快捷導(dǎo)航

Android Https證書(shū)過(guò)期的兩種解決方案

更新時(shí)間：2022年12月24日 09:50:55 作者：xiangzhihong8

應(yīng)該有很多小伙伴遇到這樣一個(gè)問(wèn)題，在線上已發(fā)布的app里，關(guān)于https的cer證書(shū)過(guò)期，從而導(dǎo)致app所有網(wǎng)絡(luò)請(qǐng)求失效無(wú)法使用，這篇文章主要介紹了Android Https證書(shū)過(guò)期的解決方案,需要的朋友可以參考下

這個(gè)時(shí)候有人就要說(shuō)了，應(yīng)急發(fā)布一個(gè)已更新最新cer證書(shū)的apk不就完事了么，其實(shí)沒(méi)那么簡(jiǎn)單，iOS還好可以通過(guò)appstore提供的api查詢(xún)到新版本，但android就不一樣了，需要調(diào)用自己Server端提供的api接口查詢(xún)到新版本，并獲取apk下載路徑，問(wèn)題是https都不能訪問(wèn)了，如何請(qǐng)求到版本信息呢？下面提供兩種常見(jiàn)的解決方案：

方案一

將版本信息接口讓后臺(tái)改成http（不推薦，后臺(tái)因素不可控），或者將本地https的設(shè)置一個(gè)不安全校驗(yàn)（推薦）。

private static OkHttpClient newOkHttpClient(int timeout){
 
        HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
        logging.setLevel(HttpLoggingInterceptor.Level.BODY);
 
        return new OkHttpClient.Builder()
                .addInterceptor(new RequestInfoInterceptor())
                //.addInterceptor(logging)
                .addNetworkInterceptor(new TokenHeaderInterceptor())
                .sslSocketFactory(Certificate.getSSLSocketFactory())
                //設(shè)置不安全校驗(yàn)
                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
                .readTimeout(timeout, TimeUnit.SECONDS)
                .writeTimeout(timeout, TimeUnit.SECONDS)
                .build();
    }
 
    /**
     *獲取HostnameVerifier 
     */
    public static HostnameVerifier getUnSafeHostnameVerifier() {
        HostnameVerifier hostnameVerifier = new HostnameVerifier() {
            @Override
            public boolean verify(String s, SSLSession sslSession) {
                return true;
            }
        };
        return hostnameVerifier;
    }

方案二

將xxx.cer證書(shū)改成動(dòng)態(tài)讀?。ㄒ晕募姆绞綇腶pp沙盒里面讀取即可），在https證書(shū)即將過(guò)期時(shí)，從服務(wù)器下載最新的cer證書(shū)更新到沙盒里面，App每次初始化網(wǎng)絡(luò)請(qǐng)求時(shí)讀取sdcard最新的證書(shū)文件，這樣App就永遠(yuǎn)不會(huì)出現(xiàn)https證書(shū)過(guò)期導(dǎo)致無(wú)法使用的問(wèn)題，流程圖如下。

在這里插入圖片描述

下面是一些關(guān)鍵的代碼：

    private static OkHttpClient newOkHttpClient(int timeout){
 
        HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
        logging.setLevel(HttpLoggingInterceptor.Level.BODY);
 
        return new OkHttpClient.Builder()
                .addInterceptor(new RequestInfoInterceptor())
                //.addInterceptor(logging)
                .addNetworkInterceptor(new TokenHeaderInterceptor())
                .sslSocketFactory(Certificate.getSSLSocketFactory(BaseApplcation.myApp, new String[]{"/sdcard/xxx.cer"}))
                .hostnameVerifier(Certificate.getUnSafeHostnameVerifier())
                .readTimeout(timeout, TimeUnit.SECONDS)
                .writeTimeout(timeout, TimeUnit.SECONDS)
                .build();
    }
  
    /**
     * 帶證書(shū)的，從本地文件讀取
     * @param context
     * @param certificatesFiles  本地文件（通過(guò)下載到本地）
     * @return
     */
    public static SSLSocketFactory getSSLSocketFactory(Context context, String[] certificatesFiles) {
        if (context == null) {
            throw new NullPointerException("context == null");
        }
        CertificateFactory certificateFactory;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
 
            for (int i = 0; i < certificatesFiles.length; i++) {
                InputStream certificate = new FileInputStream(certificatesFiles[i]);
                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
 
                if (certificate != null) {
                    certificate.close();
                }
            }
            SSLContext sslContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (Exception e) {
 
        }
        return null;
    }
 
  /**
     * 帶證書(shū)的，從raw資源中讀取
     * @param context
     * @param certificates  rawIds
     * @return
     */
    public static SSLSocketFactory getSSLSocketFactory(Context context, int[] certificates) {
        if (context == null) {
            throw new NullPointerException("context == null");
        }
        CertificateFactory certificateFactory;
        try {
            certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null, null);
 
            for (int i = 0; i < certificates.length; i++) {
                InputStream certificate = context.getResources().openRawResource(certificates[i]);
                keyStore.setCertificateEntry(String.valueOf(i), certificateFactory.generateCertificate(certificate));
 
                if (certificate != null) {
                    certificate.close();
                }
            }
            SSLContext sslContext = SSLContext.getInstance("TLS");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (Exception e) {
 
        }
        return null;
    }

到此這篇關(guān)于Android Https證書(shū)過(guò)期的解決方案的文章就介紹到這了,更多相關(guān)Android Https證書(shū)過(guò)期內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: