Android Https雙向認證 + GRPC
keywords:
android https 雙向認證
android GRPC https 雙向認證
ManagedChannel channel = OkHttpChannelBuilder.forAddress("xxx",yyy) .overrideAuthority("zzz") .sslSocketFactory(sslFactory) .build();
1、千萬不要像官網案例那樣設置setPlaintext(true),這個是設置明文,我們用的是密文
2、xxx是服務器的ip,yyy是端口號,zzz是domain(這些參數服務端都會提供給你)
特別註意這個overrideAuthority一定要調用,覆蓋hostname來匹配服務器的證書
3、sslSocketFactory這個方法就是設置密鑰的方法。一般服務端會提供個.pem的密鑰文件,放在raw中。我們把這個密鑰設置到OkHttpChannelBuilder中即可以訪問服務器了,關於sslSocketFactory 網上可以搜索到很多有關的內容。
cert files gen:# Generates client.crt which is the clientCertChainFile forrefs:the client (need for mutual TLS only) openssl x509 -passin pass:1111 -req -days 365 -in client.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out client.crt echo Remove passphrase from client key: openssl rsa -passin pass:1111 -in client.key -out client.key echo Converting the private keys to X.509: # Generates client.pemwhich is the clientPrivateKeyFile for the Client (needed for mutual TLS only) openssl pkcs8 -topk8 -nocrypt -in client.key -out client.pem # Generates server.pem which is the privateKeyFile for the Server openssl pkcs8 -topk8 -nocrypt -in server.key -out server.pem
gRPC Android SSL/TLS Demo(Android上帶有SSL/TLS加密的gRPC使用詳解)
https://www.jianshu.com/p/2873a8349ca0
src demo:
https://github.com/grpc/grpc-java/blob/015b2fffa31995ff7923b4076f9324d464b7d827/android-interop-testing/app/src/main/java/io/grpc/android/integrationtest/TesterOkHttpChannelBuilder.java
grpc android mutual tls, how to send client certificate and key to server #3887
https://github.com/grpc/grpc-java/issues/3887
OkHttpChannelBuilder API Doc
https://grpc.io/grpc-java/javadoc/io/grpc/okhttp/OkHttpChannelBuilder.html#sslSocketFactory-javax.net.ssl.SSLSocketFactory-
NettyServerBuilder API Doc
https://grpc.io/grpc-java/javadoc/io/grpc/netty/NettyServerBuilder.html#sslContext-io.netty.handler.ssl.SslContext-
https://github.com/grpc/grpc-java/tree/master/examples/example-tls
Android HTTPS SSL雙向驗證(自簽名證書) Android HTTPS SSL雙向驗證(CA根證書) https://github.com/Frank-Zhu/AndroidHttpsDemo
Aandroid中https請求的單向認證和雙向認證
https://blog.csdn.net/u011394071/article/details/52880062
基於Retrofit實現HTTPS思路
由於Retrofit是基於OkHttp實現的,因此想通過Retrofit實現HTTPS需要給Retrofit設置一個OkHttp代理對象用於處理HTTPS的握手過程。代理代碼如下:
OkHttpClient okHttpClient = new OkHttpClient.Builder() .sslSocketFactory(SSLHelper.getSSLCertifcation(context))//為OkHttp對象設置SocketFactory用於雙向認證 .hostnameVerifier(new UnSafeHostnameVerifier()) .build(); Retrofit retrofit = new Retrofit.Builder() .baseUrl("https://10.2.8.56:8443") .addConverterFactory(GsonConverterFactory.create())//添加 json 轉換器 .addCallAdapterFactory(RxJavaCallAdapterFactory.create())//添加 RxJava 適配器 .client(okHttpClient)//添加OkHttp代理對象 .build();
Android HTTPS 自制證書實現雙向認證(OkHttp + Retrofit + Rxjava)
https://www.jianshu.com/p/64172ccfb73b
Android Https雙向認證 + GRPC