Android Network--How I did it: Volley+OkHttp+Https

Use OkHttp as the transport layer implementation.

By default, Volley uses different HTTP transport protocols according to the Android system version.
Volley uses ApacheHttpStack as the transport protocol on Android 3.0 and above, and HttpURLConnection as the transport layer protocol on 2.3 and below

OkHttp has the following advantages over other implementations.

• Supports SPDY, allowing all requests connecting to the same host to share a socket.
• If SPDY is not available, a connection pool is used to reduce request latency.
• Downloads are compressed using GZIP, and the compression is transparent to the user.
• Leverage response caching to avoid duplicate network requests.
• When network problems occur, OKHttp will still work and it will recover from common connection problems.
• If your server has multiple IP addresses, when the first address fails to connect, OKHttp will try to connect to other addresses. This is very necessary for IPV4 and IPV6 services and services hosted in multiple data centers.

Therefore, using OkHttp as an alternative is a good choice.

1. head   First, use OkHttp to implement a new HurlStack to build Volley's requestQueue.

    public   class OkHttpStack extends HurlStack { 
     
    private OkHttpClient okHttpClient; 
    
    /**
     * Create a OkHttpStack with default OkHttpClient.
    */  
    public OkHttpStack() {
    this ( new OkHttpClient());
    } 
    
    /**
     * Create a OkHttpStack with a custom OkHttpClient
     * @param okHttpClient Custom OkHttpClient, NonNull
    */  
    public OkHttpStack(OkHttpClient okHttpClient) {
    this .okHttpClient = okHttpClient;
    } 
    
    @Override  
    protected HttpURLConnection createConnection(URL url) throws IOException {
        OkUrlFactory okUrlFactory = new OkUrlFactory(okHttpClient);
    return okUrlFactory.open(url);
    }
    }

2. Then use OkHttpStack to create a new Volley requestQueue.

    requestQueue = Volley.newRequestQueue(getContext(), new OkHttpStack());
    requestQueue.start();

   That's it.

Using Https

As a developer with integrity, you should use HTTPS to protect user data. The article Security with HTTPS and SSL on the Android Developers website explains this in detail.

OkHttp itself supports Https. Refer to the document OkHttp Https, and use the above OkHttpStack directly. However, if the server developer uses a self-signed certificate (don't ask me why I use a self-signed certificate), it will not be accessible normally.

Many articles on the Internet provide a solution that provides a TrustManager that does nothing and skips SSL verification. This is very vulnerable to attacks, and Https is useless.

The solution I adopted is to package the self-signed certificate into the APK and add trust.

benefit:

• The application is difficult to reverse engineer. The application no longer relies on the system's trust store, making tools such as Charles packet capture ineffective. To analyze the application API, the APK must be decompiled.
• No need to purchase additional certificates, save money....

shortcoming:

• The flexibility of certificate deployment is reduced, and the program must be upgraded once the certificate is changed.

Implementation steps

Take the most famous self-signed website 12306 as an example

1. Exporting a Certificate

    echo | openssl s_client -connect kyfw. 12306 .cn: 443   2 >& 1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > kyfw. 12306 .cn.pem

2. Convert the certificate to bks format Download the latest bcprov-jdk and execute the following command. storepass is the password for exporting the key file.

    keytool -importcert -v \
    -trustcacerts \
    -alias 0 \
    -file <(openssl x509 -in kyfw. 12306 .cn.pem) \
    -keystore $CERTSTORE -storetype BKS \
    -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider \
    -providerpath ./bcprov-jdk16- 1.46 .jar \
    -storepass asdfqaz

3. Put the exported kyfw.bks file into the res/raw folder.

4. Create SelfSignSslOkHttpStack

    /**
    * A HttpStack implement witch can verify specified self-signed certification.
    */  
    public   class SelfSignSslOkHttpStack extends HurlStack { 
    
    private OkHttpClient okHttpClient; 
    
    private Map<String, SSLSocketFactory> socketFactoryMap; 
    
    /**
     * Create a OkHttpStack with default OkHttpClient.
    */  
    public SelfSignSslOkHttpStack(Map<String, SSLSocketFactory> factoryMap) {
    this ( new OkHttpClient(), factoryMap);
    } 
    
    /**
     * Create a OkHttpStack with a custom OkHttpClient
     * @param okHttpClient Custom OkHttpClient, NonNull
    */  
    public SelfSignSslOkHttpStack(OkHttpClient okHttpClient, Map<String, SSLSocketFactory> factoryMap) {
    this .okHttpClient = okHttpClient;
    this .socketFactoryMap = factoryMap;
    } 
    
    @Override  
    protected HttpURLConnection createConnection(URL url) throws IOException {
    if ( "https" .equals(url.getProtocol()) && socketFactoryMap.containsKey(url.getHost())) {
            HttpsURLConnection connection = (HttpsURLConnection) new OkUrlFactory(okHttpClient).open(url);
            connection.setSSLSocketFactory(socketFactoryMap.get(url.getHost()));
    return connection;
    } else {
    return    new OkUrlFactory(okHttpClient).open(url);
    }
    }
    }

5. Then use SelfSignSslOkHttpStack to create Volley's RequestQueue.

    String[] hosts = { "kyfw.12306.cn" };
    int [] certRes = {R.raw.kyfw};
    String[] certPass = { "asdfqaz" };
    socketFactoryMap = new Hashtable<>(hosts.length); 
    
    for ( int i = 0 ; i < certRes.length; i++) {
    int res = certRes[i];
        String password = certPass[i];
        SSLSocketFactory sslSocketFactory = createSSLSocketFactory(context, res, password);
        socketFactoryMap.put(hosts[i], sslSocketFactory);
    } 
    
    HurlStack stack = new SelfSignSslOkHttpStack(socketFactoryMap); 
    
    requestQueue = Volley.newRequestQueue(context, stack);
    requestQueue.start();

6. Let's try it out by replacing the original RequestQueue with the one created in the previous step and then sending a request.

    StringRequest request = new StringRequest(
               Request.Method.GET,
    "https://kyfw.12306.cn/otn/" ,
    new Response.Listener<String>() {
    @Override  
    public   void onResponse(String response) {
                       responseContentTextView.setText(response);
    }
    },
    new Response.ErrorListener() {
    @Override  
    public   void onErrorResponse(VolleyError error) {
                       responseContentTextView.setText(error.toString());
    }
    });
       RequestManager.getInstance( this ).addRequest(request, this );

7. done