項目需求改變顽馋，需要更加安全的網(wǎng)絡(luò)請求疑苔，然后就需要我們在android客戶端實現(xiàn)單向認(rèn)證請求均蜜。

直接上代碼

public class OkHttpsManager {

// public static int REQ_TYPE = 3; // 1:http 2:https 3:https clientCA

private static String clientP12 = "www/client.p12";

// private static String p12Pwd="citicbank"; //測試密碼 citicbank

//你的密碼

private static String p12Pwd = "citicbank@"; // citicbank@ 正式密碼

private static OkHttpsManager manager;

private OkHttpsManager(){}

public static OkHttpsManager getInstance(){

if(manager==null){

synchronized (OkHttpsManager.class) {

if(manager==null){

manager=new OkHttpsManager();

}

}

}

return manager;

}

/**

* 客戶單證書 被 Okhttp 使用

*

* @return

* @throws Exception

*/

public? OkHttpClient mytrust()throws Exception{

? javax.net.ssl.TrustManager[] trustAllCerts = new javax.net.ssl.TrustManager[1];

? Log.e("sslt",trustAllCerts.length+"");

? ? ? ? javax.net.ssl.TrustManager tm = new miTM();

? ? ? ? trustAllCerts[0] = tm;

? ? ? ? javax.net.ssl.SSLContext sc = javax.net.ssl.SSLContext.getInstance("SSL");

? ? ? ? //客戶端證書

? ? ? ? KeyManager[] clientkeyManagers =getClientKeyManager();

? ? ? ? sc.init(clientkeyManagers, trustAllCerts, null);

? ? ? ? OkHttpClient client = new OkHttpClient.Builder()

.connectTimeout(10, TimeUnit.SECONDS)

.sslSocketFactory(sc.getSocketFactory())

.readTimeout(5, TimeUnit.SECONDS).build();

? ? ? ? return client;

? }

public KeyManager[] getClientKeyManager() throws Exception {

// -----------客觀端證書-----------------

KeyManager[] clientkeyManagers = null;

if (SwpConfig.REQ_TYPE == 3) {

try {

char[] pwd = p12Pwd.toCharArray();

KeyStore keyStore = KeyStore.getInstance("PKCS12");

InputStream astream = SwpConfig.getAppContext().getAssets()

.open(clientP12);

keyStore.load(astream, pwd);

KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");

kmf.init(keyStore, pwd);

clientkeyManagers = kmf.getKeyManagers();

Log.e("ssl",clientkeyManagers.length+"");

} catch (Exception e) {

}

}

if(clientkeyManagers==null){

throw new IllegalAccessError("clientkeymanagers do not null");

}

return clientkeyManagers;

}

? static class miTM implements javax.net.ssl.TrustManager, javax.net.ssl.X509TrustManager {

? ? ? public java.security.cert.X509Certificate[] getAcceptedIssuers() {

? ? ? ? ? return new X509Certificate[0];

? ? ? }

? ? ? public boolean isServerTrusted(java.security.cert.X509Certificate[] certs) {

? ? ? ? ? return true;

? ? ? }

? ? ? public boolean isClientTrusted(java.security.cert.X509Certificate[] certs) {

? ? ? ? ? return true;

? ? ? }

? ? ? public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType)

? ? ? ? ? ? ? throws java.security.cert.CertificateException {

? ? ? ? ? return;

? ? ? }

? ? ? public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType)

? ? ? ? ? ? ? throws java.security.cert.CertificateException {

? ? ? ? ? return;

? ? ? }

}

}

你可以直接把以上的代碼復(fù)制到你的應(yīng)用中，但是有些地方需要你注意一下

你要改的就是這兩個代碼，第一個參數(shù)是你你們公司自簽名的文件在你項目的哪個位置

第二個參數(shù)是 你們公司簽名的密碼

注意：我的簽名文件是.p12系谐，如果你的不是，那可以參考一下其它人的代碼。我對這個原理也不是很懂宪潮。只是實現(xiàn)了公司的需求。