0
点赞
收藏
分享

微信扫一扫

Android平台实现https --&nbs…


Android平台实现https信任所有证书的方法

Android平台上经常有使用https的需求,对于https服务器使用的根证书是受信任的证书的话,实现https是非常简单的,直接用httpclient库就行了,与使用http几乎没有区别。但是在大多数情况下,服务器所使用的根证书是自签名的,或者签名机构不在设备的信任证书列表中,这样使用httpclient进行https连接就会失败。解决这个问题的办法有两种,一是在发起https连接之前将服务器证书加到httpclient的信任证书列表中,这个相对来说比较复杂一些,很容易出错;另一种办法是让httpclient信任所有的服务器证书,这种办法相对来说简单很多,但安全性则差一些,但在某些场合下有一定的应用场景。这里要举例说明的就是后一种方法:实例化HttpClinet对象时要进行一些处理主要是绑定https连接所使用的端口号,这里绑定了443和8443:





1. schemeRegistry = newSchemeRegistry();  
2. newScheme("https",  
3.                    newEasySSLSocketFactory(), 443));  
4. newScheme("https",  
5.                    newEasySSLSocketFactory(), 8443));  
6. connManager = newThreadSafeClientConnManager(params, schemeRegistry);  
7. httpClient = newDefaultHttpClient(connManager, params);



上面的EasySSLSocketFactory类是我们自定义的,主要目的就是让httpclient接受所有的服务器证书,能够正常的进行https数据读取。相关代码如下:



1.  publicclassEasySSLSocketFactory implementsSocketFactory,  
2.        LayeredSocketFactory {  
3.  
4.    privateSSLContext sslcontext = null;  
5.  
6.    privatestaticSSLContext createEasySSLContext() throwsIOException {  
7.        try{  
8.            SSLContext context = SSLContext.getInstance("TLS");  
9.            context.init(null, newTrustManager[] { newEasyX509TrustManager(  
10.                    null) }, null);  
11.            returncontext;  
12.        } catch(Exception e) {  
13.            thrownewIOException(e.getMessage());  
14.        }  
15.    }  
16.  
17.    privateSSLContext getSSLContext() throwsIOException {  
18.        if(this.sslcontext == null) {  
19.            this.sslcontext = createEasySSLContext();  
20.        }  
21.        returnthis.sslcontext;  
22.    }  
23.  
24.     
25.    publicSocket connectSocket(Socket sock, String host, intport,  
26.            InetAddress localAddress, intlocalPort, HttpParams params)  
27.            throwsIOException, UnknownHostException, ConnectTimeoutException {  
28.        intconnTimeout = HttpConnectionParams.getConnectionTimeout(params);  
29.        intsoTimeout = HttpConnectionParams.getSoTimeout(params);  
30.  
31.        InetSocketAddress remoteAddress = newInetSocketAddress(host, port);  
32.        SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());  
33.  
34.        if((localAddress != null) || (localPort > 0)) {  
35.            // we need to bind explicitly 
36.            if(localPort < 0) {  
37.                localPort = 0; // indicates "any" 
38.            }  
39.            InetSocketAddress isa = newInetSocketAddress(localAddress,  
40.                    localPort);  
41.            sslsock.bind(isa);  
42.        }  
43.  
44.        sslsock.connect(remoteAddress, connTimeout);  
45.        sslsock.setSoTimeout(soTimeout);  
46.        returnsslsock;  
47.  
48.    }  
49.  
50.     
51.    publicSocket createSocket() throwsIOException {  
52.        returngetSSLContext().getSocketFactory().createSocket();  
53.    }  
54.  
55.     
56.    publicbooleanisSecure(Socket socket) throwsIllegalArgumentException {  
57.        returntrue;  
58.    }  
59.  
60.     
61.    publicSocket createSocket(Socket socket, String host, intport,  
62.            booleanautoClose) throwsIOException, UnknownHostException {  
63.        returngetSSLContext().getSocketFactory().createSocket(socket, host,  
64.                port, autoClose);  
65.    }  
66.  
67.    // ------------------------------------------------------------------- 
68.    // javadoc in org.apache.http.conn.scheme.SocketFactory says : 
69.    // Both Object.equals() and Object.hashCode() must be overridden 
70.    // for the correct operation of some connection managers 
71.    // ------------------------------------------------------------------- 
72.  
73.    publicbooleanequals(Object obj) {  
74.        return((obj != null) && obj.getClass().equals(  
75.                EasySSLSocketFactory.class));  
76.    }  
77.  
78.    publicinthashCode() {  
79.        returnEasySSLSocketFactory.class.hashCode();  
80.    }  
81.  
82.  
83.  publicclassEasyX509TrustManager implementsX509TrustManager {  
84.  
85.    privateX509TrustManager standardTrustManager = null;  
86.  
87.     
88.    publicEasyX509TrustManager(KeyStore keystore)  
89.            throwsNoSuchAlgorithmException, KeyStoreException {  
90.        super();  
91.        TrustManagerFactory factory = TrustManagerFactory  
92.               .getInstance(TrustManagerFactory.getDefaultAlgorithm());  
93.        factory.init(keystore);  
94.        TrustManager[] trustmanagers = factory.getTrustManagers();  
95.        if(trustmanagers.length == 0) {  
96.            thrownewNoSuchAlgorithmException("no trust manager found");  
97.        }  
98.        this.standardTrustManager = (X509TrustManager) trustmanagers[0];  
99.    }  
100.  
101.     
102.    publicvoidcheckClientTrusted(X509Certificate[] certificates,  
103.            String authType) throwsCertificateException {  
104.        standardTrustManager.checkClientTrusted(certificates, authType);  
105.    }  
106.  
107.     
108.    publicvoidcheckServerTrusted(X509Certificate[] certificates,  
109.            String authType) throwsCertificateException {  
110.        if((certificates != null) && (certificates.length == 1)) {  
111.            certificates[0].checkValidity();  
112.        } else{  
113.            standardTrustManager.checkServerTrusted(certificates, authType);  
114.        }  
115.    }  
116.  
117.     
118.    publicX509Certificate[] getAcceptedIssuers() {  
119.        returnthis.standardTrustManager.getAcceptedIssuers();  
120.    }

举报

相关推荐

0 条评论