android https安全连接

如果不需要验证服务器端证书，直接照这里做

public class Demo extends Activity {
/** Called when the activity is first created. */
private TextView text;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
text = (TextView)findViewById(R.id.text);
GetHttps();
}
private void GetHttps(){
String https = " https://800wen.com/";
try{
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.connect();
BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null)
sb.append(line);
text.setText(sb.toString());
}catch(Exception e){
Log.e(this.getClass().getName(), e.getMessage());
}
}
private class MyHostnameVerifier implements HostnameVerifier{
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
return true;
}
}
private class MyTrustManager implements X509TrustManager{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
}
}

如果需要验证服务器端证书（这样能够防钓鱼），我是这样做的，还有些问题问大牛：

a. 导出公钥。在浏览器上用https访问tomcat，查看其证书，并另存为一个文件(存成了X.509格式：xxxx.cer)

b. 导入公钥。把xxxx.cer放在Android的assets文件夹中，以方便在运行时通过代码读取此证书，留了两个问题给大牛：

[java] view
plain copy

AssetManager am = context.getAssets();
InputStream ins = am.open("robusoft.cer");
try {
//读取证书
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //问1
Certificate cer = cerFactory.generateCertificate(ins);
//创建一个证书库，并将证书导入证书库
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); //问2
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
return keyStore;
} finally {
ins.close();
}
//把咱的证书库作为信任证书库
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
Scheme sch = new Scheme("https", socketFactory, 443);
//完工
HttpClient mHttpClient = new DefaultHttpClient();
mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

问1：这里用"PKCS12"不行

答1：PKCS12和JKS是keystore的type，不是Certificate的type，所以X.509不能用PKCS12代替

问2：这里用"JKS"不行。

答2：android平台上支持的keystore type好像只有PKCS12，不支持JKS，所以不能用JKS代替在PKCS12，不过在windows平台上是可以代替的

----------------------------------------------分割线-------------------------------------------------------------------------

1。数据通信时加密，不同平台加密后的结果不同，用的库不同吧（进行相应的修改比较麻烦）

2。采用https，系统自动做好了，简单一些

https与http的通信，在我看来主要的区别在于https多了一个安全验证机制，而Android采用的是X509验证，首先我们需要这重写X509类，建立我们的验证规则、、不过对于特定的项目，我们一般都是无条件信任服务端的，因此我们可以对任何证书都无条件信任（其实本质上我们只是信任了特定url的证书，为了偷懒，才那么选择的）/**

* 信任所有主机-对于任何证书都不做检查
*/
class MytmArray implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
// return null;
return new X509Certificate[] {};
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
// System.out.println("cert: " + chain[0].toString() + ", authType: "
// + authType);
}
};

[java] view
plain copy

* 信任所有主机-对于任何证书都不做检查
*/
class MytmArray implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
// return null;
return new X509Certificate[] {};
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub
// System.out.println("cert: " + chain[0].toString() + ", authType: "
// + authType);
}
};

好了，我们写好了信任规则，接下载就要创建一个主机的信任列表

static TrustManager[] xtmArray = new MytmArray[] { new MytmArray() };
/**
* 信任所有主机-对于任何证书都不做检查
*/
private static void trustAllHosts() {
// Create a trust manager that does not validate certificate chains
// Android 采用X509的证书信息机制
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, xtmArray, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
// HttpsURLConnection.setDefaultHostnameVerifier(DO_NOT_VERIFY);//
// 不进行主机名确认
} catch (Exception e) {
e.printStackTrace();
}
}
static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
// System.out.println("Warning: URL Host: " + hostname + " vs. "
// + session.getPeerHost());
return true;
}
};

