超级苦工
阅读 513
Android 使用 HTTPS

如果你的项目的网络框架是okhttp,那么使用https还是挺简单的,因为okhttp默认支持HTTPS。传送门

Android 使用 HTTPS 配置的步骤。

  1. step

配置hostnameVerifier


    new HostnameVerifier() {
            @Override
             public boolean verify(String hostname, SSLSession session) {
                   return true;
              }
   };

2.step

配置 sslSocketFactory


public static SSLSocketFactory getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password){
        try{
            TrustManager[] trustManagers = prepareTrustManager(certificates);
            KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            TrustManager trustManager = null;
            if (trustManagers != null){
                trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
            } else{
                trustManager = new UnSafeTrustManager();
            }
            sslContext.init(keyManagers, new TrustManager[]{trustManager}, new SecureRandom());
            return sslContext.getSocketFactory();
        } catch (NoSuchAlgorithmException e){
            throw new AssertionError(e);
        } catch (KeyManagementException e){
            throw new AssertionError(e);
        } catch (KeyStoreException e){
            throw new AssertionError(e);
        }
    }

    private class UnSafeHostnameVerifier implements HostnameVerifier{
        @Override
        public boolean verify(String hostname, SSLSession session){
            return true;
        }
    }

    private static class UnSafeTrustManager implements X509TrustManager{
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException{}

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException{}

        @Override
        public X509Certificate[] getAcceptedIssuers(){
            return new X509Certificate[]{};
        }
    }

    private static TrustManager[] prepareTrustManager(InputStream... certificates){
        if (certificates == null || certificates.length <= 0) return null;
        try{
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            int index = 0;
            for (InputStream certificate : certificates){
                String certificateAlias = Integer.toString(index++);
                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
                try{
                    if (certificate != null)
                        certificate.close();
                } catch (IOException e){
                }
            }
            TrustManagerFactory trustManagerFactory = null;
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            return trustManagers;
        } catch (NoSuchAlgorithmException e){
            e.printStackTrace();
        } catch (CertificateException e){
            e.printStackTrace();
        } catch (KeyStoreException e){
            e.printStackTrace();
        } catch (Exception e){
            e.printStackTrace();
        }
        return null;

    }

    private static KeyManager[] prepareKeyManager(InputStream bksFile, String password){
        try{
            if (bksFile == null || password == null) return null;
            KeyStore clientKeyStore = KeyStore.getInstance("BKS");
            clientKeyStore.load(bksFile, password.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(clientKeyStore, password.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e){
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e){
            e.printStackTrace();
        } catch (UnrecoverableKeyException e){
            e.printStackTrace();
        } catch (CertificateException e){
            e.printStackTrace();
        } catch (IOException e){
            e.printStackTrace();
        } catch (Exception e){
            e.printStackTrace();
        }
        return null;
    }

    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers){
        for (TrustManager trustManager : trustManagers){
            if (trustManager instanceof X509TrustManager){
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static class MyTrustManager implements X509TrustManager{
        private X509TrustManager defaultTrustManager;
        private X509TrustManager localTrustManager;

        public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException{
            TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            var4.init((KeyStore) null);
            defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
            this.localTrustManager = localTrustManager;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException{}

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException{
            try{
                defaultTrustManager.checkServerTrusted(chain, authType);
            } catch (CertificateException ce){
                localTrustManager.checkServerTrusted(chain, authType);
            }
        }

        @Override
        public X509Certificate[] getAcceptedIssuers(){
            return new X509Certificate[0];
        }
    }

调用 getSslSocketFactory(null,null,null) 即可。

3.step

设置OkhttpClient。

https.png

方法 getSslSocketFactory(null,null,null) 的第一个参数 本来要传入自签名证书的,当传入null 即可忽略自签名证书。

如果你想尝试不忽略自签名证书 你可以调用下面的方法获取 SSLSocketFactory。并设置到OkhttpClient中。


 public static SSLSocketFactory getSSlFactory(Context context) {

        try {
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            InputStream caInput = new BufferedInputStream(context.getAssets().open("client.cer"));//把证书打包在asset文件夹中
            Certificate ca;
            try {
                ca = cf.generateCertificate(caInput);
                LogUtil.d("Longer", "ca=" + ((X509Certificate) ca).getSubjectDN());
                LogUtil.d("Longer", "key=" + ((X509Certificate) ca).getPublicKey());
            } finally {
                caInput.close();
            }

