android 实现https通讯,通过读取cer或pfx证书
16lz
2021-01-25
1. 通过pfx证书实现https请求
准备好xxx.pfx证书(如放在assets目录下) 准好证书的私钥密码
代码实现如下:
public static final String CLIENT_KET_PASSWORD="123456"; KeyStore trustStore = KeyStore.getInstance("PKCS12", "BC"); trustStore.load(MainActivity.this.getAssets().open("xxxx.pfx"), CLIENT_KET_PASSWORD.toCharArray()); org.apache.http.conn.ssl.SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore, CLIENT_KET_PASSWORD.toCharArray()); sf.setHostnameVerifier(org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); HttpParams params = new BasicHttpParams(); HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1); HttpProtocolParams.setContentCharset(params, "utf-8"); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), 80)); registry.register(new Scheme("https", sf, 443)); HttpClient client = null; String msg = ""; try { ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry); client = new DefaultHttpClient(ccm, params); HttpGet hg = new HttpGet(url); HttpResponse response = client.execute(hg); HttpEntity entity = response.getEntity(); if (entity != null) { InputStream instreams = entity.getContent(); msg = convertStreamToString(instreams); } Log.d("result",msg); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } **并且需要自定义SSLSocketFactory类**public class SSLSocketFactoryEx extends SSLSocketFactory{ SSLContext sslContext = SSLContext.getInstance("TLS"); public SSLSocketFactoryEx(KeyStore truststore, char[] arry) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(truststore); KeyManagerFactory localKeyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory .getDefaultAlgorithm()); localKeyManagerFactory.init(truststore, arry); KeyManager[] arrayOfKeyManager = localKeyManagerFactory.getKeyManagers(); TrustManager tm = new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { } }; sslContext.init(arrayOfKeyManager, new TrustManager[] { tm }, new java.security.SecureRandom()); } @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose); } @Override public Socket createSocket() throws IOException { return sslContext.getSocketFactory().createSocket(); }}
2.通过cer证书实现https请求
/** * HttpsURLConnection 实现https请求 */ private void starHttpsCer(String urlStr) { HttpsURLConnection conn = null; try { URL url = new URL(urlStr); conn = (HttpsURLConnection) url.openConnection(); conn.setSSLSocketFactory(setCertificates(MainActivity.this.getAssets().open("xxx.cer"))); conn.connect(); if(conn.getResponseCode() == 200) { InputStream is = conn.getInputStream(); ByteArrayOutputStream bytestream = new ByteArrayOutputStream(); int ch; while ((ch = is.read()) != -1) { bytestream.write(ch); } is.close(); conn.disconnect(); byte[] result = bytestream.toByteArray(); Log.d("result",new String(result)); } } catch (Exception e){ e.printStackTrace(); } }public SSLSocketFactory setCertificates(InputStream... certificates){ try{ //证书工厂。此处指明证书的类型 CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); //创建一个证书库 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); int index = 0; for (InputStream certificate : certificates){ String certificateAlias = Integer.toString(index++); //将证书导入证书库 keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate)); try{ if (certificate != null) certificate.close(); } catch (IOException e){ e.printStackTrace() ; } } //取得SSL的SSLContext实例 SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory. getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore);// //初始化keystore// KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());// clientKeyStore.load(getAssets().open("client.jks"), "123456".toCharArray());//// KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());// keyManagerFactory.init(clientKeyStore, "123456".toCharArray());// 第一个参数是授权的密钥管理器,用来授权验证。TrustManager[]第二个是被授权的证书管理器,用来验证服务器端的证书。第三个参数是一个随机数值,可以填写null sslContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());// sslContext.init(null, null, new SecureRandom()); return sslContext.getSocketFactory() ; } catch (Exception e){ e.printStackTrace(); } return null ; }
注:
如果手机上开了网络代理,有可能遇上请求失败,请关闭代理后重试
更多相关文章
- Android之ksoap2-android详解与调用天气预报Webservice完整实例
- Android,一个函数实现温度计
- 开发问题及解决 java.lang.ClassCastException:android.widget.L
- android adb 命令实践
- android知识杂记(一)
- Android(安卓)通过包名打开App的代码
- Android(安卓)JNI 几个常用方法
- android选择图片或拍照图片上传到服务器(包括上传参数)
- Android中使用HttpGet和HttpPost访问HTTP资源