一、HttpUrlConnection/HttpsUrlConnection
添加以下类,直接调用HTTPSTrustManager.allowAllSSL()
还一种方式是创建HttpURLConnection对象之后,直接设置urlConnection.setSSLSocketFactory和urlConnection.setHostnameVerifier
注意:
1)allowAllSSL()需要在openConnection()之前调用;
2)由于HttpUrlConnection是HttpsUrlConnection的父类,HTTPSTrustManager.allowAllSSL()适用于两种方式。
package com.hzsun.handpos.utils;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class HTTPSTrustManagerimplements X509TrustManager {
private static TrustManager[]trustManagers;
private static final X509Certificate[]_AcceptedIssuers =new X509Certificate[]{};
@Override
public void checkClientTrusted (
X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
// To change body of implemented methods use File | Settings | File
// Templates.
}
@Override
public void checkServerTrusted(
X509Certificate[] x509Certificates, String s)
throws java.security.cert.CertificateException {
// To change body of implemented methods use File | Settings | File
// Templates.
}
@Override
public X509Certificate[]getAcceptedIssuers() {
return _AcceptedIssuers;
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
// TODO Auto-generated method stub
return true;
}
});
SSLContext context =null;
if (trustManagers ==null) {
trustManagers =new TrustManager[] {new HTTPSTrustManager() };
}
try {
context = SSLContext.getInstance("SSL");
context.init(null, trustManagers, new SecureRandom());
}catch (Exception e) {
e.printStackTrace();
}
javax.net.ssl.SSLSocketFactory socketFactory =context.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
}
}
二、OkHttp(由于Retrofit基于OkHttp,获取HttpClient之后设置方法同理)
通过以下方法创建OkHttpClient 对象
private static OkHttpClientgetUnsafeOkHttpClient() {
try {
// Create a trust manager that does not validate certificate chains
final TrustManager[] trustAllCerts =new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType){
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[]getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
// Install the all-trusting trust manager
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
// Create an ssl socket factory with our all-trusting manager
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder =new OkHttpClient.Builder();
builder.sslSocketFactory(sslSocketFactory);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
OkHttpClient okHttpClient = builder.build();
return okHttpClient;
}catch (Exception e) {
throw new RuntimeException(e);
}
}