android httpClient 支援HTTPS的訪問方式
專案中Android https請求地址遇到了這個異常(無終端認證):
javax.net.ssl.SSLPeerUnverifiedException: No peer certificate
是SSL協議中沒有終端認證。
沒有遇到過的問題,於是無奈的去找度娘。。。。。。。
看了不少大神的部落格後得到的解決方案如下:
- /**
- * Post請求連線Https服務
- * @param serverURL 請求地址
- * @param jsonStr 請求報文
- * @return
- * @throws Exception
- */
- publicstaticsynchronized
- // 引數
- HttpParams httpParameters = new BasicHttpParams();
- // 設定連線超時
- HttpConnectionParams.setConnectionTimeout(httpParameters, 3000);
- // 設定socket超時
- HttpConnectionParams.setSoTimeout(httpParameters, 3000);
- // 獲取HttpClient物件 (認證)
- HttpClient hc = initHttpClient(httpParameters);
- HttpPost post = new HttpPost(serverURL);
- // 傳送資料型別
- post.addHeader("Content-Type", "application/json;charset=utf-8");
- // 接受資料型別
- post.addHeader("Accept", "application/json");
- // 請求報文
- StringEntity entity = new StringEntity(jsonStr,
- post.setEntity(entity);
- post.setParams(httpParameters);
- HttpResponse response = null;
- try {
- response = hc.execute(post);
- } catch (UnknownHostException e) {
- thrownew Exception("Unable to access " + e.getLocalizedMessage());
- } catch (SocketException e) {
- e.printStackTrace();
- }
- int sCode = response.getStatusLine().getStatusCode();
- if (sCode == HttpStatus.SC_OK) {
- return EntityUtils.toString(response.getEntity());
- } else
- thrownew Exception("StatusCode is " + sCode);
- }
- privatestatic HttpClient client = null;
- /**
- * 初始化HttpClient物件
- * @param params
- * @return
- */
- publicstaticsynchronized HttpClient initHttpClient(HttpParams params) {
- if(client == null){
- try {
- KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
- trustStore.load(null, null);
- SSLSocketFactory sf = new SSLSocketFactoryImp(trustStore);
- //允許所有主機的驗證
- sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
- HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
- HttpProtocolParams.setContentCharset(params, HTTP.UTF_8);
- // 設定http和https支援
- SchemeRegistry registry = new SchemeRegistry();
- registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
- registry.register(new Scheme("https", sf, 443));
- ClientConnectionManager ccm = new ThreadSafeClientConnManager(params, registry);
- returnnew DefaultHttpClient(ccm, params);
- } catch (Exception e) {
- e.printStackTrace();
- returnnew DefaultHttpClient(params);
- }
- }
- return client;
- }
- publicstaticclass SSLSocketFactoryImp extends SSLSocketFactory {
- final SSLContext sslContext = SSLContext.getInstance("TLS");
- public SSLSocketFactoryImp(KeyStore truststore)
- throws NoSuchAlgorithmException, KeyManagementException,
- KeyStoreException, UnrecoverableKeyException {
- super(truststore);
- TrustManager tm = new X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- returnnull;
- }
- @Override
- publicvoid checkClientTrusted(
- java.security.cert.X509Certificate[] chain,
- String authType)
- throws java.security.cert.CertificateException {
- }
- @Override
- publicvoid checkServerTrusted(
- java.security.cert.X509Certificate[] chain,
- String authType)
- throws java.security.cert.CertificateException {
- }
- };
- sslContext.init(null, new TrustManager[] { tm }, null);
- }
- @Override
- public Socket createSocket(Socket socket, String host, int port,
- boolean autoClose) throws IOException, UnknownHostException {
- return sslContext.getSocketFactory().createSocket(socket, host,
- port, autoClose);
- }
- @Override
- public Socket createSocket() throws IOException {
- return sslContext.getSocketFactory().createSocket();
- }
- }
run下,小手發抖的點到測試按鈕,深吸口氣,咦?沒反應。。。馬蛋的,工作執行緒忘記start(),唉,再次run下,終於的有點反應了,神奇的竟然沒有報之前的 javax.net.ssl.SSLPeerUnverifiedException: No peer certificate 的異常了。服務端的資料正常返回了。
分析問題:
HTTPS:超文字安全傳輸協議,和HTTP相比,多了一個SSL/TSL的認證過程,埠為443。
1.peer終端傳送一個request,https服務端把支援的加密演算法等以證書的形式返回一個身份資訊(包含ca頒發機構和加密公鑰等)。
2.獲取證書之後,驗證證書合法性。
3.隨機產生一個金鑰,並以證書當中的公鑰加密。
4.request https服務端,把用公鑰加密過的金鑰傳送給https服務端。
5.https服務端用自己的金鑰解密,獲取隨機值。
6.之後雙方傳送資料都用此金鑰加密後通訊。
HTTPS流程清楚後,問題也就明顯了,驗證證書時,無法驗證。
上面提供的解決方案就是新增預設信任全部證書。以此來通過接下來的通訊。
但是,這樣問題是解決了。但是覺得還是不帶靠譜(信任全部證書有點危險)。繼續噼噼啪啪的網上搜索一番。又找到了一種解決方案,其過程大致這樣的:
1.瀏覽器訪問https地址,儲存提示的證書到本地,放到android專案中的assets目錄。
2.匯入證書,程式碼如下。
3.把證書新增為信任。
- publicstatic String requestHTTPSPage(Context context, String mUrl) {
- InputStream ins = null;
- String result = "";
- try {
- ins = context.getAssets().open("my.key"); // 下載的證書放到專案中的assets目錄中
- CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");
- Certificate cer = cerFactory.generateCertificate(ins);
- KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
- keyStore.load(null, null);
- keyStore.setCertificateEntry("trust", cer);
- SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
- Scheme sch = new Scheme("https", socketFactory, 443);
- HttpClient mHttpClient = new DefaultHttpClient();
- mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
- BufferedReader reader = null;
- try {
- HttpGet request = new HttpGet();
- request.setURI(new URI(mUrl));
- HttpResponse response = mHttpClient.execute(request);
- if (response.getStatusLine().getStatusCode() != 200) {
- request.abort();
- return result;
- }
- reader = new BufferedReader(new InputStreamReader(response
- .getEntity().getContent()));
- StringBuffer buffer = new StringBuffer();
- String line = null;
- while ((line = reader.readLine()) != null) {
- buffer.append(line);
- }
- result = buffer.toString();
- } catch (Exception e) {
- e.printStackTrace();
- } finally {
- if (reader != null) {
- reader.close();
- }
- }
- } catch (Exception e) {
- e.printStackTrace();
- } finally {
- try {
- if (ins != null)
- ins.close();
- } catch (IOException e) {
- e.printStackTrace();
- }
- }
- return result;
本文連結:http://my.oschina.net/u/1251149/blog/299010