瀏覽代碼

添加双向认证流程

Pq 1 年之前
父節點
當前提交
98c38ab275

二進制
BaseLibrary/src/main/assets/auth_client.bks


二進制
BaseLibrary/src/main/assets/auth_truststore.bks


+ 222 - 0
BaseLibrary/src/main/java/com/cooleshow/base/data/auth/Https.java

@@ -0,0 +1,222 @@
+package com.cooleshow.base.data.auth;
+
+import android.content.Context;
+import android.webkit.ClientCertRequest;
+
+import com.cooleshow.base.utils.LOG;
+import com.cooleshow.base.utils.Utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Enumeration;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Author by pq, Date on 2023/12/28.
+ */
+public class Https {
+
+    private final static String CLIENT_PRI_KEY = "auth_client.bks";
+    private final static String TRUSTSTORE_PUB_KEY = "auth_truststore.bks";
+    private final static String CLIENT_BKS_PASSWORD = "dayaedu";
+    private final static String TRUSTSTORE_BKS_PASSWORD = "dayaedu";
+    private final static String KEYSTORE_TYPE = "BKS";
+    private final static String PROTOCOL_TYPE = "TLS";
+    private final static String CERTIFICATE_FORMAT = "X509";
+
+    public static SSLSocketFactory getSSLCertifcation(Context context) {
+        SSLSocketFactory sslSocketFactory = null;
+        LOG.i("pq", "getSSLCertifcation");
+        try {
+            TrustManager[] trustAllCerts = new TrustManager[]{getTrustManager()};
+
+            // 服务器端需要验证的客户端证书,其实就是客户端的keystore
+            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);// 客户端信任的服务器端证书
+            KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE);//读取证书
+            InputStream ksIn = context.getAssets().open(CLIENT_PRI_KEY);
+            InputStream tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY);//加载证书
+            LOG.i("ksIn:" + ksIn);
+            LOG.i("tsIn:" + tsIn);
+            keyStore.load(ksIn, CLIENT_BKS_PASSWORD.toCharArray());
+            trustStore.load(tsIn, TRUSTSTORE_BKS_PASSWORD.toCharArray());
+
+            ksIn.close();
+            tsIn.close();
+            //初始化SSLContext
+            SSLContext sslContext = SSLContext.getInstance(PROTOCOL_TYPE);
+            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(CERTIFICATE_FORMAT);
+            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(CERTIFICATE_FORMAT);
+
+            trustManagerFactory.init(trustStore);
+            keyManagerFactory.init(keyStore, CLIENT_BKS_PASSWORD.toCharArray());
+
+            sslContext.init(keyManagerFactory.getKeyManagers(), null, null);
+//            sslContext.init(keyManagerFactory.getKeyManagers(), trustAllCerts, null);
+            sslSocketFactory = sslContext.getSocketFactory();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return sslSocketFactory;
+    }
+
+
+    public static boolean proceed(Context context, ClientCertRequest request) {
+        try {
+            // 加载证书
+            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+//            KeyStore keyStore2 = KeyStore.getInstance(KEYSTORE_TYPE);
+            InputStream certInputStream = context.getAssets().open(CLIENT_PRI_KEY);
+            keyStore.load(certInputStream, CLIENT_BKS_PASSWORD.toCharArray());
+
+            PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyStore.aliases().nextElement(), CLIENT_BKS_PASSWORD.toCharArray());
+
+            // 获取证书链
+//            InputStream tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY);//加载证书
+//            keyStore2.load(tsIn, TRUSTSTORE_BKS_PASSWORD.toCharArray());
+//            PrivateKey privateKey = (PrivateKey) keyStore2.getKey(keyStore2.aliases().nextElement(), CLIENT_BKS_PASSWORD.toCharArray());
+            Enumeration<String> aliases = keyStore.aliases();
+            ArrayList<Certificate> list = new ArrayList<>();
+
+            while (aliases.hasMoreElements()) {
+                String alias = aliases.nextElement();
+                LOG.i("alias:" + alias);
+                Certificate certificate = keyStore.getCertificate(alias);
+                list.add(certificate);
+            }
+            LOG.i("list:" + list.size());
+            X509Certificate[] chain = new X509Certificate[list.size()];
+            for (int i = 0; i < list.size(); i++) {
+                Certificate certificate = list.get(i);
+                chain[i] = (X509Certificate) certificate;
+            }
+            LOG.i("chain[0]:" + chain[0]);
+//            certInputStream.close();
+            certInputStream.close();
+            LOG.i("chain:" + chain.length);
+            request.proceed(privateKey, chain);
+            return true;
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return false;
+    }
+
+    public static TrustAllCerts getTrustManager() {
+        return new TrustAllCerts();
+    }
+
+    private static class TrustAllCerts implements X509TrustManager {
+        public void checkClientTrusted(X509Certificate[] chain, String authType) {
+        }
+
+        public void checkServerTrusted(X509Certificate[] chain, String authType) {
+            LOG.i("checkServerTrusted");
+            if (chain == null || chain.length == 0) {
+                throw new RuntimeException(new CertificateException("checkServerTrusted: X509Certificate array is null"));
+            }
+            if (!(null != authType && authType.equals("ECDHE_RSA"))) {
+                throw new RuntimeException(new CertificateException("checkServerTrusted: AuthType is not ECDHE_RSA"));
+            }
+//            //判断证书是否是本地信任列表里颁发的证书(系统默认的验证)
+//            try {
+//                LOG.i("判断证书是否是本地信任列表里颁发的证书(系统默认的验证)");
+//                TrustManagerFactory factory = TrustManagerFactory.getInstance("X509");
+//                factory.init((KeyStore) null);
+//                for (TrustManager trustManager : factory.getTrustManagers()) {
+//                    ((X509TrustManager) trustManager).checkServerTrusted(chain, authType);
+//                }
+//                return;//用系统的证书验证服务器证书,验证通过就不需要继续验证证书信息;也可以注释掉,继续走自己的服务器证书逻辑
+//            } catch (Exception e) {
+//                e.printStackTrace();
+//                //注意这个地方不能抛异常,用系统的证书验证服务器证书,没通过就用自己的验证规则
+////                        throw new CertificateException(e);
+//            }
+
+            LOG.i("获取本地证书中的信息");
+            //获取本地证书中的信息
+            String clientEncoded = "";//公钥
+            String clientSubject = "";//颁发给
+            String clientIssUser = "";//颁发机构
+            try (InputStream inputStream = getAssetFileInputStream()) {
+                KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
+                keyStore.load(inputStream, TRUSTSTORE_BKS_PASSWORD.toCharArray());
+                Enumeration<String> aliases = keyStore.aliases();
+                ArrayList<Certificate> list = new ArrayList<>();
+
+                while (aliases.hasMoreElements()) {
+                    String alias = aliases.nextElement();
+                    LOG.i("alias:" + alias);
+                    Certificate certificate = keyStore.getCertificate(alias);
+                    list.add(certificate);
+                }
+                for (int i = 0; i < list.size(); i++) {
+                    X509Certificate certificate = (X509Certificate) list.get(i);
+                    clientEncoded = new BigInteger(1, certificate.getPublicKey().getEncoded()).toString(16);
+                    clientSubject = certificate.getSubjectDN().getName();
+                    clientIssUser = certificate.getIssuerDN().getName();
+                    boolean check = check(chain, clientEncoded, clientSubject, clientIssUser);
+                    if (check) {
+                        return;
+                    }
+                }
+                throw new RuntimeException(new CertificateException("server's PublicKey is not equals to client's PublicKey"));
+            } catch (Exception e) {
+                e.printStackTrace();
+                throw new RuntimeException(new CertificateException(e));
+            }
+
+        }
+
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+
+        private InputStream getAssetFileInputStream() {
+            try {
+                InputStream ksIn = Utils.getApp().getAssets().open(TRUSTSTORE_PUB_KEY);
+                return ksIn;
+            } catch (IOException e) {
+                throw new RuntimeException(e);
+            }
+        }
+    }
+
+    private static boolean check(X509Certificate[] chain, String clientEncoded, String clientSubject, String clientIssUser) {
+        LOG.i("获取网络中的证书信息");
+        //获取网络中的证书信息
+        X509Certificate certificate = chain[0];
+        PublicKey publicKey = certificate.getPublicKey();
+        String serverEncoded = new BigInteger(1, publicKey.getEncoded()).toString(16);
+        LOG.i("server publicKey:" + serverEncoded);
+
+        if (!clientEncoded.equals(serverEncoded)) {
+            return false;
+//            throw new RuntimeException(new CertificateException("server's PublicKey is not equals to client's PublicKey"));
+        }
+        String subject = certificate.getSubjectDN().getName();
+        if (!clientSubject.equals(subject)) {
+//            throw new RuntimeException(new CertificateException("server's SubjectDN is not equals to client's SubjectDN"));
+            return false;
+        }
+        String issuser = certificate.getIssuerDN().getName();
+        if (!clientIssUser.equals(issuser)) {
+            return false;
+//            throw new RuntimeException(new CertificateException("server's IssuerDN is not equals to client's IssuerDN"));
+        }
+        return true;
+    }
+}

