标签:
在安卓开发中需要自己写代码实现校验公钥的功能
当然, 如果是自己服务器,就不用校验,
如果是别人的服务器,比如银行,就需要校验
在这里, 小编采用从github上下载的开源框架实现,在开源框架中添加部分代码
下载到开源框架后, 在 AsyncHttpClient.java文件中添加
找到215行代码, 在这里添加校验的代码
证书文件需要拷贝到src的根目录
1 //在这里添加一段 代码, 实现 https 连接, 检验 , 主要是去校验 证书的合法性 2 try { 3 InputStream ins = AsyncHttpClient.class.getClassLoader() 4 .getResourceAsStream("hehe.cer"); // 这个文件就是网站的公钥 5 6 7 CertificateFactory cerFactory = CertificateFactory 8 .getInstance("X.509");// X.509 公钥文件 .pk8 私钥文件的扩展名 9 Certificate cer = cerFactory.generateCertificate(ins); 10 KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); 11 keyStore.load(null, null); 12 keyStore.setCertificateEntry("trust", cer); 13 SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore); 14 schemeRegistry.register(new Scheme("https", socketFactory, 15 httpsPort)); 16 17 } catch (Exception e) { 18 // TODO Auto-generated catch block 19 e.printStackTrace(); 20 } 21 22 return schemeRegistry;
还有不校验的代码
1 //在这里添加一段 代码, 实现 https 连接, 不检验 2 try { 3 KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); 4 trustStore.load(null, null); 5 SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore); 6 //相当于 不在校验数据的合法性 7 sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // 允许所有主机的验证 8 schemeRegistry.register(new Scheme("https", sslSocketFactory, 9 httpsPort)); 10 schemeRegistry.register(new Scheme("https",sf, httpsPort)); 11 } catch (Exception e) { 12 e.printStackTrace(); 13 } 14 15 16 return schemeRegistry;
注意,
在拷贝代码的过程中 SSLSocketFactory 需要自己创建出来, 代码如下:
1 package com.loopj.android.http; 2 3 import java.io.IOException; 4 import java.net.Socket; 5 import java.net.UnknownHostException; 6 import java.security.KeyManagementException; 7 import java.security.KeyStore; 8 import java.security.KeyStoreException; 9 import java.security.NoSuchAlgorithmException; 10 import java.security.UnrecoverableKeyException; 11 12 import javax.net.ssl.SSLContext; 13 import javax.net.ssl.TrustManager; 14 import javax.net.ssl.X509TrustManager; 15 16 import org.apache.http.conn.ssl.SSLSocketFactory; 17 18 class SSLSocketFactoryEx extends SSLSocketFactory { 19 20 SSLContext sslContext = SSLContext.getInstance("TLS"); 21 22 public SSLSocketFactoryEx(KeyStore truststore) 23 throws NoSuchAlgorithmException, KeyManagementException, 24 KeyStoreException, UnrecoverableKeyException { 25 super(truststore); 26 27 TrustManager tm = new X509TrustManager() { 28 29 @Override 30 public java.security.cert.X509Certificate[] getAcceptedIssuers() { 31 return null; 32 } 33 34 @Override 35 public void checkClientTrusted( 36 java.security.cert.X509Certificate[] chain, 37 String authType) 38 throws java.security.cert.CertificateException { 39 40 } 41 42 @Override 43 public void checkServerTrusted( 44 java.security.cert.X509Certificate[] chain, 45 String authType) 46 throws java.security.cert.CertificateException { 47 48 } 49 }; 50 51 sslContext.init(null, new TrustManager[] { tm }, null); 52 } 53 54 @Override 55 public Socket createSocket(Socket socket, String host, int port, 56 boolean autoClose) throws IOException, UnknownHostException { 57 return sslContext.getSocketFactory().createSocket(socket, host, 58 port, autoClose); 59 } 60 61 @Override 62 public Socket createSocket() throws IOException { 63 return sslContext.getSocketFactory().createSocket(); 64 } 65 }
标签:
原文地址:http://www.cnblogs.com/wanghaoyuhappy/p/5267731.html
