android中进行https连接的方式(源码)
16lz
2021-01-23
如果不需要验证服务器端证书,直接照这里做
- publicclassDemoextendsActivity{
- /**Calledwhentheactivityisfirstcreated.*/
- privateTextViewtext;
- @Override
- publicvoidonCreate(BundlesavedInstanceState){
- super.onCreate(savedInstanceState);
- setContentView(R.layout.main);
- text=(TextView)findViewById(R.id.text);
- GetHttps();
- }
- privatevoidGetHttps(){
- Stringhttps="https://800wen.com/";
- try{
- SSLContextsc=SSLContext.getInstance("TLS");
- sc.init(null,newTrustManager[]{newMyTrustManager()},newSecureRandom());
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
- HttpsURLConnection.setDefaultHostnameVerifier(newMyHostnameVerifier());
- HttpsURLConnectionconn=(HttpsURLConnection)newURL(https).openConnection();
- conn.setDoOutput(true);
- conn.setDoInput(true);
- conn.connect();
- BufferedReaderbr=newBufferedReader(newInputStreamReader(conn.getInputStream()));
- StringBuffersb=newStringBuffer();
- Stringline;
- while((line=br.readLine())!=null)
- sb.append(line);
- text.setText(sb.toString());
- }catch(Exceptione){
- Log.e(this.getClass().getName(),e.getMessage());
- }
- }
- privateclassMyHostnameVerifierimplementsHostnameVerifier{
- @Override
- publicbooleanverify(Stringhostname,SSLSessionsession){
- //TODOAuto-generatedmethodstub
- returntrue;
- }
- }
- privateclassMyTrustManagerimplementsX509TrustManager{
- @Override
- publicvoidcheckClientTrusted(X509Certificate[]chain,StringauthType)
- throwsCertificateException{
- //TODOAuto-generatedmethodstub
- }
- @Override
- publicvoidcheckServerTrusted(X509Certificate[]chain,StringauthType)
- throwsCertificateException{
- //TODOAuto-generatedmethodstub
- }
- @Override
- publicX509Certificate[]getAcceptedIssuers(){
- //TODOAuto-generatedmethodstub
- returnnull;
- }
- }
- }
如果需要验证服务器端证书(这样能够防钓鱼),我是这样做的,还有些问题问大牛:
a. 导出公钥。在浏览器上用https访问tomcat,查看其证书,并另存为一个文件(存成了X.509格式:xxxx.cer)
b. 导入公钥。把xxxx.cer放在Android的assets文件夹中,以方便在运行时通过代码读取此证书,留了两个问题给大牛: [java] view plain copy print ?
- AssetManageram=context.getAssets();
- InputStreamins=am.open("robusoft.cer");
- try{
- //读取证书
- CertificateFactorycerFactory=CertificateFactory.getInstance("X.509");//问1
- Certificatecer=cerFactory.generateCertificate(ins);
- //创建一个证书库,并将证书导入证书库
- KeyStorekeyStore=KeyStore.getInstance("PKCS12","BC");//问2
- keyStore.load(null,null);
- keyStore.setCertificateEntry("trust",cer);
- returnkeyStore;
- }finally{
- ins.close();
- }
- //把咱的证书库作为信任证书库
- SSLSocketFactorysocketFactory=newSSLSocketFactory(keystore);
- Schemesch=newScheme("https",socketFactory,443);
- //完工
- HttpClientmHttpClient=newDefaultHttpClient();
- mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
问1:这里用"PKCS12"不行
答1:PKCS12和JKS是keystore的type,不是Certificate的type,所以X.509不能用PKCS12代替
问2:这里用"JKS"不行。
答2:android平台上支持的keystore type好像只有PKCS12,不支持JKS,所以不能用JKS代替在PKCS12,不过在windows平台上是可以代替的
更多相关文章
- Android内核驱动开发中的Kconfig文件结构分析(图文)
- Android震动和播放资源文件中的声音文件
- Android文件管理器开发对各类文件的打开以及处理
- xml文件
- android sdcard存储方案(基于fuse文件系统):之一
- android读取data/data/包名/file路径下的txt文件
- 文件多线程下载实现
- 基于Android TV端的文件选择器(UI比较丑,主要看逻辑)