https OkHttpClient 的使用

最新推荐文章于 2024-07-29 10:58:54 发布
最新推荐文章于 2024-07-29 10:58:54 发布
阅读量843 收藏
点赞数
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/duanjie924/article/details/80234646
本文介绍了一个用于替换系统内置的信任证书的定制信任管理器实现。该管理器能够指定信任哪些证书,并拒绝所有未被指定的证书,这对于开发环境或避免依赖第三方证书机构的生产环境非常有用。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

/* 
 * Copyright (C) 2015 Square, Inc. 
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); 
 * you may not use this file except in compliance with the License. 
 * You may obtain a copy of the License at 
 * 
 *      http://www.apache.org/licenses/LICENSE-2.0 
 * 
 * Unless required by applicable law or agreed to in writing, software 
 * distributed under the License is distributed on an "AS IS" BASIS, 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
 * See the License for the specific language governing permissions and 
 * limitations under the License. 
 */  
package com.cardvlaue.sys.util;  
  
import java.io.IOException;  
import java.io.InputStream;  
import java.security.GeneralSecurityException;  
import java.security.KeyStore;  
import java.security.cert.Certificate;  
import java.security.cert.CertificateFactory;  
import java.util.Arrays;  
import java.util.Collection;  
  
import javax.net.ssl.KeyManagerFactory;  
import javax.net.ssl.SSLContext;  
import javax.net.ssl.SSLSocketFactory;  
import javax.net.ssl.TrustManager;  
import javax.net.ssl.TrustManagerFactory;  
import javax.net.ssl.X509TrustManager;  
  
import okhttp3.CertificatePinner;  
import okio.Buffer;  
  
public final class CustomTrust {  
  
    public final X509TrustManager trustManager;  
    public final SSLSocketFactory sslSocketFactory;  
  
    public CustomTrust() {  
        try {  
            trustManager = trustManagerForCertificates(trustedCertificatesInputStream());  
            SSLContext sslContext = SSLContext.getInstance("TLS");  
            sslContext.init(null, new TrustManager[]{trustManager}, null);  
            sslSocketFactory = sslContext.getSocketFactory();  
        } catch (GeneralSecurityException e) {  
            throw new RuntimeException(e);  
        }  
    }  
  
    /** 
     * Returns an input stream containing one or more certificate PEM files. This implementation just 
     * embeds the PEM files in Java strings; most applications will instead read this from a resource 
     * file that gets bundled with the application. 
     */  
    private InputStream trustedCertificatesInputStream() {  
        String myCertificationAuthority = "" +  
                "-----BEGIN CERTIFICATE-----\n" +  
                "MIICuDCCAiGgAwIBAgIJAIs736cLbpTUMA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV\n" +  
                "BAYTAkNOMREwDwYDVQQIDAhTaGFuZ2hhaTERMA8GA1UEBwwIU2hhbmdoYWkxEjAQ\n" +  
                "BgNVBAoMCWNhcmR2YWx1ZTESMBAGA1UECwwJY2FyZHZhbHVlMRgwFgYDVQQDDA93\n" +  
                "d3cuY3ZiYW9saS5jb20wHhcNMTYxMTI5MDIyMzA2WhcNMTgxMTI5MDIyMzA2WjB1\n" +  
                "MQswCQYDVQQGEwJDTjERMA8GA1UECAwIU2hhbmdoYWkxETAPBgNVBAcMCFNoYW5n\n" +  
                "aGFpMRIwEAYDVQQKDAljYXJkdmFsdWUxEjAQBgNVBAsMCWNhcmR2YWx1ZTEYMBYG\n" +  
                "A1UEAwwPd3d3LmN2YmFvbGkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\n" +  
                "gQDN3qqFHz4cBw47OJ2EuY+I+eG+FtPg+obapM9YunHzIslP/ySOyb1Zec6LvxUQ\n" +  
                "tJSbrM8FM1UEvWstDI6ZBZ6C62545oF0IS78PyvOBtJYRJY/x26LRUnlSDAoadJl\n" +  
                "xVzThRc6VPhHugNVQQSt9WTzdzisA6uU+6dc3RAZkGSbQQIDAQABo1AwTjAdBgNV\n" +  
                "HQ4EFgQUdESB48DPV3NnR4eQqt3gb008tzMwHwYDVR0jBBgwFoAUdESB48DPV3Nn\n" +  
                "R4eQqt3gb008tzMwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOBgQCZdkn3\n" +  
                "xxn0lE2SKHE29zaMvSwOuzaVophRRGBiPH+h1BTL+Cf0ujzHyx3NVngHHXPxNWX8\n" +  
                "ZgJRssytSVpdOY05Quw7G4CCyEg+6/RK/RBKluy6RcBkqedAqBbV2qw1wvRPDDGn\n" +  
                "1mIVq+RRJDHXNTTI3nRfI6o+BpOojaTEKxG4gQ==\n" +  
                "-----END CERTIFICATE-----";  
        return new Buffer()  
                .writeUtf8(myCertificationAuthority)  
                .inputStream();  
    }  
  
    /** 
     * Returns a trust manager that trusts {@code certificates} and none other. HTTPS services whose 
     * certificates have not been signed by these certificates will fail with a {@code 
     * SSLHandshakeException}. 
     * <p> 
     * <p>This can be used to replace the host platform's built-in trusted certificates with a custom 
     * set. This is useful in development where certificate authority-trusted certificates aren't 
     * available. Or in production, to avoid reliance on third-party certificate authorities. 
     * <p> 
     * <p>See also {@link CertificatePinner}, which can limit trusted certificates while still using 
     * the host platform's built-in trust store. 
     * <p> 
     * <h3>Warning: Customizing Trusted Certificates is Dangerous!</h3> 
     * <p> 
     * <p>Relying on your own trusted certificates limits your server team's ability to update their 
     * TLS certificates. By installing a specific set of trusted certificates, you take on additional 
     * operational complexity and limit your ability to migrate between certificate authorities. Do 
     * not use custom trusted certificates in production without the blessing of your server's TLS 
     * administrator. 
     */  
    private X509TrustManager trustManagerForCertificates(InputStream in)  
            throws GeneralSecurityException {  
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");  
        Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(in);  
        if (certificates.isEmpty()) {  
            throw new IllegalArgumentException("expected non-empty set of trusted certificates");  
        }  
  
        // Put the certificates a key store.  
        char[] password = "password".toCharArray(); // Any password will work.  
        KeyStore keyStore = newEmptyKeyStore(password);  
        int index = 0;  
        for (Certificate certificate : certificates) {  
            String certificateAlias = Integer.toString(index++);  
            keyStore.setCertificateEntry(certificateAlias, certificate);  
        }  
  
        // Use it to build an X509 trust manager.  
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(  
                KeyManagerFactory.getDefaultAlgorithm());  
        keyManagerFactory.init(keyStore, password);  
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(  
                TrustManagerFactory.getDefaultAlgorithm());  
        trustManagerFactory.init(keyStore);  
        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();  
        if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {  
            throw new IllegalStateException("Unexpected default trust managers:"  
                    + Arrays.toString(trustManagers));  
        }  
        return (X509TrustManager) trustManagers[0];  
    }  
  
    private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException {  
        try {  
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());  
            InputStream in = null; // By convention, 'null' creates an empty key store.  
            keyStore.load(in, password);  
            return keyStore;  
        } catch (IOException e) {  
            throw new AssertionError(e);  
        }  
    }  
  
}  

[java] view plain copy
/** 
     * PHP 服务器 
     * <p/> 
     * 默认超时时间 
     * 
     * @return RequestService 
     */  
    static RequestService newJsonClient() {  
        CustomTrust ct = new CustomTrust();  
        OkHttpClient client = new OkHttpClient.Builder()  
                .addInterceptor(chain -> {  
                    Request request = chain.request().newBuilder()  
                            .addHeader("X-CRM-Application-Id", RequestConstants.APPLICATION_ID)  
                            .addHeader("X-CRM-Version", RequestConstants.VERSION)  
                            .addHeader("Content-Type", RequestConstants.JSON_TYPE)  
                            .build();  
                    return chain.proceed(request);  
                })  
                .sslSocketFactory(ct.sslSocketFactory, ct.trustManager)  
                .hostnameVerifier((s, sslSession) -> true)  
                .build();  
  
