生成证书

openssl genrsa -des3 -out server.key 2048
openssl req -new -x509 -key server.key -out ca.crt -days 3650
openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt

1.继承SSLSocketFactory

/**

 * Author:JsonLu

 * DateTime:2016/5/31 19:46

 * Email:jsonlu@qq.com

 * Desc:

 **/

public class SecureSSLSocketFactory extends SSLSocketFactory {

    private final SSLContext sslContext = SSLContext.getInstance("TLS");

    public SecureSSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {

        super(keystore, keystorePassword, truststore);

        try {

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

            keyManagerFactory.init(keystore, keystorePassword.toCharArray());

            KeyManager[] km = keyManagerFactory.getKeyManagers();

            TrustManager[] tm = null;

            if (truststore == null) {

                tm = new TrustManager[] { new X509TrustManager() {

                    @Override

                    public X509Certificate[] getAcceptedIssuers() {

                        return new X509Certificate[] {};

                    }

                    @Override

                    public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {

                    }

                    @Override

                    public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {

                    }

                } };

            } else {

                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

                trustManagerFactory.init(truststore);

                tm = trustManagerFactory.getTrustManagers();

            }

            sslContext.init(km, tm, null);

        } catch (Exception e) {

            e.printStackTrace();

        }

    }

    @Override

    public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {

        return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);

    }

    @Override

    public Socket createSocket() throws IOException {

        return sslContext.getSocketFactory().createSocket();

    }

}

2.

/**

 * Author:JsonLu

 * DateTime:2016/5/31 20:02

 * Email:jsonlu@qq.com

 * Desc:

 **/

public class SecureHttpsClient extends DefaultHttpClient {

    private static KeyStore keyStore,trustStore;

    private static String keyStorePwd;

    private Context ctx;

    private final String KEYSTORE_FILE = "client.p12";

    private final String TRUESTSTORE_FILE = "server.p12";

    private final String KEYSTORE_PWD = "a123456789";

    private final String TRUESTSORE_PWD = "a123456";

    public SecureHttpsClient(Context context){

        ctx = context;

        init(KEYSTORE_FILE,KEYSTORE_PWD,TRUESTSTORE_FILE,TRUESTSORE_PWD);

    }

    public void init(KeyStore keyStore,KeyStore trustStore,String keyStorePwd){

        this.keyStore = keyStore;

        this.trustStore = trustStore;

        this.keyStorePwd = keyStorePwd;

    }

    public void init(String keyStoreFile,String keyStorePwd,String trustStoreFile,String truestStorePwd){

        this.keyStore = getKeyStoreByP12(keyStoreFile,keyStorePwd);

        this.trustStore = getKeyStoreByP12(trustStoreFile,truestStorePwd);

        this.keyStorePwd = keyStorePwd;

    }

    @Override

    protected ClientConnectionManager createClientConnectionManager() {

        try {

            SecureSSLSocketFactory sf = new SecureSSLSocketFactory(keyStore, keyStorePwd, trustStore);

            sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            HttpParams params = new BasicHttpParams();

            HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);

            HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);

            SchemeRegistry registry = new SchemeRegistry();

            registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));

            registry.register(new Scheme("https", sf, 443));

            ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);

            return ccm;

        } catch (Exception e) {

            e.printStackTrace();

        }

        return null;

    }

    public KeyStore getKeyStoreByP12(String p12File, String p12Pwd) {

        InputStream p12In = null;

        try {

            p12In = ctx.getResources().getAssets().open(p12File);

            KeyStore keyStore = KeyStore.getInstance("PKCS12");

            keyStore.load(p12In, p12Pwd.toCharArray());

            return keyStore;

        } catch (Exception e) {

            e.printStackTrace();

            return null;

        } finally {

            try {

                if (p12In != null) {

                    p12In.close();

                }

            } catch (Exception e2) {

                e2.printStackTrace();

            }

        }

    }

}

3.