+ 190 - 0
BaseLibrary/src/main/java/com/cooleshow/base/data/auth/HttpsUtil.java

@@ -0,0 +1,190 @@
+package com.cooleshow.base.data.auth;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * Author by pq, Date on 2023/12/28.
+ */
+public class HttpsUtil {
+    public static class SSLParams {
+        public SSLSocketFactory sSLSocketFactory;
+        public X509TrustManager trustManager;
+    }
+
+    public static SSLParams getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password) {
+        SSLParams sslParams = new SSLParams();
+        try {
+            TrustManager[] trustManagers = prepareTrustManager(certificates);
+            KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
+            SSLContext sslContext = SSLContext.getInstance("TLS");
+            X509TrustManager trustManager = null;
+            if (trustManagers != null) {
+                trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
+            } else {
+                trustManager = new UnSafeTrustManager();
+            }
+            sslContext.init(keyManagers, new TrustManager[]{trustManager}, null);
+            sslParams.sSLSocketFactory = sslContext.getSocketFactory();
+            sslParams.trustManager = trustManager;
+            return sslParams;
+        } catch (NoSuchAlgorithmException e) {
+            throw new AssertionError(e);
+        } catch (KeyManagementException e) {
+            throw new AssertionError(e);
+        } catch (KeyStoreException e) {
+            throw new AssertionError(e);
+        }
+    }
+
+    public static class UnSafeHostnameVerifier implements HostnameVerifier {
+        @Override
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+    }
+
+    public static class UnSafeTrustManager implements X509TrustManager {
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType)
+                throws CertificateException {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType)
+                throws CertificateException {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[]{};
+        }
+    }
+
+    private static TrustManager[] prepareTrustManager(InputStream... certificates) {
+        if (certificates == null || certificates.length <= 0) return null;
+        try {
+
+            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+            keyStore.load(null);
+            int index = 0;
+            for (InputStream certificate : certificates) {
+                String certificateAlias = Integer.toString(index++);
+                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
+                try {
+                    if (certificate != null)
+                        certificate.close();
+                } catch (IOException e) {
+                }
+            }
+            TrustManagerFactory trustManagerFactory = null;
+
+            trustManagerFactory = TrustManagerFactory.
+                    getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            trustManagerFactory.init(keyStore);
+
+            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+
+            return trustManagers;
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
+
+    }
+
+    private static KeyManager[] prepareKeyManager(InputStream bksFile, String password) {
+        try {
+            if (bksFile == null || password == null) return null;
+
+            KeyStore clientKeyStore = KeyStore.getInstance("BKS");
+            clientKeyStore.load(bksFile, password.toCharArray());
+            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            keyManagerFactory.init(clientKeyStore, password.toCharArray());
+            return keyManagerFactory.getKeyManagers();
+
+        } catch (KeyStoreException e) {
+            e.printStackTrace();
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        } catch (UnrecoverableKeyException e) {
+            e.printStackTrace();
+        } catch (CertificateException e) {
+            e.printStackTrace();
+        } catch (IOException e) {
+            e.printStackTrace();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+
+    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers) {
+        for (TrustManager trustManager : trustManagers) {
+            if (trustManager instanceof X509TrustManager) {
+                return (X509TrustManager) trustManager;
+            }
+        }
+        return null;
+    }
+
+
+    private static class MyTrustManager implements X509TrustManager {
+        private X509TrustManager defaultTrustManager;
+        private X509TrustManager localTrustManager;
+
+        public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException {
+            TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            var4.init((KeyStore) null);
+            defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
+            this.localTrustManager = localTrustManager;
+        }
+
+
+        @Override
+        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
+            try {
+                defaultTrustManager.checkServerTrusted(chain, authType);
+            } catch (CertificateException ce) {
+                localTrustManager.checkServerTrusted(chain, authType);
+            }
+        }
+
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+    }
+
+}

+ 15 - 6
BaseLibrary/src/main/java/com/cooleshow/base/data/net/RetrofitClientNoToken.java

@@ -4,6 +4,8 @@ package com.cooleshow.base.data.net;
 import android.util.Log;
 
 import com.cooleshow.base.BuildConfig;
+import com.cooleshow.base.data.auth.Https;
+import com.cooleshow.base.data.auth.HttpsUtil;
 import com.cooleshow.base.utils.NetworkUtil;
 import com.cooleshow.base.utils.Utils;
 
@@ -37,13 +39,10 @@ public class RetrofitClientNoToken {
 
                 .connectTimeout(60, TimeUnit.SECONDS)
                 .readTimeout(60, TimeUnit.SECONDS)
-                .cache(createMCache())
                 .retryOnConnectionFailure(true)//错误重连
-                .sslSocketFactory(SSLSocketClient.getSSLSocketFactory(), SSLSocketClient.getTrustManager())
-                .hostnameVerifier(SSLSocketClient.getHostnameVerifier())
-                .addInterceptor(new HttpLoggingInterceptor(new HttpLogger()).setLevel(HttpLoggingInterceptor.Level.BODY))
-                .addInterceptor(cacheInterceptor())
-                .addNetworkInterceptor(cacheInterceptor())
+                .sslSocketFactory(Https.getSSLCertifcation(Utils.getApp()))
+                .hostnameVerifier(new HttpsUtil.UnSafeHostnameVerifier())
+                .addInterceptor(initLogInterceptor())
                 .build();
 
         retrofit = new Retrofit.Builder()
@@ -80,6 +79,16 @@ public class RetrofitClientNoToken {
         return new Cache(cacheFile, 1024 * 1024 * 60);
     }
 
+    private HttpLoggingInterceptor initLogInterceptor() {
+        HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
+        if (BuildConfig.DEBUG) {
+            interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
+        } else {
+            interceptor.setLevel(HttpLoggingInterceptor.Level.NONE);
+        }
+        return interceptor;
+    }
+
     private Interceptor cacheInterceptor() {
         return new Interceptor() {
             @Override

+ 5 - 2
BaseLibrary/src/main/java/com/cooleshow/base/data/net/RetrofitClientUpFile.java

@@ -5,7 +5,10 @@ import android.util.Log;
 
 import com.cooleshow.base.BuildConfig;
 import com.cooleshow.base.common.BaseApplication;
+import com.cooleshow.base.data.auth.Https;
+import com.cooleshow.base.data.auth.HttpsUtil;
 import com.cooleshow.base.utils.NetworkUtil;
+import com.cooleshow.base.utils.Utils;
 
 import java.io.File;
 import java.io.IOException;
@@ -38,8 +41,8 @@ public class RetrofitClientUpFile {
 //                .cookieJar(cookieJar)
                 .cache(createMCache())
                 .retryOnConnectionFailure(true)//错误重连
-                .sslSocketFactory(SSLSocketClient.getSSLSocketFactory(), SSLSocketClient.getTrustManager())
-                .hostnameVerifier(SSLSocketClient.getHostnameVerifier())
+                .sslSocketFactory(Https.getSSLCertifcation(Utils.getApp()))
+                .hostnameVerifier(new HttpsUtil.UnSafeHostnameVerifier())
                 .addInterceptor(new CommonInterceptor())
                 .build();
 

+ 5 - 0
BaseLibrary/src/main/java/com/cooleshow/base/data/net/RetrofitFactory.kt

@@ -2,6 +2,9 @@ package com.cooleshow.base.data.net
 
 import com.cooleshow.base.BuildConfig
 import com.cooleshow.base.common.BaseConstant
+import com.cooleshow.base.data.auth.Https
+import com.cooleshow.base.data.auth.HttpsUtil
+import com.cooleshow.base.utils.Utils
 import okhttp3.OkHttpClient
 import okhttp3.logging.HttpLoggingInterceptor
 import retrofit2.Retrofit
@@ -56,6 +59,8 @@ class RetrofitFactory private constructor() {
         return OkHttpClient.Builder()
             .addInterceptor(initLogInterceptor())
             .addInterceptor(CommonInterceptor())
+            .sslSocketFactory(Https.getSSLCertifcation(Utils.getApp()))
+            .hostnameVerifier(HttpsUtil.UnSafeHostnameVerifier())
             .connectTimeout(20, TimeUnit.SECONDS)
             .readTimeout(20, TimeUnit.SECONDS)
             .build()

+ 22 - 0
accompany/src/main/java/com/daya/orchestra/accompany/web/AccompanyFragment.java

@@ -12,6 +12,7 @@ import android.graphics.Bitmap;
 import android.media.AudioDeviceInfo;
 import android.media.AudioManager;
 import android.media.SoundPool;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -22,6 +23,8 @@ import android.text.TextUtils;
 import android.util.Log;
 import android.view.Gravity;
 import android.view.View;
+import android.webkit.ClientCertRequest;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebResourceError;
 import android.webkit.WebResourceRequest;
@@ -38,6 +41,7 @@ import com.cooleshow.base.bean.WxPayResult;
 import com.cooleshow.base.common.BaseApplication;
 import com.cooleshow.base.common.WebConstants;
 import com.cooleshow.base.constanst.Constants;
+import com.cooleshow.base.data.auth.Https;
 import com.cooleshow.base.data.net.RetrofitClientNoToken;
 import com.cooleshow.base.recorder.AudioChunk;
 import com.cooleshow.base.recorder.AudioRecordConfig;
@@ -1282,6 +1286,24 @@ public class AccompanyFragment extends BaseMVPFragment<FragmentAccompanyBinding,
         public void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error) {
             super.onReceivedError(view, request, error);
         }
+
+        @Override
+        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+            LOG.i("onReceivedSslError:");
+            if (error != null) {
+                LOG.i("onReceivedSslError:" + error.getUrl());
+                LOG.i("onReceivedSslError:" + error.getPrimaryError());
+                LOG.i("onReceivedSslError:" + error.getCertificate());
+            }
+        }
+
+        @Override
+        public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) {
+            LOG.i("onReceivedClientCertRequest");
+            Https.proceed(getContext().getApplicationContext(), request);
+//            request.proceed(Https.getSSLCertifcation(HtmlActivity.this.getApplicationContext()), null);
+
+        }
     }
 
 

+ 1 - 0
student/src/main/java/com/cooleshow/student/ui/web/AccompanyFragment.java

@@ -130,6 +130,7 @@ import okhttp3.ResponseBody;
  * @author Ryan
  * 类说明:
  */
+@Deprecated
 public class AccompanyFragment extends BaseMVPFragment<FragmentAccompanyBinding, AccompanyPresenter> implements JsInterfaceAccomPanyUtils.onGetMethodsListener {
     private final static String TAG = "AccompanyFragmenttag";
     private IWXAPI api;

+ 22 - 0
student/src/main/java/com/cooleshow/student/ui/web/HtmlActivity.java

@@ -12,6 +12,7 @@ import android.graphics.Bitmap;
 import android.graphics.Color;
 import android.graphics.drawable.Drawable;
 import android.net.Uri;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -23,7 +24,9 @@ import android.view.KeyEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
+import android.webkit.ClientCertRequest;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebResourceError;
@@ -54,6 +57,7 @@ import com.cooleshow.base.common.WebConstants;
 import com.cooleshow.base.constanst.Constants;
 import com.cooleshow.base.constanst.StyleConfig;
 import com.cooleshow.base.constanst.UploadConstants;
+import com.cooleshow.base.data.auth.Https;
 import com.cooleshow.base.data.net.RetrofitClientNoToken;
 import com.cooleshow.base.router.RouterPath;
 import com.cooleshow.base.ui.activity.BaseActivity;
@@ -1229,6 +1233,24 @@ public class HtmlActivity extends BaseActivity<ActivityHtml1Binding> implements
             }
         }
 
