針對訪問Https網站,必須具有認可的證書,經過驗證後才能訪問該網站。
通常需要機構所發行的證書,但在開發階段還未申請到核可的證書時,我們可透過繞過證書的方式,來訪問Https網站。
要繞過證書的方式,主要是重寫HostnameVerifier的驗證方式及配合X509TrustManager來處理授權。
Step 1: 建立class : CustomHostnameVerifier
首先,先在文件中建立CustomHostnameVerifier, 並複寫HostnameVerifier的驗證方法,通過所有的驗證。
Connection.java1 2 3 4 5 6
| private class CustomHostnameVerifier implements HostnameVerifier { @Override public boolean verify(String hostname, SSLSession session) { return true; } }
|
Step 2: 建立class : CustomTrustManager
建立CustomTrustManager來處理授權。
Connection.java1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
| private class CustomTrustManager implements X509TrustManager {
public CustomTrustManager(KeyStore keystore) throws NoSuchAlgorithmException, KeyStoreException { super(); }
@Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
@Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { }
@Override public X509Certificate[] getAcceptedIssuers() { return null; } }
|
Step 3: 設定SSL及建立連線
在建立HttpURLConnection連線之前,我們必須先設定好SSL相關設定。
Connection.java1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
| SSLContext sc = SSLContext.getInstance("TLS"); sc.init(null, new TrustManager[] { new CustomTrustManager(null) }, new SecureRandom()); HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(new CustomHostnameVerifier());
URL url = new URL(api); HttpURLConnection httpConn = (HttpURLConnection) url.openConnection(); httpConn.setRequestMethod("POST"); httpConn.setUseCaches(true); httpConn.setAllowUserInteraction(true);
httpConn.setDoOutput(true); httpConn.setDoInput(true); httpConn.setConnectTimeout(3000); httpConn.setReadTimeout(3000); ...
|
這樣就能夠繞過證書,達到免簽的方式訪問Https的網站了。