android 开启Https单向认证
16lz
2021-01-23
android 开启Https单项认证,有两种方法:
第一种方法是将根证书内置到系统中:
Android管理根证书的方式比较简单,将证书放入指定位置编译系统即可,证书的具体路径是:
~/libcore/luni/src/main/files/cacerts$ ls00673b5b.0 124bbd54.0 21855f49.0 399e7759.0 450c6e38.0 57692373.0 67495436.0 7a819ef2.0 895cad1a.0 9ab62355.0 add67345.0 c491639e.0 d18e9066.0 e60bf0c0.0 fac084d7.002b73561.0 12d55845.0 219d9499.0 3a3b02ce.0 455f1b52.0 58a44af1.0 69105f4f.0 7d3cd826.0 89c02a45.0 9d6523ce.0 aeb67534.0 c51c224c.0 d4c339cb.0 e775ed2d.0 facacbc6.003f2b8cf.0 1676090a.0 23f4c490.0 3ad48a91.0 48a195d8.0 594f1775.0 6c80ef1b.0 7d453d8f.0 8d6437c3.0 9dbefe7b.0 b0ed035a.0 c527e4ab.0 d59297b8.0 e8651083.0 fb126c6d.004f60c28.0 17b51fe6.0 27af790d.0 3c58f906.0 4be590e0.0 5a250ea7.0 6e8bf996.0 81b9768f.0 91739615.0 9f533518.0 b0f3e76e.0 c7e2a638.0 d64f06f3.0 ea169617.0 fde84897.0052e396b.0 1dac3003.0 2add47b6.0 3c6676aa.0 4d654d1d.0 5a3f0ff8.0 6fcc125d.0 82223c44.0 9282e51c.0 a0bc6fbb.0 b3fb433b.0 c90bc37d.0 d66b55d9.0 ed39abd0.0 ff783690.008aef7bb.0 1dcd6f4c.0 2d9dafe4.0 3c860d51.0 4e18c148.0 5cf9d536.0 72f369af.0 8470719d.0 9339512a.0 a2c66da8.0 b7db1890.0 cb156124.0 d6e6eab9.0 ed524cf5.00d5a4e1c.0 1df5a75f.0 2fa87019.0 3c9a4d3b.0 4fbd6bfa.0 5e4e69e7.0 75680d2e.0 84cba82f.0 9576d26b.0 a2df7ad7.0 b872f2b4.0 ccc52f49.0 d7746a63.0 ee7cd6fb.00d69c7e1.0 1e1eab7c.0 33815e15.0 3d441de8.0 5046c355.0 5f47b495.0 7651b327.0 85cde254.0 95aff9e3.0 a3896b44.0 bc3f2570.0 cdaebb72.0 dbc54cab.0 ee90b008.010531352.0 1e8e7201.0 33815e15.1 3e7271e8.0 524d9b43.0 60afe812.0 76579174.0 86212b19.0 961f5451.0 a7605362.0 bdacca6f.0 cf701eeb.0 e268a4c5.0 f58a60fe.0111e6273.0 1eb37bdf.0 343eb6cb.0 40dc992e.0 52b525c7.0 63a2c897.0 7672ac4b.0 87753b0d.0 9685a493.0 a7d2cf64.0 bf64f35b.0 d06393bb.0 e442e424.0 f61bff45.0119afc2e.0 1f58a078.0 35105088.0 418595b9.0 56b8a0b6.0 6645de82.0 7999be0d.0 882de061.0 9772ca32.0 ab5346f4.0 c3a6a9ad.0 d16a5865.0 e48193cf.0 f80cc7f6.0
名字的生成方式可以参考如下文档:
libcore/luni/src/main/files$ cat README.cacerts The filenames in the cacerts directory are in the format of .where "hash" is the subject hash produced by: openssl x509 -subject_hash_old -in filenameand the "n" is a unique integer identifier starting at 0 to dealwith collisions. See OpenSSL's c_rehash manpage for details.
第二种方法参考谷歌示例代码
// Load CAs from an InputStream// (could be from a resource or ByteArrayInputStream or ...)CertificateFactory cf = CertificateFactory.getInstance("X.509");// From https://www.washington.edu/itconnect/security/ca/load-der.crtInputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));Certificate ca;try { ca = cf.generateCertificate(caInput); System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());} finally { caInput.close();}// Create a KeyStore containing our trusted CAsString keyStoreType = KeyStore.getDefaultType();KeyStore keyStore = KeyStore.getInstance(keyStoreType);keyStore.load(null, null);keyStore.setCertificateEntry("ca", ca);// Create a TrustManager that trusts the CAs in our KeyStoreString tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);tmf.init(keyStore);// Create an SSLContext that uses our TrustManagerSSLContext context = SSLContext.getInstance("TLS");context.init(null, tmf.getTrustManagers(), null);// Tell the URLConnection to use a SocketFactory from our SSLContextURL url = new URL("https://certs.cac.washington.edu/CAtest/");HttpsURLConnection urlConnection = (HttpsURLConnection)url.openConnection();urlConnection.setSSLSocketFactory(context.getSocketFactory());InputStream in = urlConnection.getInputStream();copyInputStreamToOutputStream(in, System.out);
参考网站
https://developer.android.google.cn/training/articles/security-ssl.html
更多相关文章
- Android 选择器 PickerView实例,时间选择器、地址选择器、单项选
- [zz] Android Service 示例
- android图片圆角、图片去色处理示例
- Android Jni示例
- Android View添加 Listener 小技巧示例
- 【Android】入门级连接网络示例: 网页浏览和播放网络MP3
- Android Activity的4种启动模式详解(示例)
- android数字证书-签名(步骤)