下面列出了怎么用com.squareup.okhttp.ConnectionSpec的API类实例代码及写法,或者点击链接到github查看源代码。
private OkHttpChannelBuilder createChannelBuilder() {
OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", getPort())
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.connectionSpec(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
.build())
.overrideAuthority(GrpcUtil.authorityFromHostAndPort(
TestUtils.TEST_SERVER_HOST, getPort()));
io.grpc.internal.TestingAccessor.setStatsImplementation(
builder, createClientCensusStatsModule());
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
return builder;
}
private static void verifyTLS12Enforced(OkHttpClient client) {
ArgumentCaptor<SSLSocketFactory> factoryCaptor = ArgumentCaptor.forClass(SSLSocketFactory.class);
verify(client).setSslSocketFactory(factoryCaptor.capture());
assertTrue(factoryCaptor.getValue() instanceof TLS12SocketFactory);
ArgumentCaptor<List> specCaptor = ArgumentCaptor.forClass(List.class);
verify(client).setConnectionSpecs(specCaptor.capture());
boolean hasTls12 = false;
for (Object item : specCaptor.getValue()) {
assertTrue(item instanceof ConnectionSpec);
ConnectionSpec spec = (ConnectionSpec) item;
if (!spec.isTls()) {
continue;
}
List<TlsVersion> versions = spec.tlsVersions();
for (TlsVersion version : versions) {
if ("TLSv1.2".equals(version.javaName())) {
hasTls12 = true;
break;
}
}
}
assertTrue(hasTls12);
}
@Override
protected ManagedChannel createChannel() {
try {
final int port = server.httpsPort();
return OkHttpChannelBuilder
.forAddress("localhost", port)
.useTransportSecurity()
.maxInboundMessageSize(16 * 1024 * 1024)
.connectionSpec(ConnectionSpec.MODERN_TLS)
.overrideAuthority("example.com:" + port)
.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(
Platform.get().getProvider(), ssc.certificateFile()))
.build();
} catch (Exception ex) {
throw new RuntimeException(ex);
}
}
private OkHttpChannelBuilder createChannelBuilder() {
int port = ((InetSocketAddress) getListenAddress()).getPort();
OkHttpChannelBuilder builder = OkHttpChannelBuilder.forAddress("localhost", port)
.maxInboundMessageSize(AbstractInteropTest.MAX_MESSAGE_SIZE)
.connectionSpec(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.cipherSuites(TestUtils.preferredTestCiphers().toArray(new String[0]))
.build())
.overrideAuthority(GrpcUtil.authorityFromHostAndPort(
TestUtils.TEST_SERVER_HOST, port));
try {
builder.sslSocketFactory(TestUtils.newSslSocketFactoryForCa(Platform.get().getProvider(),
TestUtils.loadCert("ca.pem")));
} catch (Exception e) {
throw new RuntimeException(e);
}
// Disable the default census stats interceptor, use testing interceptor instead.
io.grpc.internal.TestingAccessor.setStatsEnabled(builder, false);
return builder.intercept(createCensusStatsClientInterceptor());
}
@Test
public void failForUsingClearTextSpecDirectly() {
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage("plaintext ConnectionSpec is not accepted");
OkHttpChannelBuilder.forAddress("host", 1234).connectionSpec(ConnectionSpec.CLEARTEXT);
}
/**
* Enable TLS 1.2 on the OkHttpClient on API 16-21, which is supported but not enabled by default.
*
* @link https://github.com/square/okhttp/issues/2372
* @see TLS12SocketFactory
*/
private void enforceTls12(OkHttpClient client) {
// No need to modify client as TLS 1.2 is enabled by default on API21+
// Lollipop is included because some Samsung devices face the same problem on API 21.
if (Build.VERSION.SDK_INT < Build.VERSION_CODES.JELLY_BEAN
|| Build.VERSION.SDK_INT > Build.VERSION_CODES.LOLLIPOP) {
return;
}
try {
SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, null);
client.setSslSocketFactory(new TLS12SocketFactory(sc.getSocketFactory()));
ConnectionSpec cs = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.tlsVersions(TlsVersion.TLS_1_2)
.build();
List<ConnectionSpec> specs = new ArrayList<>();
specs.add(cs);
specs.add(ConnectionSpec.COMPATIBLE_TLS);
specs.add(ConnectionSpec.CLEARTEXT);
client.setConnectionSpecs(specs);
} catch (NoSuchAlgorithmException | KeyManagementException e) {
Log.e(TAG, "Error while setting TLS 1.2", e);
}
}
@Test
public void failForUsingClearTextSpecDirectly() {
thrown.expect(IllegalArgumentException.class);
thrown.expectMessage("plaintext ConnectionSpec is not accepted");
OkHttpChannelBuilder.forAddress("host", 1234).connectionSpec(ConnectionSpec.CLEARTEXT);
}
@Test
public void allowUsingTlsConnectionSpec() {
OkHttpChannelBuilder.forAddress("host", 1234).connectionSpec(ConnectionSpec.MODERN_TLS);
}
@Test
public void allowUsingTlsConnectionSpec() {
OkHttpChannelBuilder.forAddress("host", 1234).connectionSpec(ConnectionSpec.MODERN_TLS);
}