使用Android OkHttpClient重新连接和缓存SSL连接

时间:2016-08-11 16:46:31

标签: android session ssl okhttp retrofit2

我正在使用Retrofit和OkHttp来执行所有网络操作,例如GET,HTTP和HTTPS网址的POST。一切都运行良好但除了我需要重复使用会话以减少每个服务调用的握手计时过程。截至目前,服务器需要超过800毫秒才能在客户端和服务器之间启动所有服务调用的握手。

我需要什么:

我必须重复使用SSLSessions才能使握手仅在第一次或特定时间间隔内发生。

使用Okhttp和Retrofit进行SSL的代码:

  Retrofit retrofit = new Retrofit.Builder()
                            .baseUrl(baseURL)
                            .addConverterFactory(GsonConverterFactory.create())
                            .client(getOkHttpClient(context, new OkHttpClient(), context.getResources().openRawResource(R.raw.mysslcertificate)))
                            .build();

    retrofit.create(apiClass);


    public static OkHttpClient getOkHttpClient(Context context,OkHttpClient client, InputStream inputStream) {

        try {
            if (inputStream != null) {
                SSLContext sslContext = sslContextForTrustedCertificates(inputStream);


                if (sslContext != null) {
                   client = client.newBuilder()
                                        .sslSocketFactory(sslContext.getSocketFactory()).build();


                    else {

                        CLog.i(Constants.LOG_TAG_HTTPLIBRARY,"GZip not done because it is not a Analytics data");

                        client = client.newBuilder()
                                .sslSocketFactory(sslContext.getSocketFactory()).build();
                    }
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }


        return client;
    }


     private static SSLContext sslContextForTrustedCertificates(InputStream in) {
        try {
            CertificateFactory e = CertificateFactory.getInstance("X.509");
            Collection certificates = e.generateCertificates(in);
            if (certificates.isEmpty()) {
                throw new IllegalArgumentException("expected non-empty set of trusted certificates");
            } else {
                char[] password = "password".toCharArray();
                KeyStore keyStore = newEmptyKeyStore(password);
                int index = 0;
                Iterator keyManagerFactory = certificates.iterator();
                while (keyManagerFactory.hasNext()) {
                    Certificate trustManagerFactory = (Certificate) keyManagerFactory.next();
                    String sslContext = Integer.toString(index++);
                    keyStore.setCertificateEntry(sslContext, trustManagerFactory);
                }



                KeyManagerFactory var10 = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                var10.init(keyStore, password);
                TrustManagerFactory var11 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                var11.init(keyStore);
                SSLContext var12 = SSLContext.getInstance("TLS");
                var12.init(var10.getKeyManagers(), var11.getTrustManagers(), new SecureRandom());

                return var12;
            }
        } catch (Exception var9) {
            var9.printStackTrace();
        }
        return null;
    }

我尝试了什么:

由于我找不到与OkHttpClient相关的任何内容,但我尝试从链接中引用一些解决方案,如下所示:

https://gist.github.com/codebutler/5565971

https://developer.android.com/reference/javax/net/ssl/SSLContext.html

但坦率地说,没有什么对我有帮助,我甚至找不到任何相关的解决方案来满足我的要求。最后,我在几周内完全坚持这个解决方案。请通过您的任何提示和建议帮助我完成任务。任何代码或方法都对我非常有用。提前谢谢。

0 个答案:

没有答案