com.mzlion.easyokhttp.utils.CustomTrust Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of easy-okhttp Show documentation
Show all versions of easy-okhttp Show documentation
easy-okhttp是对okhttp3上层封装的网络框架,支持文件上传和下载表单提交(文件和一个参数对应多值),
链式调用,并且默认整合Gson,对返回结果多种转换,同时还支持HTTPS单向认证和双向认证等特性。
/*
* Copyright (C) 2016 mzlion([email protected]).
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.mzlion.easyokhttp.utils;
import com.mzlion.core.io.IOUtils;
import com.mzlion.core.lang.ArrayUtils;
import com.mzlion.easyokhttp.HttpClientConfigException;
import javax.net.ssl.*;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
*
* 2016-05-25 针对Https的构建
*
*
* @author mzlion
*/
public class CustomTrust {
/**
* 根据证书构建{@linkplain SSLSocketFactory}
*
* @param inputStreams 证书
* @return {@link SSLServerSocketFactory}
*/
public static SSLSocketFactory sslSocketFactory(InputStream[] inputStreams) {
try {
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManager trustManager;
if (ArrayUtils.isEmpty(inputStreams)) {
trustManager = new TrustAllManager();
} else {
trustManager = trustManagerForCertificates(inputStreams);
}
sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
return sslContext.getSocketFactory();
} catch (GeneralSecurityException e) {
throw new HttpClientConfigException(e);
}
}
private static X509TrustManager trustManagerForCertificates(InputStream[] inputStreams) throws GeneralSecurityException {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
// Put the certificates a key store.
char[] password = "password".toCharArray(); // Any password will work.
KeyStore keyStore = newEmptyKeyStore(password);
int index = 0;
for (InputStream certificate : inputStreams) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, factory.generateCertificate(certificate));
try {
if (certificate != null) certificate.close();
} catch (IOException e) {
e.printStackTrace();
} finally {
IOUtils.closeQuietly(certificate);
}
}
// Use it to build an X509 trust manager.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ ArrayUtils.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
private static KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null; // By convention, 'null' creates an empty key store.
keyStore.load(in, password);
return keyStore;
} catch (IOException e) {
throw new HttpClientConfigException(e);
}
}
private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers) {
for (TrustManager trustManager : trustManagers) {
if (trustManager instanceof X509TrustManager) {
return (X509TrustManager) trustManager;
}
}
return null;
}
private static class MyTrustManager implements X509TrustManager {
private X509TrustManager defaultTrustManager;
private X509TrustManager localTrustManager;
public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException {
TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
var4.init((KeyStore) null);
defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
this.localTrustManager = localTrustManager;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
try {
defaultTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException ce) {
localTrustManager.checkServerTrusted(chain, authType);
}
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
}
private static class TrustAllManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy