本文介绍如何使用Android的HttpsURLConnection进行网络访问,包括解决信任证书问题、配置SSL上下文及使用自定义X509TrustManager的方法。
Android之HttpsURLConnection访问网络(android https协议)
android 基于https协议(HttpsURLConnection)的网络访问:
由于HttpsURLConnection是HttpURLConnection的子类,在这里就不多作介绍了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(当前
项目中是http、https都可以访问,所以采用的是HttpURLConnection)
在这里值得注意的是:
1. 本人没用研究过X509HostnameVerifier这个接口,就直接重写了X509HostnameVerifier这个接口,
把它唯一的方法写为空,直接return ture;结果一直抛:CertificationException: Trust anchor
for certification path not found,根据字面意思是指数字签名证书找不到,后来无意中在网上
看到一句这样的代码(当然这安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
设置签名证书为所有主机验证通过,然后再设置下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最后此异常它不抛了。。。。嘿嘿,由此我猜:这个东西可能是指对安全验证的过滤(也可说的安全
级别的设置)
2. 在android中,目前只支持数字签名证书为BKS的格式,如果其它格式的话需要转换,转换就不说了,
网上一大堆。如果有异常为:KeyStore JKSimplementation not found的话一般就是这个原因了。
3. 通过SSLContext.getInstance("TLS")来获取SSL上下文,这个有些不太明白为什么"SSL"和"TLS"有
什么区别,谁知道的话告诉我一下.
- public class NetHelper {
- public static final String DOMAIN_LIST = "RestService/User/DomainList";
- X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
- SSLContext sslContext = null;
- InputStream in = null;
- public NetHelper() {
- try {
- MyX509TrustManager mtm = new MyX509TrustManager();
- TrustManager[] tms = new TrustManager[] { mtm };
- // 初始化X509TrustManager中的SSLContext
- sslContext = SSLContext.getInstance("TLS");
- sslContext.init(null, tms, new java.security.SecureRandom());
- } catch (Exception e) {
- e.printStackTrace();
- }
- // 为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier
- if (sslContext != null) {
- HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
- }
- HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
- }
- /*
- * 取Domain
- */
- public InputStream getDomainList(String path) throws Exception {
- String uri = path + DOMAIN_LIST;
- Log.i("sys", uri);
- URL url = new URL(uri);
- HttpURLConnection conn = null;//也可用HttpsURLConnection,但将不可进行http访问
- //if(uri.contains("https")){
- // conn = (HttpsURLConnection) url.openConnection();
- //}else
- conn = (HttpURLConnection) url.openConnection();
- conn.setRequestMethod("GET");
- conn.setDoOutput(true);
- conn.setDoInput(true);
- // 设置连接超时时间
- conn.setConnectTimeout(4 * 1000);
- conn.setRequestProperty("Content-Type", "text/xml");
- conn.connect();
- in = conn.getInputStream();
- return in;
- }
- }
还需自定义X509TrustManager:
注:通过实现X509TrustManager来定义了证书管理器,对服务器和客户端进行验证方法,
把所有的方法写成空(如果有的话则需要验证),还需要定义我们的KeyStore来源数字
签名证书文件)。然后初始化证书管理工厂,并调用getTrustManagers()方法来获取这个
管理器
- public class MyX509TrustManager implements X509TrustManager {
- X509TrustManager myJSSEX509TrustManager;
- public MyX509TrustManager() throws Exception {
- KeyStore ks = KeyStore.getInstance("BKS");
- // ks.load(new FileInputStream("trustedCerts"),
- // "passphrase".toCharArray()); //----> 这是加载自己的数字签名证书文件和密码,在这里这里没有,所以不需要
- TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
- tmf.init(ks);
- TrustManager tms[] = tmf.getTrustManagers();
- for (int i = 0; i < tms.length; i++) {
- if (tms[i] instanceof X509TrustManager) {
- myJSSEX509TrustManager = (X509TrustManager) tms[i];
- return;
- }
- }
- }
- @Override
- public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
- // sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
- }
- @Override
- public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
- // sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
- }
- @Override
- public X509Certificate[] getAcceptedIssuers() {
- // X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
- // .getAcceptedIssuers();
- // return acceptedIssuers;
- return null;
- }
- }
先记到这里,以后发现错误再改,留给自己以后懂了再来看看改
扫一扫
7076
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