+        @Override
+        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+            LOG.i("onReceivedSslError:");
+            if (error != null) {
+                LOG.i("onReceivedSslError:" + error.getUrl());
+                LOG.i("onReceivedSslError:" + error.getPrimaryError());
+                LOG.i("onReceivedSslError:" + error.getCertificate());
+            }
+        }
+
+        @Override
+        public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) {
+            LOG.i("onReceivedClientCertRequest");
+            Https.proceed(HtmlActivity.this.getApplicationContext(), request);
+//            request.proceed(Https.getSSLCertifcation(HtmlActivity.this.getApplicationContext()), null);
+
+        }
+
     }
 
     private void showWebView() {

+ 23 - 1
student/src/main/java/com/cooleshow/student/ui/web/HtmlHorizontalScreenActivity.java

@@ -10,6 +10,7 @@ import android.content.res.Configuration;
 import android.graphics.Bitmap;
 import android.graphics.Color;
 import android.net.Uri;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -21,7 +22,9 @@ import android.view.KeyEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
+import android.webkit.ClientCertRequest;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebResourceError;
@@ -47,12 +50,13 @@ import com.cooleshow.base.BuildConfig;
 import com.cooleshow.base.bean.WxPayResult;
 import com.cooleshow.base.common.WebConstants;
 import com.cooleshow.base.constanst.Constants;
+import com.cooleshow.base.data.auth.Https;
 import com.cooleshow.base.data.net.RetrofitClientNoToken;
 import com.cooleshow.base.router.RouterPath;
 import com.cooleshow.base.ui.activity.BaseActivity;
 import com.cooleshow.base.utils.AppUtils;
 import com.cooleshow.base.utils.ClipboardUtils;
-import com.cooleshow.base.utils.MyFileUtils;
+import com.cooleshow.base.utils.LOG;import com.cooleshow.base.utils.MyFileUtils;
 import com.cooleshow.base.utils.PermissionUtils;
 import com.cooleshow.base.utils.ToastUtil;
 import com.cooleshow.base.utils.UiUtils;
@@ -976,6 +980,24 @@ public class HtmlHorizontalScreenActivity extends BaseActivity<ActivityHtml1Bind
         public void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error) {
             super.onReceivedError(view, request, error);
         }
+
+        @Override
+        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+            com.cooleshow.base.utils.LOG.i("onReceivedSslError:");
+            if (error != null) {
+                LOG.i("onReceivedSslError:" + error.getUrl());
+                LOG.i("onReceivedSslError:" + error.getPrimaryError());
+                LOG.i("onReceivedSslError:" + error.getCertificate());
+            }
+        }
+
+        @Override
+        public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) {
+            LOG.i("onReceivedClientCertRequest");
+            Https.proceed(HtmlHorizontalScreenActivity.this.getApplicationContext(), request);
+//            request.proceed(Https.getSSLCertifcation(HtmlActivity.this.getApplicationContext()), null);
+
+        }
     }
 
 

+ 1 - 0
teacher/src/main/java/com/cooleshow/teacher/ui/web/AccompanyFragment.java

@@ -130,6 +130,7 @@ import okhttp3.ResponseBody;
  * @author Ryan
  * 类说明:
  */
+@Deprecated
 public class AccompanyFragment extends BaseMVPFragment<FragmentAccompanyBinding, AccompanyPresenter> implements JsInterfaceAccomPanyUtils.onGetMethodsListener {
     private final static String TAG = "AccompanyFragmenttag";
     public static final int SHARE_CHAT_REQUEST_CODE = 501;

