为什么要使用ip直连这种方式去请求我们的服务器呢?这其实和国内运营伤有关,运营商有时为了利益会将你的域名劫持换成他人的域名,为了防止这种情况的发生通用的解决办法要么联系运营商要么就只能使用ip直连了。普遍大家目前使用的都是okHttp,这里就以okHttp为例子。其实非常简单只需要设置一下两个方法就行:

        OkHttpClient.Builder builder = new OkHttpClient.Builder();

        ....

        String domain = ....;

        builder.sslSocketFactory(new TlsSniSocketFactory(domain), new SSLUtil.TrustAllManager())

                .hostnameVerifier(new TrueHostnameVerifier(domain));

通过调用sslSocketFactory()方法传入两个参数一个是:SSLSocket,还有一个x509TrustManager。我们来看看第一个参数是如何实现的:

public class TlsSniSocketFactory extends SSLSocketFactory {

    private final String TAG = TlsSniSocketFactory.class.getSimpleName();

    HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();

    String peerHost;

    public TlsSniSocketFactory(String peerHost) {

        this.peerHost = peerHost;

    }

    public TlsSniSocketFactory() {

    }

    @Override

    public Socket createSocket() {

        return null;

    }

    @Override

    public Socket createSocket(String host, int port) {

        return null;

    }

    @Override

    public Socket createSocket(String host, int port, InetAddress localHost, int localPort) {

        return null;

    }

    @Override

    public Socket createSocket(InetAddress host, int port) {

        return null;

    }

    @Override

    public Socket createSocket(InetAddress address, int port, InetAddress localAddress, int localPort) {

        return null;

    }

    // TLS layer

    @Override

    public String[] getDefaultCipherSuites() {

        return new String[0];

    }

    @Override

    public String[] getSupportedCipherSuites() {

        return new String[0];

    }

    @Override

    public Socket createSocket(Socket plainSocket, String host, int port, boolean autoClose) throws IOException {

        if (TextUtils.isEmpty(peerHost)) {

            peerHost = host;

            peerHost =  ....;

        }        Log.i(TAG, "customized createSocket. host: " + peerHost);

        InetAddress address = plainSocket.getInetAddress();

        if (autoClose) {

            // we don't need the plainSocket

            plainSocket.close();

        }

        // create and connect SSL socket, but don't do hostname/certificate verification yet

        SSLCertificateSocketFactory sslSocketFactory = (SSLCertificateSocketFactory) SSLCertificateSocketFactory.getDefault(0);

        SSLSocket ssl = (SSLSocket) sslSocketFactory.createSocket(address, port);

        // enable TLSv1.1/1.2 if available

        ssl.setEnabledProtocols(ssl.getSupportedProtocols());

        // set up SNI before the handshake

        if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.JELLY_BEAN_MR1) {

            Log.i(TAG, "Setting SNI hostname");

            sslSocketFactory.setHostname(ssl, peerHost);

        } else {

            Log.d(TAG, "No documented SNI support on Android <4.2, trying with reflection");

            try {

                java.lang.reflect.Method setHostnameMethod = ssl.getClass().getMethod("setHostname", String.class);

                setHostnameMethod.invoke(ssl, peerHost);

            } catch (Exception e) {

                Log.w(TAG, "SNI not useable", e);

            }

        }

        // verify hostname and certificate

        SSLSession session = ssl.getSession();

        if (!hostnameVerifier.verify(peerHost, session))

            throw new SSLPeerUnverifiedException("Cannot verify hostname: " + peerHost);

        Log.i(TAG, "Established " + session.getProtocol() + " connection with " + session.getPeerHost() +

                " using " + session.getCipherSuite());

        return ssl;

    }

}

为了防止获取不到domain将外围的domain塞入,将这个domain塞入返回我们的ssl。x509TrustManagerx信任了所有的证书,当然正常情况下应该使用和后端约定好的证书,代码如下:

public class SSLUtil {

    /**

     * 默认信任所有的证书

     * TODO 最好加上证书认证,主流App都有自己的证书

     *

     * @return

     */

    @SuppressLint("TrulyRandom")

    public static SSLSocketFactory createSSLSocketFactory() {

        SSLSocketFactory sSLSocketFactory = null;

        try {

            SSLContext sc = SSLContext.getInstance("TLS");

            sc.init(null, new TrustManager[]{new TrustAllManager()},

                    new SecureRandom());

            sSLSocketFactory = sc.getSocketFactory();

        } catch (Exception e) {

        }

        return sSLSocketFactory;

    }

    public static class TrustAllManager implements X509TrustManager {

        @Override

        public void checkServerTrusted(X509Certificate[] chain, String authType)

        {

        }

        @Override

        public void checkClientTrusted(X509Certificate[] chain, String authType) {

        }

        @Override

        public X509Certificate[] getAcceptedIssuers() {

            return new X509Certificate[0];

        }

    }

    public static class TrustAllHostnameVerifier implements HostnameVerifier {

        @Override

        public boolean verify(String hostname, SSLSession session) {

            return true;

