Android  HTTPS调用

mafa1993

关注

阅读 59

2023-04-30


Android 支持HTTPS

关键点:

1.Android仅支持BouncyCastle,BKS密库

2.生成密钥

 keytool -genkey -alias tomcat -keyalg RSA -keystore server.keystore -validity 3600

 keytool -export -alias tomcat -file server.cer -keystore server.keystore -storepass 123456

 keytool -import -alias tomcat -file server.cer -keystore server_trust.keystore -storepass 123456 -storetype BKS -providername "BC"

参见:http://anjxue.iteye.com/blog/1140275

 另外使用HttpsURLConnection时需要实现HostnameVerifier 和 X509TrustManager,这两个实现是必须的,要不会报安全验证异常。然后初始化X509TrustManager中的SSLContext,为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier。


code:


1. public class HttpsDemo extends Activity implements OnClickListener  
2. {  
3.    private static final String TAG = "HttpsDemo";  
4.    private static final String HTTS_URL = "https://192.168.7.39:8443/";  
5.    private EditText editText;  
6.    private Button button;  
7.  
8.      
9.    private static final String CLIENT_KET_PASSWORD = "123456";  
10.  
11.      
12.    private static final String CLIENT_TRUST_PASSWORD = "123456";  
13.  
14.      
15.    private static final String CLIENT_AGREEMENT = "TLS";  
16.  
17.      
18.    private static final String CLIENT_KEY_MANAGER = "X509";  
19.  
20.      
21.    private static final String CLIENT_TRUST_MANAGER = "X509";  
22.  
23.      
24.    private static final String CLIENT_KEY_KEYSTORE = "BKS";  
25.  
26.      
27.    private static final String CLIENT_TRUST_KEYSTORE = "BKS";  
28.  
29.    private AssetManager mAssetManager = null;  
30.  
31.    @Override  
32.    protected void onCreate(Bundle savedInstanceState)  
33.    {  
34.        super.onCreate(savedInstanceState);  
35.        setContentView(R.layout.https_demo);  
36.  
37.        mAssetManager = getAssets();  
38.  
39.        editText = (EditText) findViewById(R.id.url_entry_text);  
40.        button = (Button) findViewById(R.id.go_url_btn);  
41.  
42.        editText.setText(HTTS_URL);  
43.        button.setOnClickListener(this);  
44.    }  
45.  
46.    @Override  
47.    public void onClick(View v)  
48.    {  
49.        connect(editText.getText().toString());  
50.    }  
51.  
52.    private void connect(String httpsUrl)  
53.    {  
54.        java.net.URL url = null;  
55.        HttpsURLConnection conn = null;  
56.        InputStream inputs = null;  
57.  
58.        try  
59.        {  
60.            //取得SSL的SSLContext实例     
61.            SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);  
62.            //取得KeyManagerFactory实例     
63.            KeyManagerFactory keyManager = KeyManagerFactory  
64.                .getInstance(CLIENT_KEY_MANAGER);  
65.            //取得TrustManagerFactory的X509密钥管理器  
66.            TrustManagerFactory trustManager = TrustManagerFactory  
67.                .getInstance(CLIENT_TRUST_MANAGER);  
68.  
69.            //取得BKS密库实例     
70.            KeyStore keyKeyStore = KeyStore.getInstance(CLIENT_KEY_KEYSTORE);  
71.            KeyStore trustKeyStore = KeyStore  
72.                .getInstance(CLIENT_TRUST_KEYSTORE);  
73.  
74.            //加载证书和私钥,通过读取资源文件的方式读取密钥和信任证书(kclient:密钥;lt_client:信任证书)   
75.            InputStream is = mAssetManager.open("trust.keystore");  
76.            //kclient:密钥  
77.            keyKeyStore.load(is, CLIENT_KET_PASSWORD.toCharArray());  
78.            is.reset();  
79.            //lt_client:信任证书  
80.            trustKeyStore.load(is, CLIENT_TRUST_PASSWORD.toCharArray());  
81.            is.close();  
82.  
83.            //初始化密钥管理器、信任证书管理器  
84.            keyManager.init(keyKeyStore, CLIENT_KET_PASSWORD.toCharArray());  
85.            trustManager.init(trustKeyStore);  
86.  
87.            //初始化SSLContext     
88.            sslContext.init(keyManager.getKeyManagers(),  
89.                trustManager.getTrustManagers(), null);  
90.  
91.            url = new URL(HTTS_URL);  
92.            conn = (HttpsURLConnection) url.openConnection();  
93.            conn.setSSLSocketFactory(sslContext.getSocketFactory());  
94.            conn.setHostnameVerifier(new TrustAnyHostnameVerifier());  
95.  
96.            conn.setDoInput(true);  
97.            conn.setDoOutput(true);  
98.            conn.setRequestProperty("Accept", "*/*");  
99.            conn.setRequestProperty("Pragma", "No-cache");  
100.            conn.setRequestProperty("Cache-Control", "no-cache");  
101.            conn.setRequestProperty("connection", "keep-alive");  
102.            conn.setRequestProperty("accept-charset", "utf-8");  
103.            conn.setRequestProperty("Content-Type", "text/xml");  
104.  
105.            conn.setConnectTimeout(30000);  
106.            conn.setReadTimeout(30000);  
107.  
108.            conn.setRequestMethod("GET");  
109.  
110.            // 执行到该句就是开始建立连接并取得连接的响应结果  
111.            int code = conn.getResponseCode();  
112.  
113.            Log.i(TAG, "http response code is " + code);  
114.  
115.            inputs = conn.getInputStream();  
116.  
117.            int size = conn.getContentLength();  
118.  
119.            Log.i(TAG, "getContentLength" + size);  
120.  
121.            byte[] buf = new byte[10000];  
122.            inputs.read(buf);  
123.            Log.d(TAG, "res:" + new String(buf));  
124.  
125.        }  
126.        catch (MalformedURLException e)  
127.        {  
128.            e.printStackTrace();  
129.        }  
130.        catch (IOException e)  
131.        {  
132.            e.printStackTrace();  
133.        }  
134.        catch (NoSuchAlgorithmException e)  
135.        {  
136.            e.printStackTrace();  
137.        }  
138.        catch (KeyManagementException e)  
139.        {  
140.            e.printStackTrace();  
141.        }  
142.        catch (KeyStoreException e)  
143.        {  
144.            e.printStackTrace();  
145.        }  
146.        catch (CertificateException e)  
147.        {  
148.            e.printStackTrace();  
149.        }  
150.        catch (UnrecoverableKeyException e)  
151.        {  
152.            e.printStackTrace();  
153.        }  
154.        finally  
155.        {  
156.            if (conn != null)  
157.            {  
158.                conn.disconnect();  
159.            }  
160.        }  
161.  
162.    }  
163.  
164.    public class TrustAnyHostnameVerifier implements HostnameVerifier  
165.    {  
166.        public boolean verify(String hostname, SSLSession session)  
167.        {  
168.            return true;  
169.        }  
170.    }  
171. }

精彩评论(0)

0 0 举报