/**

 * Author:JsonLu

 * DateTime:2016/5/31 20:28

 * Email:jsonlu@qq.com

 * Desc:

 **/

public class CallServer {

    private final String HTTPS_URL = "https://192.168.8.116:8443/";

    private DefaultHttpClient getSumpayHttpsClient(Context context) {

        SecureHttpsClient client = new SecureHttpsClient(context);

        client.getParams().setIntParameter(HttpConnectionParams.CONNECTION_TIMEOUT,60);

        client.getParams().setIntParameter(HttpConnectionParams.SO_TIMEOUT,60);

        return client;

    }

    public String goHttpsPost(String method,HashMap<String, String> reqParmas, Context context) {

        String result = null;

        HttpPost post = new HttpPost(HTTPS_URL + method);

        HttpResponse response;

        try {

            List<NameValuePair> nameValuePairs = new ArrayList<NameValuePair>();

            Set<String> paramsKeySet = reqParmas.keySet();

            Iterator<String> ite = paramsKeySet.iterator();

            while (ite.hasNext()) {

                String key = ite.next();

                nameValuePairs.add(new BasicNameValuePair(key, reqParmas

                        .get(key)));

            }

            post.setEntity(new UrlEncodedFormEntity(nameValuePairs, "utf-8"));

            DefaultHttpClient httpClient = getSumpayHttpsClient(context);

            response = httpClient.execute(post);

            if (response.getStatusLine().getStatusCode() != 404) {

                result = EntityUtils.toString(response.getEntity(), "utf-8");

            } else {

            }

        } catch (IOException e) {

            e.printStackTrace();

            return null;

        } finally {

            post.abort();

        }

        Log.d("https请求返回数据",result);

        return result;

    }

}

4.

/**

 * Author:JsonLu

 * DateTime:2016/5/31 20:33

 * Email:jsonlu@qq.com

 * Desc:

 **/

public class DemoHttps extends Activity{

    private CallServer callServer = new CallServer();

    private TextView tv_content;

    @Override

    protected void onCreate(Bundle savedInstanceState) {

        super.onCreate(savedInstanceState);

        setContentView(R.layout.activity_main);

        tv_content = (TextView) findViewById(R.id.content);

    }

    public void onClick(View v){

        new Thread(){

            @Override

            public void run() {

                HashMap hashMap = new HashMap<String,String>();

                hashMap.put("data","data");

                String res = callServer.goHttpsPost("https", hashMap, getBaseContext());

                Message msg = new Message();

                msg.obj = res;

                handler.sendMessage(msg);

            }

        }.start();

    }

    Handler handler = new Handler(){

        @Override

        public void handleMessage(Message msg) {

            tv_content.setText((String) msg.obj);

        }

    };

}

  

HTTPS双向认证的更多相关文章

  1. HTTPS 双向认证构建移动设备安全体系

    HTTPS 双向认证构建移动设备安全体系 对于一些高安全性要求的企业内项目,我们有时希望能够对客户端进行验证.这个时候我们可以使用Https的双向认证机制来实现这个功能. 单向认证:保证server是 ...

  2. Tomcat 配置 HTTPS双向认证

    Tomcat 配置 HTTPS 双向认证指引说明: � 本文档仅提供 Linux 操作系统下的指引 � 在阅读本指引前请您在 Linux 部署 JDK 和 Tomcatserver为了 Tomcat ...

  3. httpd设置HTTPS双向认证

    去年用tomcat.jboss配置过HTTPS双向认证,那时候主要用的是JDK自带的keytool工具.这次是用httpd + openssl,区别比较大 在网上搜索了很多文章,发现全面介绍的不多,或 ...

  4. Https双向认证Android客户端配置

    Https .cer证书转换为BKS证书 公式https://blog.csdn.net/zww986736788/article/details/81708967 keytool -importce ...

  5. Android Https双向认证 + GRPC

    keywords:android https 双向认证android GRPC https 双向认证 ManagedChannel channel = OkHttpChannelBuilder.for ...

