Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- package id.jababeka.networks;
- import android.content.Context;
- import android.os.Build;
- import android.util.Log;
- import java.io.IOException;
- import java.io.InputStream;
- import java.security.GeneralSecurityException;
- import java.security.KeyManagementException;
- import java.security.KeyStore;
- import java.security.KeyStoreException;
- import java.security.NoSuchAlgorithmException;
- import java.security.cert.Certificate;
- import java.security.cert.CertificateException;
- import java.security.cert.CertificateFactory;
- import java.util.ArrayList;
- import java.util.Arrays;
- import java.util.List;
- import java.util.concurrent.TimeUnit;
- import javax.net.ssl.SSLContext;
- import javax.net.ssl.TrustManager;
- import javax.net.ssl.TrustManagerFactory;
- import javax.net.ssl.X509TrustManager;
- import id.jababeka.BuildConfig;
- import id.jababeka.R;
- import id.jababeka.networks.response.model.SelfSigningClientBuilder;
- import okhttp3.CertificatePinner;
- import okhttp3.ConnectionSpec;
- import okhttp3.OkHttpClient;
- import okhttp3.TlsVersion;
- import okhttp3.logging.HttpLoggingInterceptor;
- import retrofit2.Retrofit;
- import retrofit2.converter.gson.GsonConverterFactory;
- /**
- * Created by YS on 07/03/18.
- */
- public class RetrofitInstance {
- // TODO: Need to set the 'good' connection timeout
- private static final String BASE_URL = "https://jsmart.id/api/";
- // private static final String BASE_URL = "http://jababeka.sorot.id/api/";
- private static final Integer connectTimeout = 600;
- private static final Integer readTimeout = 600;
- private static final Integer writeTimeout = 600;
- private static OkHttpClient.Builder httpClientBuilder = null;
- public static Retrofit getInstance(Context mContext) {
- httpClientBuilder = new OkHttpClient.Builder()
- .readTimeout(30, TimeUnit.SECONDS)
- .connectTimeout(30,TimeUnit.SECONDS)
- .writeTimeout(30,TimeUnit.SECONDS);
- initHttpLogging();
- initSSL(mContext);
- return new Retrofit.Builder()
- .baseUrl(BASE_URL)
- .addConverterFactory(GsonConverterFactory.create())
- .client(enableTls12OnPreLollipop(httpClientBuilder).build())
- .build();
- }
- // private static OkHttpClient getOkHttpClient() {
- // String hostName = "www.jsmart.id";
- // CertificatePinner certificatePinner = new CertificatePinner.Builder()
- // .add(hostName,"sha256/aNpbJHzNvrX5DRCEU//H79R8fEXiT44CU+51Id8egxE=")
- // .build();
- //
- // return new OkHttpClient.Builder()
- // .connectTimeout(connectTimeout, TimeUnit.SECONDS)
- // .writeTimeout(writeTimeout, TimeUnit.SECONDS)
- // .readTimeout(readTimeout, TimeUnit.SECONDS)
- // .certificatePinner(certificatePinner)
- // .build();
- // }
- private static void initHttpLogging() {
- HttpLoggingInterceptor logging = new HttpLoggingInterceptor();
- logging.setLevel(HttpLoggingInterceptor.Level.BODY);
- if (BuildConfig.DEBUG) httpClientBuilder.addInterceptor(logging);
- }
- private static void initSSL(Context context) {
- SSLContext sslContext = null;
- try {
- sslContext = (SSLContext) createCertificate(context.getResources().openRawResource(R.raw.certificate));
- } catch (CertificateException | IOException | KeyStoreException | KeyManagementException | NoSuchAlgorithmException e) {
- e.printStackTrace();
- }
- if(sslContext!=null){
- httpClientBuilder.sslSocketFactory(sslContext.getSocketFactory(), systemDefaultTrustManager());
- }
- }
- private static SSLContext createCertificate(InputStream trustedCertificateIS) throws CertificateException, IOException, KeyStoreException, KeyManagementException, NoSuchAlgorithmException{
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- Certificate ca;
- try {
- ca = cf.generateCertificate(trustedCertificateIS);
- } finally {
- trustedCertificateIS.close();
- }
- // creating a KeyStore containing our trusted CAs
- String keyStoreType = KeyStore.getDefaultType();
- KeyStore keyStore = KeyStore.getInstance(keyStoreType);
- keyStore.load(null, null);
- keyStore.setCertificateEntry("ca", ca);
- // creating a TrustManager that trusts the CAs in our KeyStore
- String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
- tmf.init(keyStore);
- // creating an SSLSocketFactory that uses our TrustManager
- SSLContext sslContext = SSLContext.getInstance("TLS");
- sslContext.init(null, tmf.getTrustManagers(), null);
- return sslContext;
- }
- private static X509TrustManager systemDefaultTrustManager() {
- try {
- TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
- trustManagerFactory.init((KeyStore) null);
- TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
- if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
- throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
- }
- return (X509TrustManager) trustManagers[0];
- } catch (GeneralSecurityException e) {
- throw new AssertionError(); // The system has no TLS. Just give up.
- }
- }
- private static OkHttpClient.Builder enableTls12OnPreLollipop(OkHttpClient.Builder client) {
- if (Build.VERSION.SDK_INT >= 16 && Build.VERSION.SDK_INT < 22) {
- try {
- SSLContext sc = SSLContext.getInstance("TLSv1.2");
- sc.init(null, null, null);
- client.sslSocketFactory(new Tls12SocketFactory(sc.getSocketFactory()));
- ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
- .tlsVersions(TlsVersion.TLS_1_2)
- .build();
- List<ConnectionSpec> specs = new ArrayList<>();
- specs.add(cs);
- specs.add(ConnectionSpec.COMPATIBLE_TLS);
- specs.add(ConnectionSpec.CLEARTEXT);
- client.connectionSpecs(specs);
- } catch (Exception exc) {
- Log.e("OkHttpTLSCompat", "Error while setting TLS 1.2", exc);
- }
- }
- return client;
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement