OkHttp3添加SSL证书信任

场景:
　　jdk8版本升级更新后,请求的时候会报"clientBuilder.sslSocketFactory(SSLSocketFactory) not supported on JDK 9+"的错误信息

这时候我们需要获取一个默认的"X509TrustManager",因此我们在SSLSocketClient工具类中添加"getX509TrustManager()"方法,并修改OkHttpClient的获取方式即可

1. SSLSocketClient工具类

import javax.net.ssl.*;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Arrays;

public class SSLSocketClient {
    //获取这个SSLSocketFactory
    public static SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, getTrustManager(), new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    //获取TrustManager
    private static TrustManager[] getTrustManager() {
        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) {
                    }

                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                        return new X509Certificate[]{};
                    }
                }
        };
        return trustAllCerts;
    }

    /**
     * <h5>功能:配置证书信任管理器类</h5>
     */
    public static X509TrustManager getX509TrustManager() {
        X509TrustManager trustManager = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
                throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
            }
            trustManager = (X509TrustManager) trustManagers[0];
        } catch (Exception e) {
            e.printStackTrace();
        }

        return trustManager;
    }
}

2. 修改"sslSocketFactory"实现方法

设置sslSocketFactory,代码如下

.sslSocketFactory(SSLSocketClient.getSSLSocketFactory(), SSLSocketClient.getX509TrustManager())
                        .build();

创建OkHttpClient对象完整方法

/**
 * <h5>功能:创建OkHttpClient对象</h5>
 * 
 * @return 
 */
private static OkHttpClient getClient() {
    OkHttpClient client = new OkHttpClient.Builder()
                        .connectTimeout(MAX_CONN_TIMEOUT, TimeUnit.SECONDS) // 设置连接主机超时时间,默认10秒,0表示没有超时
                        .readTimeout(MAX_READ_TIMEOUT, TimeUnit.SECONDS)    // 设置从主机读取数据超时时间,默认10秒,0表示没有超时
                        .writeTimeout(MAX_WRITE_TIMEOUT, TimeUnit.SECONDS)  // 设置新连接的默认写入超时时间,默认10秒,0表示没有超时
                        .retryOnConnectionFailure(true)
//              .sslSocketFactory(SSLSocketClient.getSSLSocketFactory())
                        .sslSocketFactory(SSLSocketClient.getSSLSocketFactory(), SSLSocketClient.getX509TrustManager()) // 添加SSL证书信任
                        .build();
    return client;
}

OkHttp3添加SSL证书信任

原文：https://blog.51cto.com/u_1197822/2740000