OkHttp 处理Https问题

onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 
在之前接入php接口时是http没有任何问题完美跑通 但在正式环境下域名切换到https下就会出现一个异常 onFailure: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. 我以为是后台配置的ssl问题   我在项目中assets下也配置了ssl并在OkHttp下设置了路径 
public static SSLSocketFactory getSslSocketFactory() {         SSLContext sslContext = null;         try {             CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");             Certificate ca;             InputStream certificates = null;             try {                 certificates = MyApplication.APP.getAssets().open("cmzk.cer");                 ca = certificateFactory.generateCertificate(certificates);             } finally {                 if (certificates != null) {                     certificates.close();                 }             }             String keyStoreType = KeyStore.getDefaultType();             KeyStore keyStore = KeyStore.getInstance(keyStoreType);             keyStore.load(null, null);             keyStore.setCertificateEntry("ca", ca);             String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();             TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);             tmf.init(keyStore);             sslContext = SSLContext.getInstance("SSL");             sslContext.init(null, tmf.getTrustManagers(), null);         } catch (Exception e) {             e.printStackTrace();         }         return sslContext != null ? sslContext.getSocketFactory() : null;       } 

在创建OkHttp实例时配置ssl证书,发现并没任何用还是会抛出ssl异常

okHttpClient = new OkHttpClient.Builder()                 .connectTimeout(CON_TIME, TimeUnit.SECONDS)                 .readTimeout(READ_TIME, TimeUnit.SECONDS)                 .writeTimeout(WRITE_TIME, TimeUnit.SECONDS)                 .addNetworkInterceptor(internateInttercepter)                 .addInterceptor(appInterceptor)                 .sslSocketFactory(getSslSocketFactory())//设置https证书                 .hostnameVerifier(new HostnameVerifier() {                     @Override                     public boolean verify(String hostname, SSLSession session) {                         return true;                 })                 .cache(cache)                 .build(); 
到这里就很神奇了? 我没有配置ssl也会异常,我配置了还会异常  ****(口吐芬芳) 后来发现OkHttp默认验证SSL  那么给他关掉不久好了(想法 idea) 
private SSLSocketFactory createSSLSocketFactory() {         SSLSocketFactory ssfFactory = null;         try {             MyTrustManager mMyTrustManager = new MyTrustManager();             SSLContext sc = SSLContext.getInstance("TLS");             sc.init(null, new TrustManager[]{mMyTrustManager}, new SecureRandom());             ssfFactory = sc.getSocketFactory();         } catch (Exception ignored) {             ignored.printStackTrace();         }          return ssfFactory;     }     //实现X509TrustManager接口     public static class MyTrustManager implements X509TrustManager {         @Override         public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {         }          @Override         public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {         }          @Override         public X509Certificate[] getAcceptedIssuers() {             return new X509Certificate[0];         }     } 
        okHttpClient = new OkHttpClient.Builder()                 .connectTimeout(CON_TIME, TimeUnit.SECONDS)                 .readTimeout(READ_TIME, TimeUnit.SECONDS)                 .writeTimeout(WRITE_TIME, TimeUnit.SECONDS)                 .addNetworkInterceptor(internateInttercepter)                 .addInterceptor(appInterceptor) //                .sslSocketFactory(getSslSocketFactory())//设置https证书                 .sslSocketFactory(createSSLSocketFactory())//忽略ssl验证                 .hostnameVerifier(new HostnameVerifier() {                     @Override                     public boolean verify(String hostname, SSLSession session) {                         return true;                     }                 })                 .cache(cache)                 .build(); 
测试完美跑通! *注意 Retrofit也是一样哦  针对https的处理,目前主要有两种方式: 客户端默认信任全部证书 对自签名网址进行证书的单独处理 

版权声明:玥玥 发表于 2021-04-27 3:20:12。
转载请注明:OkHttp 处理Https问题 | 女黑客导航