怎么配置自签证书

Android端, 私有云绕过自签名配置
发布时间: 2020-08-21 19:20

回答:

在sdk做init之前, 调用如下方法.

private void setSSL() {
        try {
            TrustManager tm[] = {
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                            Log.d("checkClientTrusted", "authType:" + authType);
                        }
                        @Override
                        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                            Log.d("checkServerTrusted", "authType:" + authType);
                            try {
                                chain[0].checkValidity();
                            } catch (Exception e) {
                                Log.e("checkServerTrusted", "Exception", e);
                            }
                        }
                        @Override
                        public X509Certificate[] getAcceptedIssuers() {
                            return new X509Certificate[0];
                        }
                    }
            };
            mySSLContext = SSLContext.getInstance("TLS");
            mySSLContext.init(null, tm, null);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        SSLUtils.setSSLContext(mySSLContext);
        SSLUtils.setHostnameVerifier(new HostnameVerifier() {
            @Override
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
    }

注意不要对这个方法进行进程限制, 不能只在主进程执行, 因为sdk的业务都是在IPC进程操作, 所以网络操作也是在IPC进程做的.