-
Notifications
You must be signed in to change notification settings - Fork 11
SSL HTTPS连接
android ssl验证、https验证 http://www.2cto.com/kf/201310/252811.html
android https 证书 android调用https接口原理及解决方案 http://wenku.baidu.com/link?url=eHS0Ol3xPXu24uhyRNvoPqbGw_HbtmgLOHkznGajiK0woUOZcCRJHoApndf2sGXmO3XdzP-UwGYKRfW2Lcon4uA7fcFy6Ksc34gO-GXsHPH-_uzgHLM4h2khnRv-mevO
Android 用SSL构建安全的Socket http://www.cnblogs.com/zhujiabin/p/5895079.html
自定义SSLSocketFactory http://blog.csdn.net/u013598111/article/details/50489529
Class SSLSocketFactory http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html
Class KeyStore http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html?is-external=true
SSL(Secure Sockets Layer 安全套接层), TLS(Transport Layer Security 安全传输层协议), HTTPS(Hyper Text Transfer Protocol over Secure Socket Layer 安全套接字层超文本传输协议)
证书四种文件格式 证书导入和导出操作支持四种文件格式。选择符合您特定需求的格式。
个人信息交换 (PKCS #12) 个人信息交换格式(PFX,也称为 PKCS #12)支持安全存储证书、私钥和证书路径中的所有证书。 PKCS #12 是唯一可用于导出证书及其私钥的文件格式。
加密消息语法标准 (PKCS #7) PKCS #7 格式支持存储证书和证书路径中的所有证书。
DER 编码的二进制 X.509 区别编码规则 (DER) 格式支持存储单个证书。该格式不支持存储私钥或证书路径。
Base64 编码的 X.509 Base64 格式支持存储单个证书。该格式不支持存储私钥或证书路径。
xUtils3.x的网络请求封装和请求https之单向SSL验证
Android Https相关完全解析 当OkHttp遇到Https
GeoTrust SSL Certificates
Geotrust 为全球第二大数字证书提供商,服务范围超过150多个国家,拥有超过10万客户
使用系统承认的商业证书的HTTPS连接方式
最简单的解决办法就是参照HTTP的方式,加入对HTTPS的支持:
schReg.register(new Scheme("https", SSLSocketFactory.getSocketFactory(), 443));
android httpClient 支持HTTPS的2种处理方式
http请求No peer certificate的解决方法
xUtils3.x的网络请求封装和请求https之单向SSL验证
Android开发框架xUtils3.x新手教学(二)HTTPS访问
xUtils https请求网络数据(https://yjf3.pccb.com成功, https://www.pccb.com失败)
package com.pccb.app.net;
import android.content.Context;
import android.content.res.AssetManager;
import com.lidroid.xutils.http.HttpUtils;
import com.lidroid.xutils.http.RequestParams;
import com.lidroid.xutils.http.callback.RequestCallBack;
import com.lidroid.xutils.http.client.HttpRequest;
import com.pccb.androidcommon.utils.LogUtils;
import com.pccb.app.global.Constant;
import com.pccb.app.logic.UserLogic;
import org.apache.http.conn.ssl.SSLSocketFactory;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
/**
* xutils的http网络请求封装类
*
* @author zhuyuliang
* @version 1.0
* @created 2015-4-20
*/
public class HttpService {
/**
* 网络请求Status
*/
public static final String STATUS_FAIL = "0";
public static final String STATUS_OK = "1";
public static final String STATUS_2 = "2";
public static final String STATUS_9 = "9"; //没有记录
public static final String STATUS_11 = "11";
public static final String STATUS_12 = "12";
public static final String STATUS_13 = "13";
public static final String STATUS_14 = "14";
private final static int MY_SOCKET_TIMEOUT_MS = 10000;//访问超时时间
private final static String TAG = "HttpService";
protected Context ctx;
private static Object locker = new Object();
private static HttpService instance = null;
//xUtil的实现
private HttpUtils http;
private HttpService(Context _ctx) {
ctx = _ctx;
http = new HttpUtils(MY_SOCKET_TIMEOUT_MS);
if(Urls.HTTP.equals("https://")) {
try {
KeyStore keyStore = getKeyStore();
//SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,pemPassword,trustStore);
SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
http.configSSLSocketFactory(socketFactory);
LogUtils.d("HttpService keyStore ok: " + keyStore.toString());
} catch (IOException e) {
e.printStackTrace();
LogUtils.d("HttpService: IOException");
} catch (UnrecoverableKeyException e) {
e.printStackTrace();
LogUtils.d("HttpService: UnrecoverableKeyException");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
LogUtils.d("HttpService: NoSuchAlgorithmException");
} catch (KeyStoreException e) {
e.printStackTrace();
LogUtils.d("HttpService: KeyStoreException");
} catch (KeyManagementException e) {
e.printStackTrace();
LogUtils.d("HttpService: KeyManagementException");
}
}
}
/**
* 单例获取实例
*
* @param ctx
* @return
* @throws IOException
*/
public static HttpService getInstance(Context ctx) throws IOException {
synchronized (locker) {
if (null == instance) {
instance = new HttpService(ctx);
}
instance.ctx = ctx;
}
return instance;
}
/**
* 封装Action
*
* @param params 请求参数
* @param urls 请求地址
* @param requesttag 请求标示
* @param listener
*/
public void Action(RequestParams params, String urls, String requesttag, RequestCallBack<String> listener) {
params.addBodyParameter("app_type", Constant.APP_TYPE);// 设置客户端类型
//2016-12-19 登录用户加token
String token = "";
if (UserLogic.getIntance(ctx).isLoginUser()) {
token = UserLogic.getIntance(ctx).getLoginUser().getToken_session();
}
params.addBodyParameter("token", token);
//LogUtils.d("用户token: " + token);
http.send(HttpRequest.HttpMethod.POST, urls, params, listener);
}
/**
*获取KeyStore
**/
public KeyStore getKeyStore() throws IOException {
AssetManager am = ctx.getAssets();
//二进制的.cer
InputStream ins = am.open("pccb_com_der_x_509.cer");
//纯文本的.crt
//InputStream ins = am.open("pccb_com_base64_x_509.cer");
try {
//读取证书
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");
Certificate cer = cerFactory.generateCertificate(ins);
//创建一个证书库,并将证书导入证书库
//KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
LogUtils.d("HttpService getKeyStore ok: " + keyStore.toString());
return keyStore;
} catch (CertificateException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
//} catch (NoSuchProviderException e) {
// e.printStackTrace();
} finally {
ins.close();
}
return null;
}
}
为你的Android App实现自签名的 SSL 证书
自签名证书跟花钱购买机构颁发的证书有什么区别
证书颁发机构(CA) 什么是自签名证书( self-signed certicates) 自签名证书就是没有通过受信任的证书颁发机构, 自己给自己颁发的证书.
SSL 证书大致分三类:
-
由安卓认可的证书颁发机构(如: VeriSign), 或这些机构的下属机构颁发的证书.
-
没有得到安卓认可的证书颁发机构颁发的证书.
-
自己颁发的证书, 分临时性的(在开发阶段使用)或在发布的产品中永久性使用的两种.
只有第一种, 也就是那些被安卓系统认可的机构颁发的证书, 在使用过程中不会出现安全提示.
最近一项调查表明, 810万个证书中, 只有 320万个是由受信任机构颁发的. 剩余490万证书中, 自签名的占48%, 未知机构颁发的占33%, 而不被信任的机构颁发的证书占19%.
无独有偶, 我的分析结果也表明, 起码有 60% 安卓应用使用自签证书.
下面的戏法的一般性的https代码
URL url = new URL("https://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
InputStream in = urlConnection.getInputStream();
如果你连接的服务器(www.example.com)传过来的证书是由机构颁发的, 这段代码就能正常运行.
但是如果你连的服务器用的是自己颁发的证书(self-singed certificate), 那就会出现错误.
如果你使用上述的代代码去验证你的自己签署的证书,由于在android操作系统中自己签署的不能通过验证的,所以安卓应用软件将会抛出错误。因此你需要书写你自己的代码来检查你的自己签署的证书。
使用 xutils中的 HttpUtils 发送https请求 设置证书
import org.apache.http.conn.ssl.SSLSocketFactory; //import javax.net.ssl.SSLSocketFactory;
...... private HttpService(Context _ctx) { ctx = _ctx; http = new HttpUtils(MY_SOCKET_TIMEOUT_MS); SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,pemPassword,trustStore); http.configSSLSocketFactory(socketFactory); }
如果需要验证服务器端证书(这样能够防钓鱼),我是这样做的,还有些问题问大牛: a. 导出公钥。在浏览器上用https访问tomcat,查看其证书,并另存为一个文件(存成了X.509格式:xxxx.cer) b. 导入公钥。把xxxx.cer放在Android的assets文件夹中,以方便在运行时通过代码读取此证书,留了两个问题给大牛:
AssetManager am = context.getAssets();
InputStream ins = am.open("robusoft.cer");
try {
//读取证书
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //问1
Certificate cer = cerFactory.generateCertificate(ins);
//创建一个证书库,并将证书导入证书库
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); //问2
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
return keyStore;
} finally {
ins.close();
}
//把咱的证书库作为信任证书库
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
Scheme sch = new Scheme("https", socketFactory, 443);
//完工
HttpClient mHttpClient = new DefaultHttpClient();
mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
org.apache.http.conn.ssl.SSLSocketFactory http://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/conn/ssl/SSLSocketFactory.html
public SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException Deprecated. Throws: NoSuchAlgorithmException KeyManagementException KeyStoreException UnrecoverableKeyException
public SSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException Deprecated. Throws: NoSuchAlgorithmException KeyManagementException KeyStoreException UnrecoverableKeyException
public SSLSocketFactory(KeyStore keystore, String keystorePassword, KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException Deprecated. Throws: NoSuchAlgorithmException KeyManagementException KeyStoreException UnrecoverableKeyException
public SSLSocketFactory(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException Deprecated. Throws: NoSuchAlgorithmException KeyManagementException KeyStoreException UnrecoverableKeyException
SSLSocketFactory Android org.apache.http.conn.ssl.SSLSocketFactory https://developer.android.com/reference/org/apache/http/conn/ssl/SSLSocketFactory.html
AndroidHttps服务器端和客户端简单实例 http://wenku.baidu.com/link?url=-H7pH8b9OSQy08Hd54-9Hwf_dGEN8q1dbHDOkIa5ixlKNhiJnViXWvOWEyr66vWLdlIgxhGeFCDLDdly30aP_5lPCxsHh1yZcaQ7JCygSKC
android中进行https连接的方式 http://blog.csdn.net/a79412906/article/details/10060795
xutils https请求头
-
获取json数据
-
@return */ private void getJson() { HttpUtils http = new HttpUtils(); http.configCurrentHttpCacheExpiry(1000 * 10);// 设置超时时间 http.send(HttpMethod.GET, DOWNLOAD_URL, null,new RequestCallBack() {// 接口回调 @Override public void onFailure(HttpException arg0, String arg1) { Toast.makeText(getApplicationContext(), "请求数据失败!!", 0).show(); }
@Override public void onSuccess(ResponseInfo<String> info) { System.out.println("返回的json字符串:" + info.result); }}); }
使用 xutils中的 HttpUtils 发送https请求 设置不了证书的问题 import org.apache.http.conn.ssl.SSLSocketFactory; (import javax.net.ssl.SSLSocketFactory;)
......
SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore,pemPassword,trustStore); httpUtils.configSSLSocketFactory(socketFactory);
keyStore是从.p12文件来的
trustStore是从.pem文件来的