[java] view
plain copy

static TrustManager[] xtmArray = new MytmArray[] { new MytmArray() };
/**
* 信任所有主机-对于任何证书都不做检查
*/
private static void trustAllHosts() {
// Create a trust manager that does not validate certificate chains
// Android 采用X509的证书信息机制
// Install the all-trusting trust manager
try {
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, xtmArray, new java.security.SecureRandom());
HttpsURLConnection
.setDefaultSSLSocketFactory(sc.getSocketFactory());
// HttpsURLConnection.setDefaultHostnameVerifier(DO_NOT_VERIFY);//
// 不进行主机名确认
} catch (Exception e) {
e.printStackTrace();
}
}
static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
// System.out.println("Warning: URL Host: " + hostname + " vs. "
// + session.getPeerHost());
return true;
}
};

上面的都是https通信需要做的几个基本要求，接下载我们要做的就是https的使用啦下面就以get和post为例进行说明，中间还涉及到cookie的使用

String httpUrl＝"XXXXX"
String result = "";
HttpURLConnection http = null;
URL url;
try {
url = new URL(httpUrl);
// 判断是http请求还是https请求
if (url.getProtocol().toLowerCase().equals("https")) {
trustAllHosts();
http = (HttpsURLConnection) url.openConnection();
((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认
} else {
http = (HttpURLConnection) url.openConnection();
}
http.setConnectTimeout(10000);// 设置超时时间
http.setReadTimeout(50000);
http.setRequestMethod("GET");// 设置请求类型为
http.setDoInput(true);
http.setRequestProperty("Content-Type", "text/xml");
//http.getResponseCode());http或https返回状态200还是403
BufferedReader in = null;
if (obj.getHttpStatus() == 200) {
getCookie(http);
in = new BufferedReader(new InputStreamReader(
http.getInputStream()));
} else
in = new BufferedReader(new InputStreamReader(
http.getErrorStream()));
result = in.readLine();
Log.i("result", result);
in.close();
http.disconnect();

[java] view
plain copy

String httpUrl＝"XXXXX"
String result = "";
HttpURLConnection http = null;
URL url;
try {
url = new URL(httpUrl);
// 判断是http请求还是https请求
if (url.getProtocol().toLowerCase().equals("https")) {
trustAllHosts();
http = (HttpsURLConnection) url.openConnection();
((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认
} else {
http = (HttpURLConnection) url.openConnection();
}
http.setConnectTimeout(10000);// 设置超时时间
http.setReadTimeout(50000);
http.setRequestMethod("GET");// 设置请求类型为
http.setDoInput(true);
http.setRequestProperty("Content-Type", "text/xml");
//http.getResponseCode());http或https返回状态200还是403
BufferedReader in = null;
if (obj.getHttpStatus() == 200) {
getCookie(http);
in = new BufferedReader(new InputStreamReader(
http.getInputStream()));
} else
in = new BufferedReader(new InputStreamReader(
http.getErrorStream()));
result = in.readLine();
Log.i("result", result);
in.close();
http.disconnect();

https或http的get请求写好了，哦中间涉及到了一个getCookie的方法，如下：

/** 得到cookie */
private static void getCookie(HttpURLConnection http) {
String cookieVal = null;
String key = null;
DataDefine.mCookieStore = "";
for (int i = 1; (key = http.getHeaderFieldKey(i)) != null; i++) {
if (key.equalsIgnoreCase("set-cookie")) {
cookieVal = http.getHeaderField(i);
cookieVal = cookieVal.substring(0, cookieVal.indexOf(";"));
DataDefine.mCookieStore = DataDefine.mCookieStore + cookieVal
+ ";";
}
}
}