        Retrofit retrofit = new Retrofit.Builder()  
                .baseUrl(RequestConstants.BASE_URL)  
                .client(client)  
                .addConverterFactory(FastJsonConvertFactory.create())  
                .addCallAdapterFactory(RxJava2CallAdapterFactory.create())  
                .build();  
  
        return retrofit.create(RequestService.class);  
    }

duanjie924
关注
java通过OkHttpClient发送https请求(忽略认证)
weixin_45011411的博客
06-26 2892
java通过OkHttpClient发送https请求 之前使用过DefaHttpClient发送https一直没有成功,后面尝试OkHttpClient可以发送成功 pom文件配置 <dependency> <groupId>com.squareup.okhttp3</groupId> <artifactId>okhttp</artifactId> <version>3.14.4</version>
HttpUtils工具类(三)OKHttpClient使用详细教程
最新发布
m0_52767002的博客
09-05 5744
同步和异步请求同步请求会在当前线程等待响应,适合不需要并发的简单请求。异步请求会将网络操作交由后台线程处理,不会阻塞主线程,适合需要并发处理或在 Android 等环境中使用。连接池: OkHttp 默认会使用连接池来复用 HTTP 连接,从而提高性能,减少连接的建立和关闭的开销。拦截器 (Interceptor): 拦截器允许在请求和响应时进行操作,例如可以在请求发送前添加认证信息,或在响应到达后进行日志记录。自动处理 HTTP/2 和 SPDY。
https OkHttpClient使用
12-26 3362
/* * Copyright (C) 2015 Square, Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy
OkHttpClient 发送https请求
yangchuang11的博客
10-17 1161
【代码】OkHttpClient 发送https请求。
OkHttpClient请求https
m0_61283012的博客
07-11 737
4、如果没有相关jar包可以下载对应的okhttp.jar包;这样就可以正常请求https地址了;1、在OkHttpClient中复写SSL的相关方法,强制 要求在证书校验时返回true即可;3、在OkHttpClient中添加ssl的相关校验方法;
自建CA证书,java实现通过OkHttpClient发送https(验证ca证书)请求
qq_37392351的博客
03-10 1292
1、实现步骤 1.1 环境准备 <!-- 将客户端公钥导入的服务端jdk信任库 --> keytool -import -alias sslTestClient_01 -file F:\ghj\prooooject\jar\test\client\sslTestClient_01.cer -keystore 'C:\Program Files\Java\jdk1.8.0_261\jre\lib\security\cacerts' -storepass changeit –v <!--
Android Studio OkHttpClient使用教程详解
01-20
本次来记录下OkHttpClient使用OkHttpClient是用来完成android 客户端对服务端请求的工具。 首先记住,使用网络的时候一定要加入权限,加入到AndroidMainfest.xml中 ”android.permission.INTERNET”> 在初次...
关于Android Studio中使用OkHttpClient访问网络需要第三方模拟器的问题
09-14
在Android应用开发中,使用OkHttpClient来访问网络是常见的做法,因为OkHttpClient提供了高效、灵活且强大的网络请求处理能力。然而,在某些情况下,开发者可能会遇到一些障碍,特别是在使用某些教材或旧版本Android...
okhttpclient使用
08-18
- *1* *2* *3* [Okhttp使用详解](https://blog.youkuaiyun.com/sunqunsunqun/article/details/51661195)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_...
OkHttpClient进行Https请求(信任所有证书)
qq_25933249的博客
09-02 4767
