Android项⽬中使⽤HTTPS配置的步骤详解前⾔
如果你的项⽬的⽹络框架是okhttp,那么使⽤https还是挺简单的,因为okhttp默认⽀持HTTPS。
下⾯话不多说了,来⼀起看看详细的介绍:
Android 使⽤ HTTPS 配置的步骤。
1、step
配置hostnameVerifier
new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
2.step
配置 sslSocketFactory
public static SSLSocketFactory getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password){
try{
TrustManager[] trustManagers = prepareTrustManager(certificates);
KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
SSLContext sslContext = Instance("TLS");
TrustManager trustManager = null;
if (trustManagers != null){
trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
} else{
trustManager = new UnSafeTrustManager();
}
sslContext.init(keyManagers, new TrustManager[]{trustManager}, new SecureRandom());
SocketFactory();
} catch (NoSuchAlgorithmException e){
throw new AssertionError(e);
} catch (KeyManagementException e){
throw new AssertionError(e);
} catch (KeyStoreException e){
throw new AssertionError(e);
}
}
private class UnSafeHostnameVerifier implements HostnameVerifier{
@Override
public boolean verify(String hostname, SSLSession session){
return true;
}
}
private static class UnSafeTrustManager implements X509TrustManager{
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException{}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException{}
@Override
public X509Certificate[] getAcceptedIssuers(){
return new X509Certificate[]{};
}
}
private static TrustManager[] certificates){
if (certificates == null || certificates.length <= 0) return null;
try{
CertificateFactory certificateFactory = Instance("X.509");
KeyStore keyStore = DefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates){
String certificateAlias = String(index++);
keyStore.setCertificateEntry(certificateAlias, ateCertificate(certificate));
try{
if (certificate != null)
certificate.close();
} catch (IOException e){
}
}
TrustManagerFactory trustManagerFactory = null;
trustManagerFactory = DefaultAlgorithm());
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = TrustManagers();
return trustManagers;
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
} catch (CertificateException e){
e.printStackTrace();
} catch (KeyStoreException e){
e.printStackTrace();
} catch (Exception e){
e.printStackTrace();
}
return null;
}
private static KeyManager[] prepareKeyManager(InputStream bksFile, String password){
try{
if (bksFile == null || password == null) return null;
KeyStore clientKeyStore = Instance("BKS");
clientKeyStore.load(bksFile, CharArray());
KeyManagerFactory keyManagerFactory = DefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, CharArray());
KeyManagers();
} catch (KeyStoreException e){
e.printStackTrace();
} catch (NoSuchAlgorithmException e){
e.printStackTrace();
} catch (UnrecoverableKeyException e){
e.printStackTrace();
} catch (CertificateException e){
e.printStackTrace();
} catch (IOException e){
e.printStackTrace();
} catch (Exception e){
e.printStackTrace();
}
return null;
}
private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers){
for (TrustManager trustManager : trustManagers){
if (trustManager instanceof X509TrustManager){
return (X509TrustManager) trustManager;
}
}
return null;
}
private static class MyTrustManager implements X509TrustManager{
private X509TrustManager defaultTrustManager;
private X509TrustManager localTrustManager;
public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException{ TrustManagerFactory var4 = DefaultAlgorithm());
var4.init((KeyStore) null);
defaultTrustManager = TrustManagers());
this.localTrustManager = localTrustManager;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException{}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException{
try{
defaultTrustManager.checkServerTrusted(chain, authType);
} catch (CertificateException ce){
localTrustManager.checkServerTrusted(chain, authType);
}
}
@Override
public X509Certificate[] getAcceptedIssuers(){
return new X509Certificate[0];
}
}
调⽤getSslSocketFactory(null,null,null) 即可。
3.step
设置OkhttpClient。
⽅法getSslSocketFactory(null,null,null) 的第⼀个参数本来要传⼊⾃签名证书的,当传⼊null 即可忽略
⾃签名证书。如果你想尝试不忽略⾃签名证书你可以调⽤下⾯的⽅法获取 SSLSocketFactory。并设置到OkhttpClient中。 public static SSLSocketFactory getSSlFactory(Context context) {
try {
CertificateFactory cf = Instance("X.509");
InputStream caInput = new Assets().open(""));//把证书打包在asset⽂件夹中
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
LogUtil.d("Longer", "ca=" + ((X509Certificate) ca).getSubjectDN());
LogUtil.d("Longer", "key=" + ((X509Certificate) ca).getPublicKey());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = DefaultType();
KeyStore keyStore = Instance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = DefaultAlgorithm();
TrustManagerFactory tmf = Instance(tmfAlgorithm);
tmf.init(keyStore);
/
/ Create an SSLContext that uses our TrustManager
SSLContext s = Instance("TLSv1", "AndroidOpenSSL");
s.init(null, TrustManagers(), null);
SocketFactory();
} catch (CertificateException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyStoreException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
android获取真正的签名e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
}
return null;
}
通过上⾯的⼏步配置即可使⽤https的⾃签名证书和单向验证的Https了。
Glide 访问Https的图⽚
1.step
在adle 引⼊下⾯的aar
/提供的Module/
compile 'com.github.bumptech.glide:okhttp3-integration:1.4.0@aar'
2.step
OkHttpClient okhttpClient = new OkHttpClient.Builder()
.connectTimeout(30, TimeUnit.SECONDS)
.retryOnConnectionFailure(true) //设置出现错误进⾏重新连接。
.connectTimeout(15, TimeUnit.SECONDS)
.readTimeout(60 * 1000, TimeUnit.MILLISECONDS)
.SslSocketFactory(null,null,null))
.hostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
})
.build();
//让Glide能⽤HTTPS
<(this).register(GlideUrl.class, InputStream.class, new OkHttpUrlLoader.Factory(okhttpClient));
设置已经验证证书的的OkhttpClient 到Glide 既可。
总结
以上就是这篇⽂章的全部内容了,希望本⽂的内容对⼤家的学习或者⼯作能带来⼀定的帮助,如果有疑问⼤家可以留⾔交流,谢谢⼤家对的⽀持。
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论