https OkHttpClient 的使用
2018-05-08 09:20
253 查看
/* * Copyright (C) 2015 Square, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package com.cardvlaue.sys.util; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.util.Arrays; import java.util.Collection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import okhttp3.CertificatePinner; import okio.Buffer; public final class CustomTrust { public final X509TrustManager trustManager; public final SSLSocketFactory sslSocketFactory; public CustomTrust() { try { trustManager = trustManagerForCertificates(trustedCertificatesInputStream()); SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, new TrustManager[]{trustManager}, null); sslSocketFactory = sslContext.getSocketFactory(); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } } /** * Returns an input stream containing one or more certificate PEM files. This implementation just * embeds the PEM files in Java strings; most applications will instead read this from a resource * file that gets bundled with the application. */ private InputStream trustedCertificatesInputStream() { String myCertificationAuthority = "" + "-----BEGIN CERTIFICATE-----\n" + "MIICuDCCAiGgAwIBAgIJAIs736cLbpTUMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV\n" + "BAYTAkNOMREwDwYDVQQIDAhTaGFuZ2hhaTERMA8GA1UEBwwIU2hhbmdoYWkxEjAQ\n" + "BgNVBAoMCWNhcmR2YWx1ZTESMBAGA1UECwwJY2FyZHZhbHVlMRgwFgYDVQQDDA93\n" + "d3cuY3ZiYW9saS5jb20wHhcNMTYxMTI5MDIyMzA2WhcNMTgxMTI5MDIyMzA2WjB1\n" + "MQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5n\n" + "aGFpMRIwEAYDVQQKDAljYXJkdmFsdWUxEjAQBgNVBAsMCWNhcmR2YWx1ZTEYMBYG\n" + "A1UEAwwPd3d3LmN2YmFvbGkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" + "gQDN3qqFHz4cBw47OJ2EuY+I+eG+FtPg+obapM9YunHzIslP/ySOyb1Zec6LvxUQ\n" + "tJSbrM8FM1UEvWstDI6ZBZ6C62545oF0IS78PyvOBtJYRJY/x26LRUnlSDAoadJl\n" + "xVzThRc6VPhHugNVQQSt9WTzdzisA6uU+6dc3RAZkGSbQQIDAQABo1AwTjAdBgNV\n" + "HQ4EFgQUdESB48DPV3NnR4eQqt3gb008tzMwHwYDVR0jBBgwFoAUdESB48DPV3Nn\n" + "R4eQqt3gb008tzMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCZdkn3\n" + "xxn0lE2SKHE29zaMvSwOuzaVophRRGBiPH+h1BTL+Cf0ujzHyx3NVngHHXPxNWX8\n" + "ZgJRssytSVpdOY05Quw7G4CCyEg+6/RK/RBKluy6RcBkqedAqBbV2qw1wvRPDDGn\n" + "1mIVq+RRJDHXNTTI3nRfI6o+BpOojaTEKxG4gQ==\n" + "-----END CERTIFICATE-----"; return new Buffer() .writeUtf8(myCertificationAuthority) .inputStream(); } /** * Returns a trust manager that trusts {@code certificates} and none other. HTTPS services whose * certificates have not been signed by these certificates will fail with a {@code * SSLHandshakeException}. * <p> * <p>This can be used to replace the host platform's built-in trusted certificates with a custom * set. This is useful in development where certificate authority-trusted certificates aren't * available. Or in production, to avoid reliance on third-party certificate authorities. * <p> * <p>See also {@link CertificatePinner}, which can limit trusted certificates while still using * the host platform's built-in trust store. * <p> * <h3>Warning: Customizing Trusted Certificates is Dangerous!</h3> * <p> * <p>Relying on your own trusted certificates limits your server team's ability to update their * TLS certificates. By installing a specific set of trusted certificates, you take on additional * operational complexity and limit your ability to migrate between certificate authorities. Do * not use custom trusted certificates in production without the blessing of your server's TLS * administrator. */ private X509TrustManager trustManagerForCertificates(InputStream in) throws GeneralSecurityException { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in); if (certificates.isEmpty()) { throw new IllegalArgumentException("expected non-empty set of trusted certificates"); } // Put the certificates a key store. char[] password = "password".toCharArray(); // Any password will work. KeyStore keyStore = newEmptyKeyStore(password); int index = 0; for (Certificate certificate : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, certificate); } // Use it to build an X509 trust manager. KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers)); } return (X509TrustManager) trustManagers[0]; } private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException { try { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } } } [java] view plain copy /** * PHP 服务器 * <p/> * 默认超时时间 * * @return RequestService */ static RequestService newJsonClient() { CustomTrust ct = new CustomTrust(); OkHttpClient client = new OkHttpClient.Builder() .addInterceptor(chain -> { Request request = chain.request().newBuilder() .addHeader("X-CRM-Application-Id", RequestConstants.APPLICATION_ID) .addHeader("X-CRM-Version", RequestConstants.VERSION) .addHeader("Content-Type", RequestConstants.JSON_TYPE) .build(); return chain.proceed(request); }) .sslSocketFactory(ct.sslSocketFactory, ct.trustManager) .hostnameVerifier((s, sslSession) -> true) .build(); Retrofit retrofit = new Retrofit.Builder() .baseUrl(RequestConstants.BASE_URL) .client(client) .addConverterFactory(FastJsonConvertFactory.create()) .addCallAdapterFactory(RxJava2CallAdapterFactory.create()) .build(); return retrofit.create(RequestService.class); 4000 }
阅读更多
相关文章推荐
- https OkHttpClient 的使用
- OkHttpClient的使用方法
- OKHttpClient使用示例
- 使用Apache提供的HttpClient发送https请求
- 高效开发使用框架请求https(xutils3 Nohttp,OkhttpUtils(zhy))
- httpclient 无信任证书直接使用https含项目demo
- 使用 OKHttpClient的POST方式
- Android AsyncHttpClient https使用教程
- react-native 0.43 后如何使用自己的OkHttpClient
- httpclient4.x 使用连接池发送https请求使用总结
- okHttpClient get请求基本使用
- httpclient 无信任证书使用https
- httpclient 无信任证书使用https
- httpclient 无信任证书使用https
- 使用OkHttpClient处理json请求处理的方式
- OkHttpClient使用相关
- OKHttpClient使用示例
- 当我们使用OkHttpClient 的时候,增加自定InterCeptor 拦截器的时候需要注意
- OkHttpClient使用示例
- 在 IIS 6 和 IIS 7中配置Https,设置WCF同时支持HTTP和HTPPS,以及使用HttpWebRequest和HttpClient调用HttpS