Android Https證書過期的兩種解決方案
應(yīng)該有很多小伙伴遇到這樣一個(gè)問題,在線上已發(fā)布的app里,關(guān)于https的cer證書過期,從而導(dǎo)致app所有網(wǎng)絡(luò)請(qǐng)求失效無法使用。
這個(gè)時(shí)候有人就要說了,應(yīng)急發(fā)布一個(gè)已更新最新cer證書的apk不就完事了么,其實(shí)沒那么簡單,iOS還好可以通過appstore提供的api查詢到新版本,但android就不一樣了,需要調(diào)用自己Server端提供的api接口查詢到新版本,并獲取apk下載路徑,問題是https都不能訪問了,如何請(qǐng)求到版本信息呢?下面提供兩種常見的解決方案:
方案一
將版本信息接口讓后臺(tái)改成http(不推薦,后臺(tái)因素不可控),或者將本地https的設(shè)置一個(gè)不安全校驗(yàn)(推薦)。
private static OkHttpClient newOkHttpClient(int timeout){ HttpLoggingInterceptor logging = new HttpLoggingInterceptor(); logging.setLevel(HttpLoggingInterceptor.Level.BODY); return new OkHttpClient.Builder() .addInterceptor(new RequestInfoInterceptor()) //.addInterceptor(logging) .addNetworkInterceptor(new TokenHeaderInterceptor()) .sslSocketFactory(Certificate.getSSLSocketFactory()) //設(shè)置不安全校驗(yàn) .hostnameVerifier(Certificate.getUnSafeHostnameVerifier()) .readTimeout(timeout, TimeUnit.SECONDS) .writeTimeout(timeout, TimeUnit.SECONDS) .build(); } /** *獲取HostnameVerifier */ public static HostnameVerifier getUnSafeHostnameVerifier() { HostnameVerifier hostnameVerifier = new HostnameVerifier() { @Override public boolean verify(String s, SSLSession sslSession) { return true; } }; return hostnameVerifier; }
方案二
將xxx.cer證書改成動(dòng)態(tài)讀取(以文件的方式從app沙盒里面讀取即可),在https證書即將過期時(shí),從服務(wù)器下載最新的cer證書更新到沙盒里面,App每次初始化網(wǎng)絡(luò)請(qǐng)求時(shí)讀取sdcard最新的證書文件,這樣App就永遠(yuǎn)不會(huì)出現(xiàn)https證書過期導(dǎo)致無法使用的問題,流程圖如下。
下面是一些關(guān)鍵的代碼:
private static OkHttpClient newOkHttpClient(int timeout){ HttpLoggingInterceptor logging = new HttpLoggingInterceptor(); logging.setLevel(HttpLoggingInterceptor.Level.BODY); return new OkHttpClient.Builder() .addInterceptor(new RequestInfoInterceptor()) //.addInterceptor(logging) .addNetworkInterceptor(new TokenHeaderInterceptor()) .sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"})) .hostnameVerifier(Certificate.getUnSafeHostnameVerifier()) .readTimeout(timeout, TimeUnit.SECONDS) .writeTimeout(timeout, TimeUnit.SECONDS) .build(); } /** * 帶證書的,從本地文件讀取 * @param context * @param certificatesFiles 本地文件(通過下載到本地) * @return */ public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) { if (context == null) { throw new NullPointerException("context == null"); } CertificateFactory certificateFactory; try { certificateFactory = CertificateFactory.getInstance("X.509"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); for (int i = 0; i < certificatesFiles.length; i++) { InputStream certificate = new FileInputStream(certificatesFiles[i]); keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate)); if (certificate != null) { certificate.close(); } } SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext.getSocketFactory(); } catch (Exception e) { } return null; } /** * 帶證書的,從raw資源中讀取 * @param context * @param certificates rawIds * @return */ public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) { if (context == null) { throw new NullPointerException("context == null"); } CertificateFactory certificateFactory; try { certificateFactory = CertificateFactory.getInstance("X.509"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null, null); for (int i = 0; i < certificates.length; i++) { InputStream certificate = context.getResources().openRawResource(certificates[i]); keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate)); if (certificate != null) { certificate.close(); } } SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); return sslContext.getSocketFactory(); } catch (Exception e) { } return null; }
到此這篇關(guān)于Android Https證書過期的解決方案的文章就介紹到這了,更多相關(guān)Android Https證書過期內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家!
相關(guān)文章
Android 實(shí)現(xiàn)調(diào)用系統(tǒng)照相機(jī)拍照和錄像的功能
這篇文章主要介紹了Android 實(shí)現(xiàn)調(diào)用系統(tǒng)照相機(jī)拍照和錄像的功能的相關(guān)資料,需要的朋友可以參考下2016-11-11Android Handler內(nèi)存泄漏詳解及其解決方案
在android開發(fā)過程中,我們可能會(huì)遇到過令人奔潰的OOM異常,這篇文章主要介紹了Android Handler內(nèi)存泄漏詳解及其解決方案,具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下2018-08-08解決Android 6.0獲取wifi Mac地址為02:00:00:00:00:00問題
這篇文章主要介紹了Android 6.0獲取wifi Mac地址為02:00:00:00:00:00的解決方法,非常不錯(cuò),具有參考借鑒價(jià)值,需要的朋友可以參考下2017-11-11android ViewPager實(shí)現(xiàn)滑動(dòng)翻頁效果實(shí)例代碼
本篇文章主要介紹了android ViewPager實(shí)現(xiàn)滑動(dòng)翻頁效果實(shí)例代碼,具有一定的參考價(jià)值,感興趣的小伙伴們可以參考一下。2017-03-03Android Force Close 出現(xiàn)的異常原因分析及解決方法
本文給大家講解Android Force Close 出現(xiàn)的異常原因分析及解決方法,forceclose意為強(qiáng)行關(guān)閉,當(dāng)前應(yīng)用程序發(fā)生了沖突。對(duì)android force close異常分析感興趣的朋友一起通過本文學(xué)習(xí)吧2016-08-08