Android之HttpsURLConnection访问网络(android https协议)
16lz
2022-05-20
android 基于https协议(HttpsURLConnection)的网络访问:
由于HttpsURLConnection是HttpURLConnection的子类,在这里就不多作介绍了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(当前
项目中是http、https都可以访问,所以采用的是HttpURLConnection)
在这里值得注意的是:
1.本人没用研究过X509HostnameVerifier这个接口,就直接重写了X509HostnameVerifier这个接口,
把它唯一的方法写为空,直接return ture;结果一直抛:CertificationException: Trust anchor
for certification path not found,根据字面意思是指数字签名证书找不到,后来无意中在网上
看到一句这样的代码(当然这安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
设置签名证书为所有主机验证通过,然后再设置下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最后此异常它不抛了。。。。嘿嘿,由此我猜:这个东西可能是指对安全验证的过滤(也可说的安全
级别的设置)
2.在android中,目前只支持数字签名证书为BKS的格式,如果其它格式的话需要转换,转换就不说了,
网上一大堆。如果有异常为:KeyStore JKSimplementation not found的话一般就是这个原因了。
3.通过SSLContext.getInstance("TLS")来获取SSL上下文,这个有些不太明白为什么"SSL"和"TLS"有
什么区别,谁知道的话告诉我一下.
public class NetHelper {
public static final String DOMAIN_LIST = "RestService/User/DomainList";
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLContext sslContext = null;
InputStream in = null;
public NetHelper() {
try {
MyX509TrustManager mtm = new MyX509TrustManager();
TrustManager[] tms = new TrustManager[] { mtm };
// 初始化X509TrustManager中的SSLContext
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
// 为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* 取Domain
*/
public InputStream getDomainList(String path) throws Exception {
String uri = path + DOMAIN_LIST;
Log.i("sys", uri);
URL url = new URL(uri);
conn.setDoOutput(true);
conn.setDoInput(true);
// 设置连接超时时间
conn.setConnectTimeout(4 * 1000);
conn.setRequestProperty("Content-Type", "text/xml");
conn.connect();
in = conn.getInputStream();
return in;
}
}
还需自定义X509TrustManager:
注:通过实现X509TrustManager来定义了证书管理器,对服务器和客户端进行验证方法,
把所有的方法写成空(如果有的话则需要验证),还需要定义我们的KeyStore来源数字
签名证书文件)。然后初始化证书管理工厂,并调用getTrustManagers()方法来获取这个
管理器
public class MyX509TrustManager implements X509TrustManager {
X509TrustManager myJSSEX509TrustManager;
public MyX509TrustManager() throws Exception {
KeyStore ks = KeyStore.getInstance("BKS");
// ks.load(new FileInputStream("trustedCerts"),
// "passphrase".toCharArray()); //----> 这是加载自己的数字签名证书文件和密码,在这里这里没有,所以不需要
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
myJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
// .getAcceptedIssuers();
// return acceptedIssuers;
return null;
}
}
先记到这里,以后发现错误再改,留给自己以后懂了再来看看改
由于HttpsURLConnection是HttpURLConnection的子类,在这里就不多作介绍了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(当前
项目中是http、https都可以访问,所以采用的是HttpURLConnection)
在这里值得注意的是:
1.本人没用研究过X509HostnameVerifier这个接口,就直接重写了X509HostnameVerifier这个接口,
把它唯一的方法写为空,直接return ture;结果一直抛:CertificationException: Trust anchor
for certification path not found,根据字面意思是指数字签名证书找不到,后来无意中在网上
看到一句这样的代码(当然这安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
设置签名证书为所有主机验证通过,然后再设置下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最后此异常它不抛了。。。。嘿嘿,由此我猜:这个东西可能是指对安全验证的过滤(也可说的安全
级别的设置)
2.在android中,目前只支持数字签名证书为BKS的格式,如果其它格式的话需要转换,转换就不说了,
网上一大堆。如果有异常为:KeyStore JKSimplementation not found的话一般就是这个原因了。
3.通过SSLContext.getInstance("TLS")来获取SSL上下文,这个有些不太明白为什么"SSL"和"TLS"有
什么区别,谁知道的话告诉我一下.
public class NetHelper {
public static final String DOMAIN_LIST = "RestService/User/DomainList";
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLContext sslContext = null;
InputStream in = null;
public NetHelper() {
try {
MyX509TrustManager mtm = new MyX509TrustManager();
TrustManager[] tms = new TrustManager[] { mtm };
// 初始化X509TrustManager中的SSLContext
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
// 为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* 取Domain
*/
public InputStream getDomainList(String path) throws Exception {
String uri = path + DOMAIN_LIST;
Log.i("sys", uri);
URL url = new URL(uri);
HttpURLConnection conn = null;//也可用HttpsURLConnection,但将不可进行http访问
//if(uri.contains("https")){
// conn = (HttpsURLConnection) url.openConnection();
//}else
conn = (HttpURLConnection) url.openConnection();conn.setRequestMethod("GET");conn.setDoOutput(true);
conn.setDoInput(true);
// 设置连接超时时间
conn.setConnectTimeout(4 * 1000);
conn.setRequestProperty("Content-Type", "text/xml");
conn.connect();
in = conn.getInputStream();
return in;
}
}
还需自定义X509TrustManager:
注:通过实现X509TrustManager来定义了证书管理器,对服务器和客户端进行验证方法,
把所有的方法写成空(如果有的话则需要验证),还需要定义我们的KeyStore来源数字
签名证书文件)。然后初始化证书管理工厂,并调用getTrustManagers()方法来获取这个
管理器
public class MyX509TrustManager implements X509TrustManager {
X509TrustManager myJSSEX509TrustManager;
public MyX509TrustManager() throws Exception {
KeyStore ks = KeyStore.getInstance("BKS");
// ks.load(new FileInputStream("trustedCerts"),
// "passphrase".toCharArray()); //----> 这是加载自己的数字签名证书文件和密码,在这里这里没有,所以不需要
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
myJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
// .getAcceptedIssuers();
// return acceptedIssuers;
return null;
}
}
先记到这里,以后发现错误再改,留给自己以后懂了再来看看改
更多相关文章
- 设置Activity全屏
- 一个不错的启动菜单显示屏动画效果
- MaterialDesign系列文章(六)沉浸式状态栏的使用
- Android(安卓)应用语言设置的实现
- Android(安卓)字体自适应设置
- 如何让Android字体自适应屏幕分辨率
- 管理Android通信录
- EditText所有属性详解
- Android(安卓)中 PopupWindow的用法 汇总