網站首頁 編程語言 正文
應該有很多小伙伴遇到這樣一個問題,在線上已發布的app里,關于https的cer證書過期,從而導致app所有網絡請求失效無法使用。
這個時候有人就要說了,應急發布一個已更新最新cer證書的apk不就完事了么,其實沒那么簡單,iOS還好可以通過appstore提供的api查詢到新版本,但android就不一樣了,需要調用自己Server端提供的api接口查詢到新版本,并獲取apk下載路徑,問題是https都不能訪問了,如何請求到版本信息呢?下面提供兩種常見的解決方案:
方案一
將版本信息接口讓后臺改成http(不推薦,后臺因素不可控),或者將本地https的設置一個不安全校驗(推薦)。
private static OkHttpClient newOkHttpClient(int timeout){
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
return new OkHttpClient.Builder()
.addInterceptor(new RequestInfoInterceptor())
//.addInterceptor(logging)
.addNetworkInterceptor(new TokenHeaderInterceptor())
.sslSocketFactory(Certificate.getSSLSocketFactory())
//設置不安全校驗
.hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
.readTimeout(timeout, TimeUnit.SECONDS)
.writeTimeout(timeout, TimeUnit.SECONDS)
.build();
}
/**
*獲取HostnameVerifier
*/
public static HostnameVerifier getUnSafeHostnameVerifier() {
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
};
return hostnameVerifier;
}方案二
將xxx.cer證書改成動態讀取(以文件的方式從app沙盒里面讀取即可),在https證書即將過期時,從服務器下載最新的cer證書更新到沙盒里面,App每次初始化網絡請求時讀取sdcard最新的證書文件,這樣App就永遠不會出現https證書過期導致無法使用的問題,流程圖如下。
下面是一些關鍵的代碼:
private static OkHttpClient newOkHttpClient(int timeout){
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
return new OkHttpClient.Builder()
.addInterceptor(new RequestInfoInterceptor())
//.addInterceptor(logging)
.addNetworkInterceptor(new TokenHeaderInterceptor())
.sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"}))
.hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
.readTimeout(timeout, TimeUnit.SECONDS)
.writeTimeout(timeout, TimeUnit.SECONDS)
.build();
}
/**
* 帶證書的,從本地文件讀取
* @param context
* @param certificatesFiles 本地文件(通過下載到本地)
* @return
*/
public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) {
if (context == null) {
throw new NullPointerException("context == null");
}
CertificateFactory certificateFactory;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certificatesFiles.length; i++) {
InputStream certificate = new FileInputStream(certificatesFiles[i]);
keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
if (certificate != null) {
certificate.close();
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
}
return null;
}
/**
* 帶證書的,從raw資源中讀取
* @param context
* @param certificates rawIds
* @return
*/
public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {
if (context == null) {
throw new NullPointerException("context == null");
}
CertificateFactory certificateFactory;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certificates.length; i++) {
InputStream certificate = context.getResources().openRawResource(certificates[i]);
keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
if (certificate != null) {
certificate.close();
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
}
return null;
}原文鏈接:https://blog.csdn.net/xiangzhihong8/article/details/128411216
相關推薦
- 2021-12-05 Linux系統運行級別詳細介紹_Linux
- 2022-07-19 詳解c語言中的動態內存分配問題
- 2022-01-29 調用存儲命令:將sqlserver表中的數據導出sql語句或生成insert into語句
- 2022-10-26 Python如何用NumPy讀取和保存點云數據_python
- 2022-09-26 Qt如何實現輸入框@聯系人的@檢測的示例_C 語言
- 2022-04-30 詳解DataGridView控件的數據綁定_C#教程
- 2022-05-27 利用Matlab繪制好看的旋轉九邊形_C 語言
- 2022-08-20 docker鏡像alpine中安裝oracle客戶端_docker
- 最近更新
-
- window11 系統安裝 yarn
- 超詳細win安裝深度學習環境2025年最新版(
- Linux 中運行的top命令 怎么退出?
- MySQL 中decimal 的用法? 存儲小
- get 、set 、toString 方法的使
- @Resource和 @Autowired注解
- Java基礎操作-- 運算符,流程控制 Flo
- 1. Int 和Integer 的區別,Jav
- spring @retryable不生效的一種
- Spring Security之認證信息的處理
- Spring Security之認證過濾器
- Spring Security概述快速入門
- Spring Security之配置體系
- 【SpringBoot】SpringCache
- Spring Security之基于方法配置權
- redisson分布式鎖中waittime的設
- maven:解決release錯誤:Artif
- restTemplate使用總結
- Spring Security之安全異常處理
- MybatisPlus優雅實現加密?
- Spring ioc容器與Bean的生命周期。
- 【探索SpringCloud】服務發現-Nac
- Spring Security之基于HttpR
- Redis 底層數據結構-簡單動態字符串(SD
- arthas操作spring被代理目標對象命令
- Spring中的單例模式應用詳解
- 聊聊消息隊列,發送消息的4種方式
- bootspring第三方資源配置管理
- GIT同步修改后的遠程分支
提供CDN加速