Mak*_*man 6 java ssl android okhttp
我正在尝试制作 Android 应用程序,我可以在其中获取和解析 HTML(来自没有 API 的站点)。我正在使用 OkHttp。该站点具有不受信任(但有效)的证书。我正进入(状态:
java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
我已经设置了官方方式(https://developer.android.com/training/articles/security-ssl#java),现在我需要将它与 OkHttpClient 链接。
我试过
OkHttpClient client = new OkHttpClient;
OkHttpClient.Builder builder = client.newBuilder();
builder.sslSocketFactory(sslcontext.getSocketFactory()).build();
但它不起作用,而且它已被弃用。谢谢
Yur*_*mke 12
请参阅此文档示例以添加已知的受信任证书
public CustomTrust() {
X509TrustManager trustManager;
SSLSocketFactory sslSocketFactory;
try {
trustManager = trustManagerForCertificates(trustedCertificatesInputStream());
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] { trustManager }, null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
client = new OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.build();
}
Luc*_*tti -3
仅用于调试。使用此代码意味着信任任何证书,这与根本不使用 https 一样好。
您需要使用sslSocketFactory(SSLSocketFactory sslSocketFactory, X509TrustManager trustManager)未弃用的。
使用此变量(这会创建一个不验证证书链的信任管理器):
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
sslSocketFactory()并以这种方式传递:
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager)trustAllCerts[0]);
还应用此来验证每个主机:
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
| 归档时间: |
|
| 查看次数: |
9904 次 |
| 最近记录: |