Android實現https網路通訊之新增指定信任證書/信任所有證書
阿新 • • 發佈:2019-01-09
當Android客戶端訪問https網站,預設情況下,受證書信任限制,無法訪問,可以有兩種解決方法來實現:
1、將要訪問的https網站的ca證書新增到客戶端信任證書列表中,此種方式為谷歌推薦,安全性高。
2、將客戶端設定為信任所有證書,也就是說不驗證伺服器證書,此種方式實現簡單,但是安全性低,不推薦使用。
直接上程式碼,分別實現兩種方式的訪問。
1、客戶端新增指定信任證書
assets目錄中放置ca.crt證書,此證書為https://certs.cac.washington.edu/CAtest/網站的信任證書。
2、客戶端信任所有https,免證書驗證public void initSSL() throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, KeyManagementException { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream in = getAssets().open("ca.crt"); Certificate ca = cf.generateCertificate(in); KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); keystore.load(null, null); keystore.setCertificateEntry("ca", ca); String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keystore); // Create an SSLContext that uses our TrustManager SSLContext context = SSLContext.getInstance("TLS"); context.init(null, tmf.getTrustManagers(), null); URL url = new URL("https://certs.cac.washington.edu/CAtest/"); // URL url = new URL("https://github.com"); HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); urlConnection.setSSLSocketFactory(context.getSocketFactory()); InputStream input = urlConnection.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(input, "UTF-8")); StringBuffer result = new StringBuffer(); String line = ""; while ((line = reader.readLine()) != null) { result.append(line); } Log.e("TTTT", result.toString()); }
public void initSSLALL() throws KeyManagementException, NoSuchAlgorithmException, IOException { // URL url = new URL("https://certs.cac.washington.edu/CAtest/"); URL url = new URL("https://github.com"); SSLContext context = SSLContext.getInstance("TLS"); context.init(null, new TrustManager[]{new TrustAllManager()}, null); HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory()); HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(); connection.setDoInput(true); connection.setDoOutput(false); connection.setRequestMethod("GET"); connection.connect(); InputStream in = connection.getInputStream(); BufferedReader reader = new BufferedReader(new InputStreamReader(in)); String line = ""; StringBuffer result = new StringBuffer(); while ((line = reader.readLine()) != null) { result.append(line); } Log.e("TTTT", result.toString()); }