Android项目中使用HTTPS配置的步骤详解
时间:2019-03-30
本文章向大家介绍Android项目中使用HTTPS配置的步骤详解,主要包括Android项目中使用HTTPS配置的步骤详解使用实例、应用技巧、基本知识点总结和需要注意事项,具有一定的参考价值,需要的朋友可以参考一下。
前言
如果你的项目的网络框架是okhttp,那么使用https还是挺简单的,因为okhttp默认支持HTTPS。传送门
下面话不多说了,来一起看看详细的介绍:
Android 使用 HTTPS 配置的步骤。
1、step
配置hostnameVerifier
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
2.step
配置 sslSocketFactory
public static SSLSocketFactory getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password){
try{
TrustManager[] trustManagers = prepareTrustManager(certificates);
KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManager trustManager = null;
if (trustManagers != null){
trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
} else{
trustManager = new UnSafeTrustManager();
}
sslContext.init(keyManagers, new TrustManager[]{trustManager}, new SecureRandom());
return sslContext.getSocketFactory();
} catch (NoSuchAlgorithmException e){
throw new AssertionError(e);
} catch (KeyManagementException e){
throw new AssertionError(e);
} catch (KeyStoreException e){
throw new AssertionError(e);
}
}
private class UnSafeHostnameVerifier implements HostnameVerifier{
@Override
public boolean verify(String hostname, SSLSession session){
return true;
}
}
private static class UnSafeTrustManager implements X509TrustManager{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException{}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException{}
@Override
public X509Certificate[] getAcceptedIssuers(){
return new X509Certificate[]{};
}
}
private static TrustManager[] prepareTrustManager(InputStream... certificates){
if (certificates == null || certificates.length <= 0) return null;
try{
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates){
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
try{
if (certificate != null)
certificate.close();
} catch (IOException e){
}
}
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
return trustManagers;
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
} catch (CertificateException e){
e.printStackTrace();
} catch (KeyStoreException e){
e.printStackTrace();
} catch (Exception e){
e.printStackTrace();
}
return null;
}
private static KeyManager[] prepareKeyManager(InputStream bksFile, String password){
try{
if (bksFile == null || password == null) return null;
KeyStore clientKeyStore = KeyStore.getInstance("BKS");
clientKeyStore.load(bksFile, password.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientKeyStore, password.toCharArray());
return keyManagerFactory.getKeyManagers();
} catch (KeyStoreException e){
e.printStackTrace();
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
} catch (UnrecoverableKeyException e){
e.printStackTrace();
} catch (CertificateException e){
e.printStackTrace();
} catch (IOException e){
e.printStackTrace();
} catch (Exception e){
e.printStackTrace();
}
return null;
}
private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers){
for (TrustManager trustManager : trustManagers){
if (trustManager instanceof X509TrustManager){
return (X509TrustManager) trustManager;
}
}
return null;
}
private static class MyTrustManager implements X509TrustManager{
private X509TrustManager defaultTrustManager;
private X509TrustManager localTrustManager;
public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException{
TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
var4.init((KeyStore) null);
defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
this.localTrustManager = localTrustManager;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException{}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException{