        }

    }

}

最后https需要校验我的domain是否是服务器提供的domain:

public class TrueHostnameVerifier implements HostnameVerifier {

    public  String domain;

    public TrueHostnameVerifier(String domain) {

        this.domain = domain;

    }

    public TrueHostnameVerifier() {

    }

    @Override

    public boolean verify(String hostname, SSLSession session) {

        if(TextUtils.isEmpty(domain)) {

            domain = ...;

        }

        return HttpsURLConnection.getDefaultHostnameVerifier().verify(domain, session);

    }

}

以上代码可以直接拷贝,省略号代码具体代码可能需要你自己去实现。希望对你有所帮助。

Android使用HTTPS进行IP直连握手失败问题(okHttp)的更多相关文章

  1. HTTPS IP直连问题小结

    HTTPS IP直连问题小结: https://blog.csdn.net/leelit/article/details/77829196 可以使用OkHttpClient进行相同IP地址,不同DNS ...

  2. fiddler Android下https抓包全攻略

    fiddler Android下https抓包全攻略 fiddler的http.https的抓包功能非常强大,可非常便捷得对包进行断点跟踪和回放,但是普通的配置对于像招商银行.支付宝.陌陌这样的APP ...

  3. 在深谈TCP/IP三步握手&四步挥手原理及衍生问题—长文解剖IP

    如果对网络工程基础不牢,建议通读<细说OSI七层协议模型及OSI参考模型中的数据封装过程?> 下面就是TCP/IP(Transmission Control Protoco/Interne ...

  4. 关于Android的https通讯安全

    原文链接:http://pingguohe.net/2016/02/26/Android-App-secure-ssl.html 起因 前段时间,同事拿着一个代码安全扫描出来的 bug 过来咨询,我一 ...

  5. Android 使用 HTTPS 问题解决(SSLHandshakeException)

    title date categories tags Android 5.0以下TLS1.x SSLHandshakeException 2016-11-30 12:17:02 -0800 Andro ...

  6. TCP/IP三次握手与四次挥手的正确姿势

    0.史上最容易理解的:TCP三次握手,四次挥手 https://cloud.tencent.com/developer/news/257281 A 理解TCP/IP三次握手与四次挥手的正确姿势http ...

  7. https握手失败案例(一)

      OkHttpClient okHttpClient = new OkHttpClient.Builder() .connectTimeout(15, TimeUnit.SECONDS) .read ...

  8. 使用wireshark 抓取 http https tcp ip 协议进行学习

    使用wireshark 抓取 http https tcp ip 协议进行学习 前言 本节使用wireshark工具抓包学习tcp ip http 协议 1. tcp 1.1 tcp三次握手在wire ...

  9. android 通过socket获取IP

    如题<android 通过socket获取IP>: socket.getInetAddress().getHostAddress();

随机推荐

  1. BASIC-14_蓝桥杯_时间转换

    示例代码: #include <stdio.h> int main(void){ int t = 0 , h = 0 , m = 0 , s = 0 ; scanf("%d&qu ...

  2. neo4j图数据库入门

    一.安装及启动 1.安装 Java SDK 1)     地址:http://www.oracle.com/technetwork/java/javase/downloads 2)     下载:jd ...

  3. 转转转!java继承中的this和super

    学习java时看了不少尚学堂马士兵的视频,还是挺喜欢马士兵的讲课步骤的,二话不说,先做实例,看到的结果才是最实际的,理论神马的全是浮云.只有在实际操作过程中体会理论,在实际操作过程中升华理论才是最关键 ...

  4. 实验八 c排序算法

    8.1 #include<stdio.h> int main(){ int a[5],i,j,k,t,z; //输入5个元素进入数组 for(i=0;i<5;i++) scanf(& ...

  5. 学习笔记之Moq

    dotnet/src/MoqSample at master · haotang923/dotnet · GitHub https://github.com/htanghtang/dotnet/tre ...

  6. Java 类的生命周期

    类从被加载到JVM内存中开始,到卸载出内存为止,它的整个生命周期包括: 加载(Loading)-->验证(Verification)-->准备(Preparation)-->解析(R ...

  7. 第3章 文件I/O(1)_标准C的I/O

    1. 标准C的I/O和FILE结构体 1.1 标准C的I/O库函数 (1)char *fgets( char *string, int n, FILE *stream );//从流中获取字符串 (2) ...

  8. 【RL前沿】深度强化学习的最新进展 by 2017.12.12

    作者:Volodymyr Mnih Google DeepMind科学家. 在Geoffrey Hinton的指导下完成了多伦多大学的机器学习博士学位. 在此之前,在Csab Szepesvari的指 ...

  9. 2018-2019-2 《网络对抗技术》Exp3 免杀原理与实践 Week5 20165233

    Exp3 免杀原理与实践 实验内容 一.基础问题回答 1.杀软是如何检测出恶意代码的? 基于特征码的检测:通过与自己软件中病毒的特征库比对来检测的. 启发式的软件检测:就是根据些片面特征去推断.通常是 ...

  10. Configure First SpringMVC project in IntelliJ IDEA(fail)

    Configure First SpringMVC project in IntelliJ IDEA 13 The Mechanism of Spring MVC frameworks by Java ...