okhttp作为Android主要的网络请求框架之一,对okhttp的使用介绍网上资料也是一堆一堆的。
okhttp一个简单的网络请求:
Request request = new Request.Builder().get().url("https://www.baidu.com").build();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
OkHttpClient client = builder.build();
client.newCall(request).enqueue(new Callback() {
@Override
public void onFailure(Call call, IOException e) {
}
@Override
public void onResponse(Call call, Response response) throws IOException {
}
});
这段代码没啥技术难度。
在开发中,为了网络安全,一般会使用https,数字验证,加强网络安全。
okhttp提供了sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)方法,验证数字签名。
我先获取数字证书,这里使用百度数字证书。
获取到证书,把证书拷贝到asset文件下。
private SSLSocketFactory getSSLSocketFactory() throws NoSuchAlgorithmException, KeyManagementException { SSLContext context = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = {new MyX509TrustManager()}; context.init(null, trustManagers, new SecureRandom()); return context.getSocketFactory(); }
private class MyX509TrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { if (chain == null) { throw new CertificateException("checkServerTrusted: X509Certificate array is null"); } if (chain.length < 1) { throw new CertificateException("checkServerTrusted: X509Certificate is empty"); } if (!(null != authType && authType.equals("ECDHE_RSA"))) { throw new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA"); } //检查所有证书 try { TrustManagerFactory factory = TrustManagerFactory.getInstance("X509"); factory.init((KeyStore) null); for (TrustManager trustManager : factory.getTrustManagers()) { ((X509TrustManager) trustManager).checkServerTrusted(chain, authType); } } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } //获取本地证书中的信息 String clientEncoded = ""; String clientSubject = ""; String clientIssUser = ""; try { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); InputStream inputStream = getAssets().open("baidu.cer"); X509Certificate clientCertificate = (X509Certificate) certificateFactory.generateCertificate(inputStream); clientEncoded = new BigInteger(1, clientCertificate.getPublicKey().getEncoded()).toString(16); clientSubject = clientCertificate.getSubjectDN().getName(); clientIssUser = clientCertificate.getIssuerDN().getName(); } catch (IOException e) { e.printStackTrace(); } //获取网络中的证书信息 X509Certificate certificate = chain[0]; PublicKey publicKey = certificate.getPublicKey(); String serverEncoded = new BigInteger(1, publicKey.getEncoded()).toString(16); if (!clientEncoded.equals(serverEncoded)) { throw new CertificateException("server's PublicKey is not equals to client's PublicKey"); } String subject = certificate.getSubjectDN().getName(); if (!clientSubject.equals(subject)) { throw new CertificateException("server's subject is not equals to client's subject"); } String issuser = certificate.getIssuerDN().getName(); if (!clientIssUser.equals(issuser)) { throw new CertificateException("server's issuser is not equals to client's issuser"); } } @Override public X509Certificate[] getAcceptedIssuers() { return new X509Certificate[0]; } }
代码中使用 builder.sslSocketFactory(getSSLSocketFactory(), new MyX509TrustManager())启用数字证书验证
转载请说明出处:https://mp.csdn.net/postedit/80245887