[java] view
plain copy

/** 得到cookie */
private static void getCookie(HttpURLConnection http) {
String cookieVal = null;
String key = null;
DataDefine.mCookieStore = "";
for (int i = 1; (key = http.getHeaderFieldKey(i)) != null; i++) {
if (key.equalsIgnoreCase("set-cookie")) {
cookieVal = http.getHeaderField(i);
cookieVal = cookieVal.substring(0, cookieVal.indexOf(";"));
DataDefine.mCookieStore = DataDefine.mCookieStore + cookieVal
+ ";";
}
}
}

public static Query HttpQueryReturnClass(String httpUrl, String base64) {

String result = "";
Log.i("控制", httpUrl);
Query obj = new Query();
HttpURLConnection http = null;
URL url;
try {
url = new URL(httpUrl);
// 判断是http请求还是https请求
if (url.getProtocol().toLowerCase().equals("https")) {
trustAllHosts();
http = (HttpsURLConnection) url.openConnection();
((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认
} else {
http = (HttpURLConnection) url.openConnection();
}
http.setConnectTimeout(10000);// 设置超时时间
http.setReadTimeout(50000);
http.setRequestMethod("POST");// 设置请求类型为post
http.setDoInput(true);
http.setDoOutput(true);
http.setRequestProperty("Content-Type", "text/xml");
http.setRequestProperty("Cookie", DataDefine.mCookieStore);
DataOutputStream out = new DataOutputStream(http.getOutputStream());
out.writeBytes(base64);
out.flush();
out.close();
obj.setHttpStatus(http.getResponseCode());// 设置http返回状态200还是403
BufferedReader in = null;
if (obj.getHttpStatus() == 200) {
getCookie(http);
in = new BufferedReader(new InputStreamReader(
http.getInputStream()));
} else
in = new BufferedReader(new InputStreamReader(
http.getErrorStream()));
result = in.readLine();// 得到返回结果
in.close();
http.disconnect();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

[java] view
plain copy

String result = "";
Log.i("控制", httpUrl);
Query obj = new Query();
HttpURLConnection http = null;
URL url;
try {
url = new URL(httpUrl);
// 判断是http请求还是https请求
if (url.getProtocol().toLowerCase().equals("https")) {
trustAllHosts();
http = (HttpsURLConnection) url.openConnection();
((HttpsURLConnection) http).setHostnameVerifier(DO_NOT_VERIFY);// 不进行主机名确认
} else {
http = (HttpURLConnection) url.openConnection();
}
http.setConnectTimeout(10000);// 设置超时时间
http.setReadTimeout(50000);
http.setRequestMethod("POST");// 设置请求类型为post
http.setDoInput(true);
http.setDoOutput(true);
http.setRequestProperty("Content-Type", "text/xml");
http.setRequestProperty("Cookie", DataDefine.mCookieStore);
DataOutputStream out = new DataOutputStream(http.getOutputStream());
out.writeBytes(base64);
out.flush();
out.close();
obj.setHttpStatus(http.getResponseCode());// 设置http返回状态200还是403
BufferedReader in = null;
if (obj.getHttpStatus() == 200) {
getCookie(http);
in = new BufferedReader(new InputStreamReader(
http.getInputStream()));
} else
in = new BufferedReader(new InputStreamReader(
http.getErrorStream()));
result = in.readLine();// 得到返回结果
in.close();
http.disconnect();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}

