在使用Volley和OkHttp,Retrofit的时候,访问https的网站,经常会碰到一个异常就是javax.net.ssl.SSLHandshakeException,大致就是证书相关的异常。
一般这种情况下会报的异常是这样的:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
产生的原因一般是后端配置的证书有误,即没有在CA进行认证,或者使用了自签名的证书。
客户端与服务端忽略证书校验即是在客户端的网络请求和webview中设置信任所有证书,然后在与服务端进行Https网络通信的时候,客户端不必进行证书校验也能进行网络通信,否则就会报证书不受信异常。
缺陷:容易受到中间人攻击。
如果后台配置错误会导致开发非常的不便,我们可以通过忽略证书校验来避免这个问题,使用下面的工具类进行忽略。
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SSLSocketClient
{
//获取这个SSLSocketFactory
public static SSLSocketFactory getSSLSocketFactory()
{
try
{
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, getTrustManager(), new SecureRandom());
return sslContext.getSocketFactory();
}
catch (Exception e)
{
throw new RuntimeException(e);
}
}
//获取TrustManager
private static TrustManager[] getTrustManager()
{
TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager()
{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
{
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
{
}
@Override
public X509Certificate[] getAcceptedIssuers()
{
return new X509Certificate[]{};
}
}};
return trustAllCerts;
}
//获取HostnameVerifier
public static HostnameVerifier getHostnameVerifier()
{
HostnameVerifier hostnameVerifier = new HostnameVerifier()
{
@Override
public boolean verify(String s, SSLSession sslSession)
{
return true;
}
};
return hostnameVerifier;
}
}
在OkHttp请求中信任所有证书
OkHttpClient okHttpClient = new OkHttpClient.Builder()
.sslSocketFactory(SSLSocketClient.getSSLSocketFactory())
.hostnameVerifier(SSLSocketClient.getHostnameVerifier())
.build();
