先插一句,Google出的volley框架本身是支持https請求的,但是隻是針對有第三方機構認證過的。
如果自己隨便在網上搞的一個證書,那volley是不支持請求的。
本文講下如何讓volley支持自己搞的https證書。
修改volley源碼:com.android.myvolley.toolbox.HurlStack
/**
* Create an {@link HttpURLConnection} for the specified {@code url}.
*/
protected HttpURLConnection createConnection(URL url) throws IOException {
if (url.toString().contains("https")) {
MyHttpsManager.allowAllSSL();
}
return (HttpURLConnection) url.openConnection();
}
if (url.toString().contains("https")) {
MyHttpsManager.allowAllSSL();
}
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class MyHttpsManager implements X509TrustManager {
private static TrustManager[] trustManagers;
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String arg0, SSLSession arg1) {
// TODO Auto-generated method stub
return true;
}
});
SSLContext context = null;
if (trustManagers == null) {
trustManagers = new TrustManager[] { new MyHttpsManager() };
}
try {
context = SSLContext.getInstance("TLS");
context.init(null, trustManagers, new SecureRandom());
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
HttpsURLConnection.setDefaultSSLSocketFactory(context
.getSocketFactory());
}
}
然後請求的時候在頭裏面加個什麼鬼id,sign之類的,就可以和服務端通信了。
例如volley重寫getHeaders方法:
public void sendRequest(int method, String url, JSONObject jsonRequest, final String sessionToken, final OnResponseListener listener,final OnErrorListener errorListener) {
initUserAgent();
JsonObjectRequest jsonObjectRequest = new JsonObjectRequest(method, url, jsonRequest, new Response.Listener<JSONObject>() {
@Override
public void onResponse(JSONObject response) {
listener.onResponse(response);
}
}, new Response.ErrorListener() {
@Override
public void onErrorResponse(VolleyError error) {
errorListener.onErrorResponse(error);
}
}){
@Override
public Map<String, String> getHeaders() throws AuthFailureError {
HashMap<String, String> headers = new HashMap<String,String>();
headers.put("Content-Type", "application/json");
headers.put("x-app-id", APPID);
headers.put("x-app-sign",SIGN);
headers.put("x-session-token",sessionToken);
headers.put("User-Agent",userAgent);
return headers;
}
};
Volley.newRequestQueue(context).add(jsonObjectRequest);
}
