x 如果不需要验证服务器端证书,直接照这里做。 -
- public class Demo extends Activity {
- /** Called when the activity is first created. */
- private TextView text;
- @Override
- public void onCreate(Bundle savedInstanceState) {
- super.onCreate(savedInstanceState);
- setContentView(R.layout.main);
- text = (TextView)findViewById(R.id.text);
- GetHttps();
- }
-
- private void GetHttps(){
- String https = " https://800wen.com/";
- try{
- SSLContext sc = SSLContext.getInstance("TLS");
- sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
- HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
- HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
- HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
- conn.setDoOutput(true);
- conn.setDoInput(true);
- conn.connect();
-
- BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
- StringBuffer sb = new StringBuffer();
- String line;
- while ((line = br.readLine()) != null)
- sb.append(line);
-
- text.setText(sb.toString());
-
- }catch(Exception e){
- Log.e(this.getClass().getName(), e.getMessage());
- }
-
- }
-
- private class MyHostnameVerifier implements HostnameVerifier{
-
- @Override
- public boolean verify(String hostname, SSLSession session) {
- // TODO Auto-generated method stub
- return true;
- }
- }
-
- private class MyTrustManager implements X509TrustManager{
-
- @Override
- public void checkClientTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public void checkServerTrusted(X509Certificate[] chain, String authType)
- throws CertificateException {
- // TODO Auto-generated method stub
-
- }
-
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- // TODO Auto-generated method stub
- return null;
- }
- }
- }
-
复制代码 |
如果需要验证服务器端证书(这样能够防钓鱼),我是这样做的,还有些问题问大牛:
a.导出公钥。在浏览器上用https访问tomcat,查看其证书,并另存为一个文件(存成了X.509格式:xxxx.cer)
b.导入公钥。把xxxx.cer放在Android的assets文件夹中,以方便在运行时通过代码读取此证书,留了两个问题给大牛:
-
- AssetManager am = context.getAssets();
- InputStream ins = am.open("robusoft.cer");
- try {
- //读取证书
- CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");//问1
- Certificate cer = cerFactory.generateCertificate(ins);
- //创建一个证书库,并将证书导入证书库
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); //问2
- keyStore.load(null, null);
- keyStore.setCertificateEntry("trust", cer);
- return keyStore;
- } finally {
- ins.close();
- }
- //把咱的证书库作为信任证书库
- SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
- Scheme sch = new Scheme("https", socketFactory, 443);
- //完工
- HttpClient mHttpClient = new DefaultHttpClient();
- mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
-
复制代码 问1:这里用"PKCS12"不行
答1:PKCS12和JKS是keystore的type,不是Certificate的type,所以X.509不能用PKCS12代替
问2:这里用"JKS"不行。
答2:android平台上支持的keystore type好像只有PKCS12,不支持JKS,所以不能用JKS代替在PKCS12,不过在windows平台上是可以代替的
- 没有一行代码,「2020 新冠肺炎记忆」这个项目却登上了 GitHub 中
- Flutter ------- WebView加载网页
- 时间和日期选择器DatePicker和TimePicker的使用
- android 4.0系统webview加载网页出现白屏
- Android(安卓)4.0 HDMI相关代码
- SystemBarTint的使用
- AndroidStudio中使用SVG
- 如何设置android HttpPost 连接服务器超时
- android开发大作业开发记录(关于制作圆角按钮)
随机推荐
-
[Android(安卓)NDK]添加C++11和C++14支持
-
Android(安卓)API Demo实例解析
-
android布局之线性布局(LinearLayout)
-
Android(安卓)PackageManagerService(二)下
-
android 中关于SimpleAdapter构造参数的
-
ListView的item高度调整
-
Android根据Url显示gif类型图片
-
Android(安卓)骁龙Camera拍照流程梳理
-
Android:为什么声明控件和控件赋值要分开
-
面试题六:异步消息处理机制