Android平台实现https信任所有证书的方法
Android平台上经常有使用https的需求,对于https服务器使用的根证书是受信任的证书的话,实现https是非常简单的,直接用httpclient库就行了,与使用http几乎没有区别。但是在大多数情况下,服务器所使用的根证书是自签名的,或者签名机构不在设备的信任证书列表中,这样使用httpclient进行https连接就会失败。解决这个问题的办法有两种,一是在发起https连接之前将服务器证书加到httpclient的信任证书列表中,这个相对来说比较复杂一些,很容易出错;另一种办法是让httpclient信任所有的服务器证书,这种办法相对来说简单很多,但安全性则差一些,但在某些场合下有一定的应用场景。这里要举例说明的就是后一种方法:实例化HttpClinet对象时要进行一些处理主要是绑定https连接所使用的端口号,这里绑定了443和8443:
1. schemeRegistry = newSchemeRegistry();
2. newScheme("https",
3. newEasySSLSocketFactory(), 443));
4. newScheme("https",
5. newEasySSLSocketFactory(), 8443));
6. connManager = newThreadSafeClientConnManager(params, schemeRegistry);
7. httpClient = newDefaultHttpClient(connManager, params);
上面的EasySSLSocketFactory类是我们自定义的,主要目的就是让httpclient接受所有的服务器证书,能够正常的进行https数据读取。相关代码如下:
1. publicclassEasySSLSocketFactory implementsSocketFactory,
2. LayeredSocketFactory {
3.
4. privateSSLContext sslcontext = null;
5.
6. privatestaticSSLContext createEasySSLContext() throwsIOException {
7. try{
8. SSLContext context = SSLContext.getInstance("TLS");
9. context.init(null, newTrustManager[] { newEasyX509TrustManager(
10. null) }, null);
11. returncontext;
12. } catch(Exception e) {
13. thrownewIOException(e.getMessage());
14. }
15. }
16.
17. privateSSLContext getSSLContext() throwsIOException {
18. if(this.sslcontext == null) {
19. this.sslcontext = createEasySSLContext();
20. }
21. returnthis.sslcontext;
22. }
23.
24.
25. publicSocket connectSocket(Socket sock, String host, intport,
26. InetAddress localAddress, intlocalPort, HttpParams params)
27. throwsIOException, UnknownHostException, ConnectTimeoutException {
28. intconnTimeout = HttpConnectionParams.getConnectionTimeout(params);
29. intsoTimeout = HttpConnectionParams.getSoTimeout(params);
30.
31. InetSocketAddress remoteAddress = newInetSocketAddress(host, port);
32. SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());
33.
34. if((localAddress != null) || (localPort > 0)) {
35. // we need to bind explicitly
36. if(localPort < 0) {
37. localPort = 0; // indicates "any"
38. }
39. InetSocketAddress isa = newInetSocketAddress(localAddress,
40. localPort);
41. sslsock.bind(isa);
42. }
43.
44. sslsock.connect(remoteAddress, connTimeout);
45. sslsock.setSoTimeout(soTimeout);
46. returnsslsock;
47.
48. }
49.
50.
51. publicSocket createSocket() throwsIOException {
52. returngetSSLContext().getSocketFactory().createSocket();
53. }
54.
55.
56. publicbooleanisSecure(Socket socket) throwsIllegalArgumentException {
57. returntrue;
58. }
59.
60.
61. publicSocket createSocket(Socket socket, String host, intport,
62. booleanautoClose) throwsIOException, UnknownHostException {
63. returngetSSLContext().getSocketFactory().createSocket(socket, host,
64. port, autoClose);
65. }
66.
67. // -------------------------------------------------------------------
68. // javadoc in org.apache.http.conn.scheme.SocketFactory says :
69. // Both Object.equals() and Object.hashCode() must be overridden
70. // for the correct operation of some connection managers
71. // -------------------------------------------------------------------
72.
73. publicbooleanequals(Object obj) {
74. return((obj != null) && obj.getClass().equals(
75. EasySSLSocketFactory.class));
76. }
77.
78. publicinthashCode() {
79. returnEasySSLSocketFactory.class.hashCode();
80. }
81.
82.
83. publicclassEasyX509TrustManager implementsX509TrustManager {
84.
85. privateX509TrustManager standardTrustManager = null;
86.
87.
88. publicEasyX509TrustManager(KeyStore keystore)
89. throwsNoSuchAlgorithmException, KeyStoreException {
90. super();
91. TrustManagerFactory factory = TrustManagerFactory
92. .getInstance(TrustManagerFactory.getDefaultAlgorithm());
93. factory.init(keystore);
94. TrustManager[] trustmanagers = factory.getTrustManagers();
95. if(trustmanagers.length == 0) {
96. thrownewNoSuchAlgorithmException("no trust manager found");
97. }
98. this.standardTrustManager = (X509TrustManager) trustmanagers[0];
99. }
100.
101.
102. publicvoidcheckClientTrusted(X509Certificate[] certificates,
103. String authType) throwsCertificateException {
104. standardTrustManager.checkClientTrusted(certificates, authType);
105. }
106.
107.
108. publicvoidcheckServerTrusted(X509Certificate[] certificates,
109. String authType) throwsCertificateException {
110. if((certificates != null) && (certificates.length == 1)) {
111. certificates[0].checkValidity();
112. } else{
113. standardTrustManager.checkServerTrusted(certificates, authType);
114. }
115. }
116.
117.
118. publicX509Certificate[] getAcceptedIssuers() {
119. returnthis.standardTrustManager.getAcceptedIssuers();
120. }
