Android Https证书过期的解决方案
2023-02-18 16:39:25 时间
应该有很多小伙伴遇到这样一个问题,在线上已发布的app里,关于https的cer证书过期,从而导致app所有网络请求失效无法使用。
这个时候有人就要说了,应急发布一个已更新最新cer证书的apk不就完事了么,其实没那么简单,iOS还好可以通过appstore提供的api查询到新版本,但android就不一样了,需要调用自己Server端提供的api接口查询到新版本,并获取apk下载路径,问题是https都不能访问了,如何请求到版本信息呢?下面提供两种常见的解决方案:
方案一
将版本信息接口让后台改成http(不推荐,后台因素不可控),或者将本地https的设置一个不安全校验(推荐)。
private static OkHttpClient newOkHttpClient(int timeout){
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
return new OkHttpClient.Builder()
.addInterceptor(new RequestInfoInterceptor())
//.addInterceptor(logging)
.addNetworkInterceptor(new TokenHeaderInterceptor())
.sslSocketFactory(Certificate.getSSLSocketFactory())
//设置不安全校验
.hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
.readTimeout(timeout, TimeUnit.SECONDS)
.writeTimeout(timeout, TimeUnit.SECONDS)
.build();
}
/**
*获取HostnameVerifier
*/
public static HostnameVerifier getUnSafeHostnameVerifier() {
HostnameVerifier hostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String s, SSLSession sslSession) {
return true;
}
};
return hostnameVerifier;
}
方案二
将xxx.cer证书改成动态读取(以文件的方式从app沙盒里面读取即可),在https证书即将过期时,从服务器下载最新的cer证书更新到沙盒里面,App每次初始化网络请求时读取sdcard最新的证书文件,这样App就永远不会出现https证书过期导致无法使用的问题,流程图如下。
下面是一些关键的代码:
private static OkHttpClient newOkHttpClient(int timeout){
HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
logging.setLevel(HttpLoggingInterceptor.Level.BODY);
return new OkHttpClient.Builder()
.addInterceptor(new RequestInfoInterceptor())
//.addInterceptor(logging)
.addNetworkInterceptor(new TokenHeaderInterceptor())
.sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"}))
.hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
.readTimeout(timeout, TimeUnit.SECONDS)
.writeTimeout(timeout, TimeUnit.SECONDS)
.build();
}
/**
* 带证书的,从本地文件读取
* @param context
* @param certificatesFiles 本地文件(通过下载到本地)
* @return
*/
public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) {
if (context == null) {
throw new NullPointerException("context == null");
}
CertificateFactory certificateFactory;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certificatesFiles.length; i++) {
InputStream certificate = new FileInputStream(certificatesFiles[i]);
keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
if (certificate != null) {
certificate.close();
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
}
return null;
}
/**
* 带证书的,从raw资源中读取
* @param context
* @param certificates rawIds
* @return
*/
public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {
if (context == null) {
throw new NullPointerException("context == null");
}
CertificateFactory certificateFactory;
try {
certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certificates.length; i++) {
InputStream certificate = context.getResources().openRawResource(certificates[i]);
keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
if (certificate != null) {
certificate.close();
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
return sslContext.getSocketFactory();
} catch (Exception e) {
}
return null;
}
相关文章
- Android平台GB28181设备接入端如何支持跨网段语音对讲?
- 基于flask和bootstrap-table的通用数据查询
- 爬虫方案 | 爬取大众点评网评论的几个思路(从小程序端)
- 【黄啊码】如何用小程序实现世界杯参赛队伍投票
- 《Android App开发进阶与项目实战》资源下载和内容勘误
- 微信小程序使用阿里巴巴的矢量图标iconfont
- 微信小程序 点击显示隐藏 极简Tab标签 点击添加class样式
- 微信小程序 wx:if 与 hidden区别
- 微信小程序 CSS border-radius元素 overflow:hidden失效问题 iPhone ios 苹果兼容问题
- 微信小程序 自定义 tabBar案例 官方案例迁入无效解决方法 非 tab 页显示 tabBar的问题解决 自定义tabBar与原生tabBar以及自写伪tabbar的区别
- IOS APPStore 上传更新应用版本 软件
- Android - NETD解读
- 【Android自定义控件】不用ScrollView实现上下两屏滑动
- Android实现TextView跑马灯效果
- Android进程间通信(一)- Bundle
- Android进程间通信(二)- Messenger
- 微信小程序实现上拉和下拉加载更多
- 微信小程序 scroll-view 完成上拉加载更多
- 微信小程序实现tabs选项卡
- java和vue学生定位打卡小程序人脸识别打卡系统源码网站学生考勤系统