kotlin
Kotlin
import android.annotation.SuppressLint
import android.os.Build
import java.net.Proxy
import java.security.KeyStore
import java.security.SecureRandom
import java.security.cert.CertPathValidatorException
import java.security.cert.CertificateException
import java.security.cert.CertificateExpiredException
import java.security.cert.CertificateNotYetValidException
import java.security.cert.X509Certificate
import java.util.concurrent.TimeUnit
import javax.net.ssl.SSLContext
import javax.net.ssl.SSLSocketFactory
import javax.net.ssl.TrustManager
import javax.net.ssl.TrustManagerFactory
import javax.net.ssl.X509TrustManager
import okhttp3.OkHttpClient
import okhttp3.Request
/**
* <pre>
* desc : 用于统一创建okhttp
</pre> *
*/
object DefOkHttp {
/**
* 获取默认的OKhttp实例
* @return
* 默认的全局okhttp类
*/
@JvmStatic
val default: OkHttpClient = newOkHttpClient(OkHttpClient.Builder())
@JvmStatic
val defaultHeaders = hashMapOf<String, String>()
init {
defaultHeaders["x-brand"] = checkHeaderValue(Build.MODEL, "unknown")
defaultHeaders["x-platform"] = "android" + Build.VERSION.SDK_INT
}
/**
* 由于okhttp header不容许携带中文,故
*/
private fun checkHeaderValue(value: String?, defaultVal: String): String {
if (value == null) {
return defaultVal
} else {
for (c in value) {
if (c.code <= 31 && c != '\t' || c.code >= 127) {
return defaultVal
}
}
return value
}
}
@Synchronized
@JvmStatic
fun addDefaultHeader(key: String, value: String) {
defaultHeaders[key] = value
}
/**
* 创建一个新的okHttp实例
* @param builder
* okhttp构建者
* @return
* okhttp实例
*/
@Synchronized
@JvmStatic
fun newOkHttpClient(builder: OkHttpClient.Builder): OkHttpClient {
return patchDefaultBuilder(builder).build()
}
/**
* 创建一个默认的builder类
* @return
* 默认的okhttp builder类
*/
@Synchronized
@JvmStatic
fun newDefaultBuilder(): OkHttpClient.Builder {
return patchDefaultBuilder(OkHttpClient.Builder())
}
/**
* 增加默认配置
* @param builder:外部构建者
*/
@JvmStatic
private fun patchDefaultBuilder(builder: OkHttpClient.Builder): OkHttpClient.Builder {
patchSSL(builder)
builder.proxy(Proxy.NO_PROXY)
// 增加固定header
builder.addInterceptor { chain ->
val originalRequest: Request = chain.request()
// 使用newBuilder复制原始请求
val newRequestBuilder: Request.Builder = originalRequest.newBuilder()
// 添加固定的header头部
for ((key, value) in defaultHeaders) {
newRequestBuilder.addHeader(key, value)
}
// 构建新的请求
val newRequest: Request = newRequestBuilder.build()
// 继续处理请求
chain.proceed(newRequest)
}
return builder
}
@Suppress("CAST_NEVER_SUCCEEDS")
private fun patchSSL(builder: OkHttpClient.Builder): OkHttpClient.Builder {
try {
val tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm()
val tmf = TrustManagerFactory.getInstance(tmfAlgorithm)
val socketFactory: SSLSocketFactory
tmf.init(null as? KeyStore)
val sslContext = SSLContext.getInstance("TLS")
val trustManagers = tmf.trustManagers
val x509TrustManager = trustManagers[0] as X509TrustManager
sslContext.init(null, getWrappedTrustManagers(trustManagers), SecureRandom())
socketFactory = if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT_WATCH) {
val socketFactoryNoTls = sslContext.socketFactory
TLS12SocketFactory(socketFactoryNoTls)
} else {
sslContext.socketFactory
}
builder.connectTimeout(8, TimeUnit.SECONDS)
.readTimeout(8, TimeUnit.SECONDS)
.writeTimeout(8, TimeUnit.SECONDS)
.sslSocketFactory(socketFactory, x509TrustManager)
.followRedirects(true)
.followSslRedirects(true)
.retryOnConnectionFailure(true)
.build()
} catch (_: Exception) {
builder.connectTimeout(8, TimeUnit.SECONDS)
.readTimeout(8, TimeUnit.SECONDS)
.writeTimeout(8, TimeUnit.SECONDS)
.followRedirects(true)
.followSslRedirects(true)
.retryOnConnectionFailure(true)
}
return builder
}
@SuppressLint("CustomX509TrustManager")
private fun getWrappedTrustManagers(trustManagers: Array<TrustManager>): Array<TrustManager> {
val originalTrustManager = trustManagers[0] as X509TrustManager
return arrayOf(
object : X509TrustManager {
