Принятие всех сертификатов SSL обычно не идеальный сценарий. Немного лучше принять только указанный вами SSL-сертификат c с использованием этого фрагмента кода.
final class CustomTrust {
private static InputStream trustedCertificatesInputStream() {
String certificate_one = "ADD_YOUR_CERTIFICATE";
String certificate_two = "ADD_YOUR_CERTIFICATE";
return new Buffer()
.writeUtf8(certificate_one)
.writeUtf8(certificate_two)
.inputStream();
}
public static X509TrustManager getTrustManagerForCertificates()
throws GeneralSecurityException {
InputStream in= trustedCertificatesInputStream();
CertificateFactory certificateFactory =
CertificateFactory.getInstance("X.509");
Collection<? extends Certificate> certificates =
certificateFactory.generateCertificates(in);
if (certificates.isEmpty()) {
throw new IllegalArgumentException("expected non-empty set of trusted
certificates");
}
// Put the certificates a key store.
char[] password = "password".toCharArray(); // Any password will work.
KeyStore keyStore = newEmptyKeyStore(password);
int index = 0;
for (Certificate certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificate);
}
// Use it to build an X509 trust manager.
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(
KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, password);
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(
TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
if (trustManagers.length != 1 || !(trustManagers[0] instanceof
X509TrustManager)) {
throw new IllegalStateException("Unexpected default trust managers:"
+ Arrays.toString(trustManagers));
}
return (X509TrustManager) trustManagers[0];
}
private static KeyStore newEmptyKeyStore(char[] password) throws
GeneralSecurityException {
try {
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
InputStream in = null; // By convention, 'null' creates an empty key
store.
keyStore.load(in, password);
return keyStore;
} catch (IOException e) {
throw new AssertionError(e);
}
}}
Используйте это CustomTrust в вашем клиенте OKHttp как.
public class MyOkHttpClient {
public static OkHttpClient get(Context context) {
try {
// Install the all-trusting trust manager
X509TrustManager trustManager =
CustomTrust.getTrustManagerForCertificates();
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{trustManager}, null);
SSLSocketFactory sslSocketFactory =
sslContext.getSocketFactory();
OkHttpClient.Builder okHttpBuilder = new
OkHttpClient.Builder()
.sslSocketFactory(sslSocketFactory, trustManager)
.hostnameVerifier((hostname, session) -> true)
.connectTimeout(30, TimeUnit.SECONDS)
.writeTimeout(30, TimeUnit.SECONDS)
.readTimeout(30, TimeUnit.SECONDS)
return okHttpBuilder.build();
} catch (Exception e) {
throw new RuntimeException(e);
}
} }