//创建信任所有证书的OkHttpClient public static OkHttpClient getHttps() { OkHttpClient okHttpClient = new OkHttpClient.Builder() .hostnameVerifier(new HostnameVerifier() { @Override .
Okhttp之Https
chuyouyinghe的专栏
11-08 3317
引子: okhttp是一款开源的网络访问框架,支持http以及https的访问。 今天,我研究的是如何用 okhttp库 来访问https 的站点。 研究的结论先摆出来: 1)如果这个HTTPS站点,是经过了权威证书颁发机构CA的认证,那么你可以像访问普通HTTP那样来访问https。 2)如果这个HTTS站点,没有经过CA认证,那我们有两种方式来访问它。   其一,让okhttpClient信任所有的https,这是比较简单粗暴的做法。   其二,一个比较文艺的做法,下载该https站点的证
OkHttpClient访问https请求 同步和异步
qqnbsp的博客
06-28 4167
下面那一版有时候请求不到数据:更新一版异步的: import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import okhttp3.*; import javax.net.ssl.*; import java.io.IOException; import java.net.URL; ...
Okhttp 访问自签名证书 HTTPS
zhengxtDgxs的博客
09-05 2849
Okhttp 访问 HTTPS 链接问题 HTTPS 即以安全为目的的 HTTP 通道,即 HTTP 下加入 SSL 层,HTTPS 的安全基础是 SSL,因此加密的详细内容就需要 SSL。一般情况下 CA 颁发的 https 证书是默认受浏览器信任的。okhttp框架也能直接访问这些网站拿到数据,但对于自签名证书,okhttp 默认是拒绝访问通过的。一般能直接访问的网站 Chrome 浏览器打...
Okhttp的https的设置
chanzhu的博客
04-05 988
https请求由于证书验证问题,直接请求一般都会失败.一般是做证书验证处理或者忽略证书验证,这里介绍后者.解决方案从外文文章中看到,这里搬砖一下.希望对大家有帮助 public static OkHttpClient getUnsafeOkHttpClient() { try { // Create a trust manager that
OkhttpClient使用
wei7a7a7a的博客
06-15 2356
三个jar包,你可以在上述网址中下载到这三个jar包的最新版本。同时,OkHttp还支持通过Gradle或Maven等依赖管理工具进行引用。-通过Call#enqueue(Callback)方法来提交异步请求;需要注意的是,OkHttp 3.x版本需要引入。-通过前两步中的对象构建Call对象;-构造Request对象;
OKHttp实现Https请求
热门推荐
听海的博客
09-25 1万+
1.HTTPS定义 HTTPS全称为Hyper Text Transfer Protocol over Secure Socket Layer或是Hypertext Transfer Protocol Secure 中文含义为“超文本传输安全协议” 。是以安全为目标的HTTP通道。简单讲是HTTP的安全版。即HTTP下加入SSL层,HTTPS的安全基础是SSL,因此加密的详细内容就需要SSL。...
Okhttp访问https 12306
LightLu
08-30 1188
下面写的类调用其getInstance方法即可获得可以访问https的HttpClient对象,使用如下: HTTPUtils utils = new HTTPUtils(getApplicationContext); OkHttpClient client = utils.getInstance(); 在需要操作的界面获取client对象后,我们就可以访问12306了。 关于HTTPS
OkHttp中https处理
VipPetergee的博客
07-13 2591
一、Https处理 1、简介 OkHttp试图平衡两个互相竞争的问题 1)连接数 支持连接基于BoringSSL和OpenSSL尽可能多的host地址 2)安全性 支持证书验证和数据传输加密 在进行HTTPS服务器的连接时,OkHttp 需要知道要提供哪些TLS 版本和加密组件。 想要实现最大化连接的客户端,会使用过时的 TLS 版本和弱性能加密组件。 想要最大限度提高安全性的客户端将仅限于最新的 TLS 版本和性能最强的加密组件 BoringSSL BoringSSL 是谷歌创建的
Okhttp发送 https协议和http协议
qq_52308245的博客
07-29 580
【代码】Okhttp发送 https协议和http协议。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值