在安卓開發中需要自己寫代碼實現校驗公鑰的功能
當然, 如果是自己服務器,就不用校驗,
如果是別人的服務器,比如銀行,就需要校驗
在這里, 小編采用從github上下載的開源框架實現,在開源框架中添加部分代碼
下載到開源框架后, 在 AsyncHttpClient.java文件中添加
找到215行代碼, 在這里添加校驗的代碼
證書文件需要拷貝到src的根目錄
1 //在這里添加一段 代碼, 實現 https 連接, 檢驗 , 主要是去校驗 證書的合法性 2 try { 3 InputStream ins = AsyncHttpClient.class.getClassLoader() 4 .getResourceAsStream("hehe.cer"); // 這個文件就是網站的公鑰 5 6 7 CertificateFactory cerFactory = CertificateFactory 8 .getInstance("X.509");// X.509 公鑰文件 .pk8 私鑰文件的擴展名 9 Certificate cer = cerFactory.generateCertificate(ins); 10 KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); 11 keyStore.load(null, null); 12 keyStore.setCertificateEntry("trust", cer); 13 SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore); 14 schemeRegistry.register(new Scheme("https", socketFactory, 15 httpsPort)); 16 17 } catch (Exception e) { 18 // TODO Auto-generated catch block 19 e.printStackTrace(); 20 } 21 22 return schemeRegistry;
還有不校驗的代碼
1 //在這里添加一段 代碼, 實現 https 連接, 不檢驗 2 try { 3 KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType()); 4 trustStore.load(null, null); 5 SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore); 6 //相當於 不在校驗數據的合法性 7 sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // 允許所有主機的驗證 8 schemeRegistry.register(new Scheme("https", sslSocketFactory, 9 httpsPort)); 10 schemeRegistry.register(new Scheme("https",sf, httpsPort)); 11 } catch (Exception e) { 12 e.printStackTrace(); 13 } 14 15 16 return schemeRegistry;
注意,
在拷貝代碼的過程中 SSLSocketFactory 需要自己創建出來, 代碼如下:
1 package com.loopj.android.http; 2 3 import java.io.IOException; 4 import java.net.Socket; 5 import java.net.UnknownHostException; 6 import java.security.KeyManagementException; 7 import java.security.KeyStore; 8 import java.security.KeyStoreException; 9 import java.security.NoSuchAlgorithmException; 10 import java.security.UnrecoverableKeyException; 11 12 import javax.net.ssl.SSLContext; 13 import javax.net.ssl.TrustManager; 14 import javax.net.ssl.X509TrustManager; 15 16 import org.apache.http.conn.ssl.SSLSocketFactory; 17 18 class SSLSocketFactoryEx extends SSLSocketFactory { 19 20 SSLContext sslContext = SSLContext.getInstance("TLS"); 21 22 public SSLSocketFactoryEx(KeyStore truststore) 23 throws NoSuchAlgorithmException, KeyManagementException, 24 KeyStoreException, UnrecoverableKeyException { 25 super(truststore); 26 27 TrustManager tm = new X509TrustManager() { 28 29 @Override 30 public java.security.cert.X509Certificate[] getAcceptedIssuers() { 31 return null; 32 } 33 34 @Override 35 public void checkClientTrusted( 36 java.security.cert.X509Certificate[] chain, 37 String authType) 38 throws java.security.cert.CertificateException { 39 40 } 41 42 @Override 43 public void checkServerTrusted( 44 java.security.cert.X509Certificate[] chain, 45 String authType) 46 throws java.security.cert.CertificateException { 47 48 } 49 }; 50 51 sslContext.init(null, new TrustManager[] { tm }, null); 52 } 53 54 @Override 55 public Socket createSocket(Socket socket, String host, int port, 56 boolean autoClose) throws IOException, UnknownHostException { 57 return sslContext.getSocketFactory().createSocket(socket, host, 58 port, autoClose); 59 } 60 61 @Override 62 public Socket createSocket() throws IOException { 63 return sslContext.getSocketFactory().createSocket(); 64 } 65 }