  6. 双向认证 HTTPS双向认证

    [微信支付]微信小程序支付开发者文档 https://pay.weixin.qq.com/wiki/doc/api/wxa/wxa_api.php?chapter=4_3 HTTPS双向认证使用说明 ...

  7. https双向认证訪问管理后台,採用USBKEY进行系统訪问的身份鉴别,KEY的证书长度大于128位,使用USBKEY登录

    近期项目需求,须要实现用USBKEY识别用户登录,採用https双向认证訪问管理后台管理界面,期间碰到过一些小问题,写出来给大家參考下. 1:前期准备工作 USBKEY 硬件:我买的是飞天诚信 epa ...

  8. nodejs之https双向认证

    说在前面 之前我们总结了https的相关知识,如果不懂可以看我另一篇文章:白话理解https 有关证书生成可以参考:自签证书生成 正题 今天使用nodejs来实现https双向认证 话不多说,直接进入 ...

  9. SpringBoot服务间使用自签名证书实现https双向认证

    SpringBoot服务间使用自签名证书实现https双向认证 以服务server-one和server-two之间使用RestTemplate以https调用为例 一.生成密钥 需要生成server ...

  10. Keytool配置 Tomcat的HTTPS双向认证

    Keytool配置 Tomcat的HTTPS双向认证 证书生成 keytool 简介 Keytool是一个Java数据证书的管理工具, Keytool将密钥(key)和证书(certificates) ...

随机推荐

  1. linux直接启动到字符界面或从字符界面启动到图形化界面

    修改/etc/inittab文件 将内容为:"id:5:initdefault"的行的数字5改为3,保存重启即可直接进入字符界面 PS:3和5分别表示运行级别 从字符界面启动到图形 ...

  2. WebApp 中用 hashchange 做路由解析

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  3. DB2中时间格式化

    values to_char(current timestamp - 7 hours,'hh24')||'点' values varchar(hour(current time + 5 hour))| ...

  4. 一句话改变TWinControl控件的left坐标的前世今生(入口函数是SetBounds,然后调用SetWindowPos起作用,并发消息更新Delphi的left属性值)

    Delphi的重要属性,主要是Enable,  Visible, Color, left等等.这里分析left,因为TWinControl里有些覆盖函数的原因,虽然起点都是TControl.SetLe ...

  5. 算法优化(动态规划):COGS 2009. [USACO Mar09]餐厅清扫

    2009. [USACO Mar09]餐厅清扫 ★★☆   输入文件:cleanup.in   输出文件:cleanup.out   简单对比时间限制:1 s   内存限制:256 MB [题目描述] ...

  6. QTP关于AOM的Javascript启动方式

    序 QTP的AOM模型想必大家都很熟悉了,平时常用的就是通过VBS脚本的方式编写启动程序(也是我现在用的方法).其实,还有很多其他的方式,如Java,C#,JS,这些语言都是通过调用QTObjectM ...

  7. FTP服务器中文环境引起润日下载不了附件问题解析

    20160229日某农商行因为FTP下载功能有问题,导致当天所有涉及FTP文件下载的交易都不能正常使用,对于银行来说影响还是比较大.现将当天出问题的原因及处理过程解析如下,忘能给碰到类似问题的同行以供 ...

  8. Linux内存寻址之分段机制

    前言 最近在学习Linux内核,读到<深入理解Linux内核>的内存寻址一章.原本以为自己对分段分页机制已经理解了,结果发现其实是一知半解.于是,查找了很多资料,最终理顺了内存寻址的知识. ...

  9. hibernate生成查询语句但查不到数据

    hibernate能够生成查询语句 说明它已经进行了查询操作 返回结果数据记录为0  很可能出现的情况 是  :该查询未未访问到指定数据库表. 当使用的数据库为oracle数据库时,你会在bean配置 ...

  10. 在Eclipse工具里创建maven的web工程,在建立src/main/java包出现The folder is already a source folder.解决

    1. 与创建普通java工程一样,点击右键找到New菜单,在弹出的界面输入maven ---->>点击maven Project------>>点击next 2  进入下一个界 ...