Android 4.x 支持HTTPS请求
定义 SSLSocketFactoryCompat,在创建 Socket 的时候如果是 4.x 的设备则启用 TLSv1.2
import android.os.Build;
import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
public class SSLSocketFactoryCompat extends SSLSocketFactory{
private static final String[] TLS_V12_ONLY = {"TLSv1.2"};
private final SSLSocketFactory delegate;
public SSLSocketFactoryCompat() throws KeyManagementException, NoSuchAlgorithmException {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, null, null);
delegate = sc.getSocketFactory();
}
public SSLSocketFactoryCompat(SSLSocketFactory delegate) {
if (delegate == null) {
throw new NullPointerException();
}
this.delegate = delegate;
}
@Override
public String[] getDefaultCipherSuites() {
return delegate.getDefaultCipherSuites();
}
@Override
public String[] getSupportedCipherSuites() {
return delegate.getSupportedCipherSuites();
}
private Socket enableTls12(Socket socket) {
if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 20) {
if (socket instanceof SSLSocket) {
((SSLSocket) socket).setEnabledProtocols(TLS_V12_ONLY);
}
}
return socket;
}
@Override
public Socket createSocket(Socket s, String host, int port, boolean autoClose) throws IOException {
return enableTls12(delegate.createSocket(s, host, port, autoClose));
}
@Override
public Socket createSocket(String host, int port) throws IOException {
return enableTls12(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(String host, int port, InetAddress localHost, int localPort) throws IOException {
return enableTls12(delegate.createSocket(host, port, localHost, localPort));
}
@Override
public Socket createSocket(InetAddress host, int port) throws IOException {
return enableTls12(delegate.createSocket(host, port));
}
@Override
public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException {
return enableTls12(delegate.createSocket(address, port, localAddress, localPort));
}
}
如果客户端自己有提供 SSLSocketFactory 的情况(比如,客户端加载自己的证书会提供 SSLSocketFactory),则使用 SSLSocketFactoryCompat 包裹自身的 SSLSocketFactory 然后进行设置,如果没有的话,则使用 SSLSocketFactoryCompat 的无参构造函数。
上述类可以用于 OkHttp,也可用于其他 HTTPS 需要设置 SSLSocketFactory 的情况。
OkHttp 使用
// 自己不提供额外证书的情况
public static OkHttpClient getOkHttpClient() {
OkHttpClient.Builder builder = new OkHttpClient.Builder();
try {
SSLSocketFactory factory = new SSLSocketFactoryCompat();
builder.sslSocketFactory(factory);
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return builder.build();
}
提供额外证书的情况:
// 测试在assets目录下包含了gank.cer证书,你可以根据自己的情况处理
private static OkHttpClient getOkHttpClientSSL() {
OkHttpClient.Builder builder = new OkHttpClient.Builder();
InputStream cerInputStream;
try {
cerInputStream = App.getInstance().getAssets().open("gank.cer");
SSLSocketFactory socketFactory = getSocketFactory(cerInputStream);
builder.sslSocketFactory(new SSLSocketFactoryCompat(socketFactory));
} catch (IOException e) {
e.printStackTrace();
}
return builder.build();
}
// 根据证书生成SSLSocketFactory,支持多个证书
private static SSLSocketFactory getSocketFactory(InputStream... certificates) {
KeyStore keyStore;
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} finally {
for (InputStream certificate : certificates) {
try {
certificate.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
return null;
}
HttpsURLConnection 简单测试
new Thread(new Runnable() {
@Override
public void run() {
try {
URL url = new URL("https://gank.io/api/today");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
connection.setSSLSocketFactory(new SSLSocketFactoryCompat());
InputStream inputStream = connection.getInputStream();
String result = IoUtils.readAllChars(new InputStreamReader(inputStream));
LogUtils.json(result);
inputStream.close();
} catch (MalformedURLException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
}
}).start();
- 原文作者:知识铺
- 原文链接:https://geek.zshipu.com/post/android/Android-4.x-%E6%94%AF%E6%8C%81HTTPS%E8%AF%B7%E6%B1%82/
- 版权声明:本作品采用知识共享署名-非商业性使用-禁止演绎 4.0 国际许可协议进行许可,非商业转载请注明出处(作者,原文链接),商业转载请联系作者获得授权。
- 免责声明:本页面内容均来源于站内编辑发布,部分信息来源互联网,并不意味着本站赞同其观点或者证实其内容的真实性,如涉及版权等问题,请立即联系客服进行更改或删除,保证您的合法权益。转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。也可以邮件至 sblig@126.com