网上很多文章都是只能单向认证,特在此记录双向自签名证书。
windows电脑配置 BouncyCastleProvider
1. 下载 bcprov-ext-jdk15on-159.jar
2. 这个jar文件放在 Java 主目录下的 jdk/jre/lib/ext目录下
3. 修改jdk/jre/lib/security/java.security这个文件:在List of providers 注释的地方添加这一行 security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
4. 重启终端,输入命令行: keytool -importkeystore -srckeystore client.p12 -srcstoretype pkcs12 -destkeystore client.bks -deststoretype bks -provider org.bouncycastle.jce.provider.BouncyCastleProvider 貌似要输入三次密码,记得问后台人员密码。
5.第4步中的client.p12是后台人员给的,文章在这里。
6. android代码中assets放入生成的client.bks和client.p12,网络框架使用基于okhttp的okgo框架,代码如下
OkHttpClient.Builder builder = new OkHttpClient.Builder().hostnameVerifier(new Home());
try {
InputStream serverCertIn = context.getAssets().open("client.p12");
InputStream bksIn = context.getAssets().open("client.bks");
HttpsUtils.SSLParams sslParams1 = HttpsUtils.getSslSocketFactory(bksIn,"qwaserdf",serverCertIn);
builder.sslSocketFactory(sslParams1.sSLSocketFactory, sslParams1.trustManager);
OkGo.getInstance().init(application).setOkHttpClient(builder.build()).setRetryCount(3);
} catch (IOException e) {
e.printStackTrace();
}
public class Home implements HostnameVerifier { public SSLSession sslSession; @Override public boolean verify(String hostname, SSLSession session) { this.sslSession = session; return true; } }
来源:oschina
链接:https://my.oschina.net/u/2439344/blog/4503280