本文介绍如何在开发过程中暂时关闭Okhttp的安全性以解决SSL未认证问题,提供最新可靠的代码实现,并提示在发布时记得恢复设置。
不多说,如果有时候请求https出现未认证的问题,这个时候还得继续开发的情况下,我们可以把Okhttp的安全性关闭。等正式发布后打开即可。
网上很多,不过有些方法过时了,我们可以完善下:
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
/*
*@Description: Okhttp工具类
*@Author: hl
*@Time: 2018/12/25 11:55
*/
public class OkHttpClientTool {
/**
* 获取OkHttpClient
*
* @return OkHttpClient
*/
public static OkHttpClient getUnsafeOkHttpClient() {
try {
final TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, trustAllCerts, new java.security.SecureRandom());
final javax.net.ssl.SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
OkHttpClient.Builder builder = new OkHttpClient.Builder();
///< 过时方法
//builder.sslSocketFactory(sslSocketFactory);
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
builder.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
builder.connectTimeout(30, TimeUnit.SECONDS);
return builder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
}
过期的地方,多了一个参数:
image
使用一下:
image
基本就OK了。别忘记最后发布的时候注释掉哟...
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