override fun getAcceptedIssuers(): Array<X509Certificate> {
return originalTrustManager.acceptedIssuers
}
@Throws(CertificateException::class)
override fun checkClientTrusted(certs: Array<X509Certificate>, authType: String) {
try {
originalTrustManager.checkClientTrusted(certs, authType)
} catch (e: CertificateException) {
if (e.cause is CertificateNotYetValidException ||
e.cause?.cause is CertificateNotYetValidException ||
e.cause is CertPathValidatorException ||
e.cause ?.cause is CertPathValidatorException ||
e.cause is CertificateExpiredException ||
e.cause ?.cause is CertificateExpiredException
) {
Log.d("checkClientTrusted post CertificateNotYetValidEvent----")
} else {
throw e
}
}
}
@Throws(CertificateException::class)
override fun checkServerTrusted(certs: Array<X509Certificate>, authType: String) {
try {
originalTrustManager.checkServerTrusted(certs, authType)
} catch (e: CertificateException) {
if (e.cause is CertificateNotYetValidException ||
e.cause?.cause is CertificateNotYetValidException ||
e.cause is CertPathValidatorException ||
e.cause ?.cause is CertPathValidatorException ||
e.cause is CertificateExpiredException ||
e.cause ?.cause is CertificateExpiredException
) {
Log.d("checkServerTrusted post CertificateNotYetValidEvent----")
} else {
throw e
}
}
}
})
}
}使用:
Kotlin
DefOkHttp.newDefaultBuilder()旧版JAVA
java
import android.os.Build;
import android.util.Log;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
public class CertImpl {
public long getTimeInMs() {
return System.currentTimeMillis();
}
public SSLSocketFactory getCertImpl() {
try {
SSLSocketFactory socketFactory = null;
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init((KeyStore) null);
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManager[] trustManagers = tmf.getTrustManagers();
sslContext.init(null, getWrappedTrustManagers(trustManagers), new SecureRandom());
if(Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT_WATCH){
socketFactory = new Tls12SocketFactory(sslContext.getSocketFactory());
}else{
socketFactory = sslContext.getSocketFactory();
}
return socketFactory;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) {
final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0];
return new TrustManager[]{ new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return originalTrustManager.getAcceptedIssuers();
}
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
originalTrustManager.checkClientTrusted(certs, authType);
} catch (CertificateException e) {
if (e.getCause() instanceof CertificateNotYetValidException
|| (e.getCause() != null && e.getCause().getCause() instanceof CertificateNotYetValidException)
|| (e.getCause() instanceof CertPathValidatorException)
|| e.getCause() instanceof CertificateExpiredException
|| (e.getCause() != null && e.getCause().getCause() instanceof CertificateExpiredException)) {
Log.i("checkServerTrusted post CertificateNotYetValidEvent----");
} else {
throw e;
}
}
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
try {
originalTrustManager.checkServerTrusted(certs, authType);
} catch (CertificateException e) {
if (e.getCause() instanceof CertificateNotYetValidException
|| (e.getCause() != null && e.getCause().getCause() instanceof CertificateNotYetValidException)
|| (e.getCause() instanceof CertPathValidatorException)
|| e.getCause() instanceof CertificateExpiredException
|| (e.getCause() != null && e.getCause().getCause() instanceof CertificateExpiredException)) {
Log.d("CertImpl", "checkServerTrusted post CertificateNotYetValidEvent--");
} else {
throw e;
}
}
}
}};
}
}使用:
java
public static OkHttpClient getClient() {
if (mOkHttpClient == null) {
okhttp3.OkHttpClient.Builder clientBuilder = getBuilder();
try {
SSLSocketFactory factory = new CertImpl().getCertImpl();
clientBuilder.sslSocketFactory(factory);
}catch (Exception e){
e.printStackTrace();
}
mOkHttpClient = clientBuilder.build();
}
return mOkHttpClient;
}