Android平臺實現https信任所有證書的方法
Android平臺上經常有使用https的需求,對於https伺服器使用的根證照是受信任的證照的話,實現https是非常簡單的,直接用httpclient庫就行了,與使用http幾乎沒有區別。但是在大多數情況下,伺服器所使用的根證照是自簽名的,或者簽名機構不在裝置的信任證照列表中,這樣使用httpclient進行https連線就會失敗。解決這個問題的辦法有兩種,一是在發起https連線之前將伺服器證照加到httpclient的信任證照列表中,這個相對來說比較複雜一些,很容易出錯;另一種辦法是讓httpclient信任所有的伺服器證照,這種辦法相對來說簡單很多,但安全性則差一些,但在某些場合下有一定的應用場景。這裡要舉例說明的就是後一種方法:例項化HttpClinet物件時要進行一些處理主要是繫結https連線所使用的埠號,這裡繫結了443和8443:
- SchemeRegistry schemeRegistry = new SchemeRegistry();
- schemeRegistry.register(new Scheme("https",
- new EasySSLSocketFactory(), 443));
- schemeRegistry.register(new Scheme("https",
- new EasySSLSocketFactory(), 8443));
- ClientConnectionManager connManager = new ThreadSafeClientConnManager(params, schemeRegistry);
- HttpClient httpClient = new DefaultHttpClient(connManager, params);
上面的EasySSLSocketFactory類是我們自定義的,主要目的就是讓httpclient接受所有的伺服器證照,能夠正常的進行https資料讀取。相關程式碼如下:
- public class EasySSLSocketFactory implements SocketFactory,
- LayeredSocketFactory {
- private SSLContext sslcontext = null;
- private static SSLContext createEasySSLContext() throws IOException {
- try {
- SSLContext context = SSLContext.getInstance("TLS");
- context.init(null, new TrustManager[] { new EasyX509TrustManager(
- null) }, null);
- return context;
- } catch (Exception e) {
- throw new IOException(e.getMessage());
- }
- }
- private SSLContext getSSLContext() throws IOException {
- if (this.sslcontext == null) {
- this.sslcontext = createEasySSLContext();
- }
- return this.sslcontext;
- }
- public Socket connectSocket(Socket sock, String host, int port,
- InetAddress localAddress, int localPort, HttpParams params)
- throws IOException, UnknownHostException, ConnectTimeoutException {
- int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
- int soTimeout = HttpConnectionParams.getSoTimeout(params);
- InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
- SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
- if ((localAddress != null) || (localPort > 0)) {
- // we need to bind explicitly
- if (localPort < 0) {
- localPort = 0; // indicates "any"
- }
- InetSocketAddress isa = new InetSocketAddress(localAddress,
- localPort);
- sslsock.bind(isa);
- }
- sslsock.connect(remoteAddress, connTimeout);
- sslsock.setSoTimeout(soTimeout);
- return sslsock;
- }
- public Socket createSocket() throws IOException {
- return getSSLContext().getSocketFactory().createSocket();
- }
- public boolean isSecure(Socket socket) throws IllegalArgumentException {
- return true;
- }
- public Socket createSocket(Socket socket, String host, int port,
- boolean autoClose) throws IOException, UnknownHostException {
- return getSSLContext().getSocketFactory().createSocket(socket, host,
- port, autoClose);
- }
- // -------------------------------------------------------------------
- // javadoc in org.apache.http.conn.scheme.SocketFactory says :
- // Both Object.equals() and Object.hashCode() must be overridden
- // for the correct operation of some connection managers
- // -------------------------------------------------------------------
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(
- EasySSLSocketFactory.class));
- }
- public int hashCode() {
- return EasySSLSocketFactory.class.hashCode();
- }
- }
- public class EasyX509TrustManager implements X509TrustManager {
- private X509TrustManager standardTrustManager = null;
- public EasyX509TrustManager(KeyStore keystore)
- throws NoSuchAlgorithmException, KeyStoreException {
- super();
- TrustManagerFactory factory = TrustManagerFactory
- .getInstance(TrustManagerFactory.getDefaultAlgorithm());
- factory.init(keystore);
- TrustManager[] trustmanagers = factory.getTrustManagers();
- if (trustmanagers.length == 0) {
- throw new NoSuchAlgorithmException("no trust manager found");
- }
- this.standardTrustManager = (X509TrustManager) trustmanagers[0];
- }
- public void checkClientTrusted(X509Certificate[] certificates,
- String authType) throws CertificateException {
- standardTrustManager.checkClientTrusted(certificates, authType);
- }
- public void checkServerTrusted(X509Certificate[] certificates,
- String authType) throws CertificateException {
- if ((certificates != null) && (certificates.length == 1)) {
- certificates[0].checkValidity();
- } else {
- standardTrustManager.checkServerTrusted(certificates, authType);
- }
- }
- public X509Certificate[] getAcceptedIssuers() {
- return this.standardTrustManager.getAcceptedIssuers();
- }
- }
相關文章
- Android okhttp3.0配置https的自簽證書和信任所有證書AndroidHTTP
- HTTPS信任證書HTTP
- Android平臺Airplay的實現方法AndroidAI
- 本地測試Http升級到Https(證書信任)HTTP
- 推薦|免費ssl萬用字元證書https萬用字元證書平臺,價效比超高的證書字元HTTP
- Android證書信任問題與大表哥Android
- nginx配置SSL證書實現https服務NginxHTTP
- 在IIS下部署SSL證書實現HTTPSHTTP
- Charles https抓- iOS 10 3以上版本證書信任問題HTTPiOS
- 簡易實現 HTTPS (二) 自簽名證書HTTP
- 最後通知:Chrome 70 將不信任Symantec PKI頒發的所有證書Chrome
- 騰訊雲:免費SSL證書實現https請求HTTP
- 生成https證書HTTP
- HTTPS的SSL證書配置HTTP
- win10證書無效如何新增信任證書_win10證書失效新增信任圖文詳解Win10
- iOS 對 HTTPS 證書鏈的驗證iOSHTTP
- Android 使Volley完美支援自定義證書的HttpsAndroidHTTP
- 鐵威馬NAS新增SSL證書實現HTTPS安全訪問HTTP
- 安裝SSL證書的網站如何實現HTTP重定向到HTTPS網站HTTP
- IdentityServer4 證書不受信任IDEServer
- Nginx 配置https證書NginxHTTP
- 免費https證書HTTP
- Nginx https證書部署NginxHTTP
- windows10系統瀏覽網頁出現證書失效怎麼新增信任證書Windows網頁
- iOS 中對 HTTPS 證書鏈的驗證iOSHTTP
- SSL證書生成,完成HTTPS驗證HTTP
- 關於 Chrome 取消信任 Symantec 證書的計劃Chrome
- 極狐GitLab Runner 信任域名證書Gitlab
- SpringBoot服務間使用自簽名證書實現https雙向認證Spring BootHTTP
- 建立並使用https證書HTTP
- 利用nginx和騰訊雲免費證書製作https的方法NginxHTTP
- 通過 Certbot 安裝 Let's Encrypt 證書,來實現全站的 HTTPS 訪問HTTP
- 透過 Certbot 安裝 Let's Encrypt 證書,來實現全站的 HTTPS 訪問HTTP
- 基於Android平臺的RouterSDK設計與實現Android
- Android平臺Camera實時濾鏡實現方法探討(一)--JNI操作BitmapAndroid
- iOS企業簽名證書為什麼會出現信任提示iOS
- 什麼是HTTPS證書?HTTP與HTTPS的區別HTTP
- Mac之解決證書不受信任問題Mac