaticSSLSocketFactorygetSSLSocketFactory(KeyManager[]keyManagers,InputStream...certificates) {
try{
CertificateFactorycertificateFactory=CertificateFactory.getInstance("X.509");
KeyStorekeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
intindex=0;
for(InputStreamcertificate:certificates) {
StringcertificateAlias=Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
try{
if(certificate!=null)
certificate.close();
}catch(IOExceptione) {
}
}
SSLContextsslContext=SSLContext.getInstance("TLS");
TrustManagerFactorytrustManagerFactory=TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(),newSecureRandom());
SSLSocketFactorysocketFactory=sslContext.getSocketFactory();
returnsocketFactory;
}catch(Exceptione) {
e.printStackTrace();
}
returnnull;
}
/**
* 获得双向认证所需的参数
* @param bks bks证书的输入流
* @param keystorePass 秘钥
* @return KeyManager[]对象
*/
publicstaticKeyManager[]getKeyManagers(InputStreambks,StringkeystorePass) {
KeyStoreclientKeyStore=null;
try{
clientKeyStore=KeyStore.getInstance("BKS");
clientKeyStore.load(bks, keystorePass.toCharArray());
KeyManagerFactorykeyManagerFactory=KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientKeyStore, keystorePass.toCharArray());
KeyManager[] keyManagers=keyManagerFactory.getKeyManagers();
returnkeyManagers;
}catch(KeyStoreExceptione) {
e.printStackTrace();
}catch(UnrecoverableKeyExceptione) {
e.printStackTrace();
}catch(CertificateExceptione) {
e.printStackTrace();
}catch(NoSuchAlgorithmExceptione) {
e.printStackTrace();
}catch(IOExceptione) {
e.printStackTrace();
}
returnnull;
}
}