try{
defaultTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException ce){
localTrustManager.checkServerTrusted(chain, authType);
}
}
@Override
public X509Certificate[] getAcceptedIssuers(){
return new X509Certificate[0];
}
}
调用 getSslSocketFactory(null,null,null) 即可。
3.step
设置OkhttpClient。
方法 getSslSocketFactory(null,null,null) 的第一个参数 本来要传入自签名证书的,当传入null 即可忽略自签名证书。
如果你想尝试不忽略自签名证书 你可以调用下面的方法获取 SSLSocketFactory。并设置到OkhttpClient中。
public static SSLSocketFactory getSSlFactory(Context context) {
try {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream caInput = new BufferedInputStream(context.getAssets().open("client.cer"));//把证书打包在asset文件夹中
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
LogUtil.d("Longer", "ca=" + ((X509Certificate) ca).getSubjectDN());
LogUtil.d("Longer", "key=" + ((X509Certificate) ca).getPublicKey());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext s = SSLContext.getInstance("TLSv1", "AndroidOpenSSL");
s.init(null, tmf.getTrustManagers(), null);
return s.getSocketFactory();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
return null;
}
通过上面的几步配置即可使用https的自签名证书 和 单向验证的Https了。
Glide 访问Https的图片
1.step
在build.gradle 引入下面的aar
/提供的Module/ compile 'com.github.bumptech.glide:okhttp3-integration:1.4.0@aar'
2.step
OkHttpClient okhttpClient = new OkHttpClient.Builder()
.connectTimeout(30, TimeUnit.SECONDS)
.retryOnConnectionFailure(true) //设置出现错误进行重新连接。
.connectTimeout(15, TimeUnit.SECONDS)
.readTimeout(60 * 1000, TimeUnit.MILLISECONDS)
.sslSocketFactory(HttpsUtils.getSslSocketFactory(null,null,null))
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})
.build();
//让Glide能用HTTPS
Glide.get(this).register(GlideUrl.class, InputStream.class, new OkHttpUrlLoader.Factory(okhttpClient));
设置已经验证证书的的OkhttpClient 到Glide 既可。
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作能带来一定的帮助,如果有疑问大家可以留言交流,谢谢大家对脚本之家的支持。
- 图形化的2008R2 Server Core 配置管理工具
- 各种浏览器的userAgent
- WordPress 根据浏览器 user-agent 按需加载CSS 文件
- memcached的最新状态
- [程序设计语言]-01:引言
- ASP.NET Ajax 库
- ASP.NET进程优化
- 多说 提速:js内页页脚加载、静态文件CDN
- 微信小程序的王者时代
- [程序设计语言]-[核心概念]-02:名字、作用域和约束(Bindings)
- NUMA架构
- 如何处理 Python 入门难以进步的现象?
- 编写前置和后置条件的连贯接口库:CuttingEdge.Conditions
- [程序设计语言]-[核心概念]-03:控制流
- JavaScript 教程
- JavaScript 编辑工具
- JavaScript 与HTML
- JavaScript 与Java
- JavaScript 数据结构
- JavaScript 基本数据类型
- JavaScript 特殊数据类型
- JavaScript 运算符
- JavaScript typeof 运算符
- JavaScript 表达式
- JavaScript 类型转换
- JavaScript 基本语法
- JavaScript 注释
- Javascript 基本处理流程
- Javascript 选择结构
- Javascript if 语句
- Javascript if 语句的嵌套
- Javascript switch 语句
- Javascript 循环结构
- Javascript 循环结构实例
- Javascript 跳转语句
- Javascript 控制语句总结
- Javascript 函数介绍
- Javascript 函数的定义
- Javascript 函数调用
- Javascript 几种特殊的函数
- JavaScript 内置函数简介
- Javascript eval() 函数
- Javascript isFinite() 函数
- Javascript isNaN() 函数
- parseInt() 与 parseFloat()
- escape() 与 unescape()
- Javascript 字符串介绍
- Javascript length属性
- javascript 字符串函数
- Javascript 日期对象简介
- Javascript 日期对象用途
- Date 对象属性和方法
- Javascript 数组是什么
- Javascript 创建数组
- Javascript 数组赋值与取值
- Javascript 数组属性和方法
- “终于懂了” 系列:Android组件化,全面掌握!
- Requests库快速学习
- 简单易懂的springMVC中的测试类
- 花了一个星期,我终于把RPC框架整明白了!
- PageHelper分页插件
- Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLIntegrityConstraintViolationException
- 分享一套仿英雄联盟大型多人联机实时对战游戏源码(包含完整服务器和客户端源码)
- 【Flutter 专题】101 何为 Flutter Elements ?
- 10.10面试:SpringMVC中目前学习过的注解及功能?+怎么接受前端传递到后台的数据?
- 【Flutter 专题】102 何为 Flutter RenderObjects ?
- 创建出来的maven项目没有iml文件
- SpringMVC传递参数乱码解决,web.xml中配置编码过滤器
- SpringMVC中传值有些值为null使用@RequestParam(“name“)解决
- 9.30面试:AOP+事务+JDK动态代理与cglib区别+Spring的aop如何切换底层创建代理对象的方式
- R语言实现基因组的可视化