Glide入门教程(15)接受自签名HTTPS证书

发表于 | 分类于 | 阅读次数
字数统计 | 阅读时长
接受自签名HTTPS证书

       Glide提供了一个简单的方法去访问Glide核心部分的功能。我们可以很快地通过实现和定义GlideModule改变Glide的行为。我们已经通过实现applyOptions()方法改变解析格式,去提升图片质量。文本我们要使用其它的方法,registerComponents(),去改变Glide的网络栈,让它能从自签名HTTPS服务器接收连接和图片。

用GlideModule定制Glide

       GlideModule提供了两个方法改变行为。上篇文章,我们学习了第一个方法applyOption()。本文我们使用另一个方法registerComponents()去设置一个不同的网络栈。默认地,Glide内部使用标准的HTTPUrlConnection去下载图片。Glide也提供两个集成库。这三个方法优点是在安全设置上都是相当严格的。唯一的不足之处是当你从一个使用HTTPS,还是self-signed的服务器下载图片时,Glide并不会下载或者显示图片,因为self-signed认证会被认为存在安全问题。

不安全的 OkHttpClient

       这样,你会需要去实现能够接受self-signed认证的网络栈。我们已经实现并用过一个“不安全的”OkHttpClient。由于它提供了一个需要集成的常规OkHttpClient,我们只需要拷贝并粘贴这个类:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
public class UnsafeOkHttpClient {  
    public static OkHttpClient getUnsafeOkHttpClient() {
        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[]{
                    new X509TrustManager() {
                        @Override
                        public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                        }

                        @Override
                        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                            return null;
                        }
                    }
            };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

            OkHttpClient okHttpClient = new OkHttpClient();
            okHttpClient.setSslSocketFactory(sslSocketFactory);
            okHttpClient.setProtocols(Arrays.asList(Protocol.HTTP_1_1));
            okHttpClient.setHostnameVerifier(new HostnameVerifier() {
                @Override
                public boolean verify(String hostname, SSLSession session) {
                    return true;
                }
            });

            return okHttpClient;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

       创建的OkHttpClient关闭了所有的SSL认证检查。

集成到 Glide

       Glide的OkHTTP集成库做的都是一样的工作。首先,我们需要在GlideModule里声明我们的定制。需要在registerComponents()方法里做适配。可以调用.register()方法去交换Glide基础构成。Glide使用一个ModelLoader去链接到数据模型创建一个具体的数据类型。我们的例子中,需要创建一个ModelLoader,它连接到一个URL,通过GlideUrl类响应并转化为输入流。Glide需要能够创建我们的新ModelLoader的实例,所以我们在.register()方法中传入一个工厂:

1
2
3
4
5
6
7
8
9
10
11
public class UnsafeOkHttpGlideModule implements GlideModule {  
        @Override
        public void applyOptions(Context context, GlideBuilder builder) {

        }

        @Override
        public void registerComponents(Context context, Glide glide) {
            glide.register(GlideUrl.class, InputStream.class, new OkHttpUrlLoader.Factory());
        }
    }

       方法里的前两个参数是模型类和链接资源类。最后一个参数是ModelLoaderFactory。最终,我们不能直接设置一个UnsafeOkHttpClient实例,我们需要创建一个ModelLoaderFactory,使用UnsafeOkHttpClient去提供URL和输入流之间的链接。

       OkHttp集成库给了我们一个很棒的模版:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
public class OkHttpUrlLoader implements ModelLoader<GlideUrl, InputStream> {

    /**
     * The default factory for {@link OkHttpUrlLoader}s.
     */
    public static class Factory implements ModelLoaderFactory<GlideUrl, InputStream> {
        private static volatile OkHttpClient internalClient;
        private OkHttpClient client;

        private static OkHttpClient getInternalClient() {
            if (internalClient == null) {
                synchronized (Factory.class) {
                    if (internalClient == null) {
                        internalClient = UnsafeOkHttpClient.getUnsafeOkHttpClient();
                    }
                }
            }
            return internalClient;
        }

        /**
         * Constructor for a new Factory that runs requests using a static singleton client.
         */
        public Factory() {
            this(getInternalClient());
        }

        /**
         * Constructor for a new Factory that runs requests using given client.
         */
        public Factory(OkHttpClient client) {
            this.client = client;
        }

        @Override
        public ModelLoader<GlideUrl, InputStream> build(Context context, GenericLoaderFactory factories) {
            return new OkHttpUrlLoader(client);
        }

        @Override
        public void teardown() {
            // Do nothing, this instance doesn't own the client.
        }
    }

    private final OkHttpClient client;

    public OkHttpUrlLoader(OkHttpClient client) {
        this.client = client;
    }

    @Override
    public DataFetcher<InputStream> getResourceFetcher(GlideUrl model, int width, int height) {
        return new OkHttpStreamFetcher(client, model);
    }
}

       在这个类里,可以看到ModelLoaderFactory是如何被构造的。最重要的一行是internalClient对象的创建:internalClient = UnsafeOkHttpClient.getUnsafeOkHttpClient();。

       我们仍然要使用我们不安全的OkHttpClient去链接Url到一个有效的输入流。这样,我们还需要另外一个类去取到URL对应的输入流的响应:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
public class OkHttpStreamFetcher implements DataFetcher<InputStream> {  
    private final OkHttpClient client;
    private final GlideUrl url;
    private InputStream stream;
    private ResponseBody responseBody;

    public OkHttpStreamFetcher(OkHttpClient client, GlideUrl url) {
        this.client = client;
        this.url = url;
    }

    @Override
    public InputStream loadData(Priority priority) throws Exception {
        Request.Builder requestBuilder = new Request.Builder()
                .url(url.toStringUrl());

        for (Map.Entry<String, String> headerEntry : url.getHeaders().entrySet()) {
            String key = headerEntry.getKey();
            requestBuilder.addHeader(key, headerEntry.getValue());
        }

        Request request = requestBuilder.build();

        Response response = client.newCall(request).execute();
        responseBody = response.body();
        if (!response.isSuccessful()) {
            throw new IOException("Request failed with code: " + response.code());
        }

        long contentLength = responseBody.contentLength();
        stream = ContentLengthInputStream.obtain(responseBody.byteStream(), contentLength);
        return stream;
    }

    @Override
    public void cleanup() {
        if (stream != null) {
            try {
                stream.close();
            } catch (IOException e) {
                // Ignored
            }
        }
        if (responseBody != null) {
            try {
                responseBody.close();
            } catch (IOException e) {
                // Ignored.
            }
        }
    }

    @Override
    public String getId() {
        return url.getCacheKey();
    }

    @Override
    public void cancel() {
        // TODO: call cancel on the client when this method is called on a background thread. See #257
    }
}

       没必要明白类里面的所有细节。相反,应当对于Glide系统如何替换内部工厂部分有个大概了解。

参考资料:
签到钱就到 Glide入门教程——17.Glide Module 案例: 接受自签名HTTPS证书

Fork me on GitHub