+ 22 - 0
teacher/src/main/java/com/cooleshow/teacher/ui/web/HtmlActivity.java

@@ -11,6 +11,7 @@ import android.content.res.Configuration;
 import android.graphics.Bitmap;
 import android.graphics.Color;
 import android.net.Uri;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -22,7 +23,9 @@ import android.view.KeyEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
+import android.webkit.ClientCertRequest;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebResourceError;
@@ -53,6 +56,7 @@ import com.cooleshow.base.common.WebConstants;
 import com.cooleshow.base.constanst.Constants;
 import com.cooleshow.base.constanst.StyleConfig;
 import com.cooleshow.base.constanst.UploadConstants;
+import com.cooleshow.base.data.auth.Https;
 import com.cooleshow.base.data.net.RetrofitClientNoToken;
 import com.cooleshow.base.router.RouterPath;
 import com.cooleshow.base.ui.activity.BaseActivity;
@@ -1238,6 +1242,24 @@ public class HtmlActivity extends BaseActivity<ActivityHtml1Binding> implements
                 }
             }
         }
+
+        @Override
+        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+            LOG.i("onReceivedSslError:");
+            if (error != null) {
+                LOG.i("onReceivedSslError:" + error.getUrl());
+                LOG.i("onReceivedSslError:" + error.getPrimaryError());
+                LOG.i("onReceivedSslError:" + error.getCertificate());
+            }
+        }
+
+        @Override
+        public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) {
+            LOG.i("onReceivedClientCertRequest");
+            Https.proceed(HtmlActivity.this.getApplicationContext(), request);
+//            request.proceed(Https.getSSLCertifcation(HtmlActivity.this.getApplicationContext()), null);
+
+        }
     }
 
 

+ 23 - 0
teacher/src/main/java/com/cooleshow/teacher/ui/web/HtmlHorizontalScreenActivity.java

@@ -10,6 +10,7 @@ import android.content.res.Configuration;
 import android.graphics.Bitmap;
 import android.graphics.Color;
 import android.net.Uri;
+import android.net.http.SslError;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.Handler;
@@ -21,7 +22,9 @@ import android.view.KeyEvent;
 import android.view.View;
 import android.view.ViewGroup;
 import android.view.WindowManager;
+import android.webkit.ClientCertRequest;
 import android.webkit.GeolocationPermissions;
+import android.webkit.SslErrorHandler;
 import android.webkit.ValueCallback;
 import android.webkit.WebChromeClient;
 import android.webkit.WebResourceError;
@@ -47,11 +50,13 @@ import com.cooleshow.base.BuildConfig;
 import com.cooleshow.base.bean.WxPayResult;
 import com.cooleshow.base.common.WebConstants;
 import com.cooleshow.base.constanst.Constants;
+import com.cooleshow.base.data.auth.Https;
 import com.cooleshow.base.data.net.RetrofitClientNoToken;
 import com.cooleshow.base.router.RouterPath;
 import com.cooleshow.base.ui.activity.BaseActivity;
 import com.cooleshow.base.utils.AppUtils;
 import com.cooleshow.base.utils.ClipboardUtils;
+import com.cooleshow.base.utils.LOG;
 import com.cooleshow.base.utils.PermissionUtils;
 import com.cooleshow.base.utils.ToastUtil;
 import com.cooleshow.base.utils.UiUtils;
@@ -973,6 +978,24 @@ public class HtmlHorizontalScreenActivity extends BaseActivity<ActivityHtml1Bind
         public void onReceivedError(WebView view, WebResourceRequest request, WebResourceError error) {
             super.onReceivedError(view, request, error);
         }
+
+        @Override
+        public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
+            LOG.i("onReceivedSslError:");
+            if (error != null) {
+                LOG.i("onReceivedSslError:" + error.getUrl());
+                LOG.i("onReceivedSslError:" + error.getPrimaryError());
+                LOG.i("onReceivedSslError:" + error.getCertificate());
+            }
+        }
+
+        @Override
+        public void onReceivedClientCertRequest(WebView view, ClientCertRequest request) {
+            LOG.i("onReceivedClientCertRequest");
+            Https.proceed(HtmlHorizontalScreenActivity.this.getApplicationContext(), request);
+//            request.proceed(Https.getSSLCertifcation(HtmlActivity.this.getApplicationContext()), null);
+
+        }
     }