这里面的base64是我经过base64加密过以后的数据

android https安全连接的更多相关文章

用代码实现断开Android手机USB连接【转】
本文转载自:https://blog.csdn.net/phoebe_2012/article/details/47025309 用代码实现断开Android手机USB连接 ...
[RN] Android 设备adb连接后unauthorized解决方法
Android 设备adb连接后unauthorized解决方法安卓设备usb或者adbwireless连接后输入adb device后都是未授权状态相信很多同学都会遇到这种情况,除了一直重复开关 ...
如何使用charles对Android Https进行抓包
Charles.png charles是一款在Mac下常用的截取网络封包工具,对Android Http进行抓包,只要对手机设置代理即可,但对Android Https进行抓包还是破费一些功夫,网 ...
71.Android之长连接实现
转载:http://blog.csdn.net/qq_23547831/article/details/51690047 本文中我们将讲解一下App的长连接实现.一般而言长连接已经是App的标配了,推 ...
Android平台上长连接的实现
Android 平台上长连接的实现为了不让 NAT 表失效,我们需要定时的发心跳,以刷新 NAT 表项,避免被淘汰. Android 上定时运行任务常用的方法有2种,一种方法用 Timer,另一种是 ...
[转]Mac OS X 下部分Android手机无法连接adb问题之解决方案
时至当今,Android山寨手机厂商已如此之多,能修改和个性化定制Android OS的能人已是多如牛毛,有的牛人修改Android系统只会影响所修改的点,不会影响其它,然后还有的就不多说了,总之做的 ...
小米2及其他Android手机无法连接mac解决方案
一般的android连接mac 很方便不用安装驱动就可以啦,可是不知道为什么二般情况下有的android手机(小米2,华为等)就是连接不上,下来就说说二般情况下如何连接. 1.关于本机-->更多 ...
Android Https双向认证 + GRPC
keywords:android https 双向认证android GRPC https 双向认证 ManagedChannel channel = OkHttpChannelBuilder.for ...
Android蓝牙A2DP连接实现
代码地址如下:http://www.demodashi.com/demo/14624.html 开发环境: 开发工具:Androidstudio 适配机型:honor8(Android6.0), 坚果 ...

随机推荐

[Python]多个装饰器合并
django程序,需要写很多api,每个函数都需要几个装饰器,例如 @csrf_exempt @require_POST def foo(request): pass 既然那么多个方法都需要写2个装饰 ...
找不到BufferedImage这个Class的解决方法
找不到BufferedImage这个Class的解决方法环境: [1]RedHat AS5 64位 [2]WebSphere6.0 32位版本正文: 发现原来在RedHat AS4 ...
linux下的清屏命令
Linux下有两个清屏命令: clear 这个命令将会刷新屏幕,系统的操作是让终端显示页向后翻了一页,如果向上滚动屏幕还可以看到之前的操作信息.一般都会使用这个命令. reset 这个命令将完全刷新终 ...
【Netty源码分析】客户端connect服务端过程
上一篇博客[Netty源码分析]Netty服务端bind端口过程我们介绍了服务端绑定端口的过程,这一篇博客我们介绍一下客户端连接服务端的过程. ChannelFuture future = boos ...
Android 增量更新和升级
在年初的时候,尝试了一把热修复技术,当时选择的是阿里的andfix,使用起来也很简单,这里就不在多少,如果你对andfix有兴趣请链接:点击打开链接.虽然网上将热修复的文章很多,不过我还是想说原理,然 ...
UE4读取本地XML文件
其实这里读取XML也是利用了Tinyxml来读取xml,主要是讲Tinyxml放在UE4中,遇到的一点点坑 1.先给出Tinyxml链接:http://www.grinninglizard.com/t ...
Cocos2D实现RPG游戏人物地图行走的跟随效果
大熊猫猪·侯佩原创或翻译作品.欢迎转载,转载请注明出处. 如果觉得写的不好请多提意见,如果觉得不错请多多支持点赞.谢谢! hopy ;) 在一些RPG游戏中,人物队列在地图中行走的时候有时需要实现一个 ...
Centos7安装RocketMQ及配置测试
环境 Centos7 RocketMQ 3.2.6 安装位置 /usr/local/alibaba-rockermq 外网ip 182.254.145.66 内网ip 10.105.23.114 安装 ...
DVB-C系统中QAM调制与解调仿真
本文简单记录一下自己学习<通信原理>的时候调试的一个仿真DVB-C(Cable,数字有线电视)系统中QAM调制和解调的程序.自己一直是研究"信源"方面的东西,所以对&q ...
C++对C的实用性增强
#include <iostream> using namespace std; //C语言中的变量都必须在作用域开始的位置定义!! //C++中更强调语言的"实用性" ...

android https安全连接

android https安全连接的更多相关文章

随机推荐

热门专题