anagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
public void setTrustrCertificates(InputStream in)
{
mTrustrCertificate=in;
}
public InputStream getTrustrCertificates()
{
return mTrustrCertificate;
}
public OkHttpClient build()
{
OkHttpClient okHttpClient=null;
if(getTrustrCertificates()!=null)
{
X509TrustManager trustManager;
SSLSocketFactory sslSocketFactory;
try {
trustManager = trustManagerForCertificates(getTrustrCertificates());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { trustManager }, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
okHttpClient=new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.build();
}
else
{
okHttpClient=new OkHttpClient.Builder()
.build();
}
return okHttpClient;
}
}
代码解释
代码不少,其实最核心的代码为:
public OkHttpClient build()
{
.......
trustManager = trustManagerForCertificates(getTrustrCertificates());
.......
okHttpClient=new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.build();
..........
return okHttpClient;
}
也就是通过
void setTrustrCertificates(InputStream in)
把自己的证书对应的文件set进去
然后通过
trustManager =trustManagerForCertificates(getTrustrCertificates());
再
okHttpClient=new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.build();
就能生成安装好了可信任证书的okHttpClient
OkhttpManager说完了,接下来,就是:
Activity中使用OkhttpManager
1:先把公钥证书文件(如:自签名的mycer.cer或CA证书的:*.pem)放到assets下,
如果使用AndroidStudio的同学,可能没有assets文件夹,自己建此文件夹,如我的为:app\src\main\assets
2:直接贴Activity主要的代码:
public class MyActivity extends AppCompatActivity {
@Override
protected void onCreate(@Nullable Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
try {
OkhttpManager.getInstance().setTrustrCertificates(getAssets().open("mycer.cer");
OkHttpClient mOkhttpClient= OkhttpManager.getInstance().build();
} catch (IOException e) {
e.printStackTrace();
}
}
简单吧,主要代码就那两句,就生成了已安装公钥证书”mycer.cer”的mOkhttpClient
接下来的mOkhttpClient怎样使用,大家都应该清楚了吧,如果不清楚只能看OkHttpClient的基础内容了
好了,OkHttpClient搞掂了
接下来就到Retrofit了
大家应该知到Retrofit默认是以OkHttpClient来作为传输的,既然OkHttpClient搞掂了,那Retrofit就简单了
还是直接贴代码:
Retrofit retrofit = new Retrofit.Builder()
.client(mOkhttpClient)
.baseUrl("your_serverl_url")
.build();
看,只需在Retrofit中多加一句
.client(mOkhttpClient)
就把已安装了证书的mOkhttpClient作为Retrofit的传输了
更多内容,请关注微信公众号:颜家大少
?