            // Create a KeyStore containing our trusted CAs
            String keyStoreType = KeyStore.getDefaultType();
            KeyStore keyStore = KeyStore.getInstance(keyStoreType);
            keyStore.load(null, null);
            keyStore.setCertificateEntry("ca", ca);

            // Create a TrustManager that trusts the CAs in our KeyStore
            String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
            TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
            tmf.init(keyStore);

            // Create an SSLContext that uses our TrustManager
            SSLContext s = SSLContext.getInstance("TLSv1", "AndroidOpenSSL");
            s.init(null, tmf.getTrustManagers(), null);

            return s.getSocketFactory();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (NoSuchProviderException e) {
            e.printStackTrace();
        }
        return null;
    }

通过上面的几步配置即可使用https的自签名证书 和 单向验证的Https了。

Glide 访问Https的图片

1.step

在build.gradle 引入下面的aar

/提供的Module/
compile 'com.github.bumptech.glide:okhttp3-integration:1.4.0@aar'

2.step


  OkHttpClient okhttpClient = new OkHttpClient.Builder()
                .connectTimeout(30, TimeUnit.SECONDS)
                .retryOnConnectionFailure(true) //设置出现错误进行重新连接。
                .connectTimeout(15, TimeUnit.SECONDS)
                .readTimeout(60 * 1000, TimeUnit.MILLISECONDS)
                .sslSocketFactory(HttpsUtils.getSslSocketFactory(null,null,null))
                .hostnameVerifier(new HostnameVerifier() {
                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                        return true;
                    }
                })
                 .build();
        //让Glide能用HTTPS
        Glide.get(this).register(GlideUrl.class, InputStream.class, new OkHttpUrlLoader.Factory(okhttpClient));

设置已经验证证书的的OkhttpClient 到Glide 既可。

END.

关注下面的标签,发现更多相似文章
评论
相关推荐
测试图片

...

js正则校验,match和test的区别

test()var str=&#39;sad13123dfa4v564d5f8fb5sf&#39;; var re=/\d+/g; alert(re.test(str));// 返回布尔值,是否匹配正...

这是一篇文章

this is a blog这是二级标题不错的博客...

手摸手教你撸一个form表单自动收集校验装饰器

项目环境搭建 create-react-app 需要eject后支持decorator装饰器语法 没了 npx create-react-app fakeAntdFormDemo cd fakeAnt...

test

sss...

测试评论开始

(毕设项目)Vue+Go前端后端一体化 企业级微服务网关项目完整无密云盘分享图片 (毕设项目)Vue+Go前端后端一体化 企业级微服务网关项目 【点击下载】不管是基于Java、Python、PHP,还...

测试评论出入参数

准备开始...

测试

测试...

测一测

优点:前端耗时少。因为后端拼接完了html,浏览器只需要直接渲染出来。有利于SEO(搜索引擎优化)。因为在后端有完整的html页面,所以爬虫更容易爬取获得信息,更有利于seo。无需占用客户端资源。即解...

测试

安装 socialiteproviderssocialiteproviders 为 Laravel Socialite 提供了更多的第三方登录方式,基本上你需要的,都能在这里找到。这个组件方便我们完成...

(毕设项目)Vue+Go前端后端一体化 企业级微服务网关项目完整无密云盘分享

(毕设项目)Vue+Go前端后端一体化 企业级微服务网关项目 【点击下载】不管是基于Java、Python、PHP,还是基于Go的网站,网站流量越高,对网关性能要求越高,尤其是亿级流量网站中,网关更是...

2020最新慕课网全站课程分享实战就业班全部都有云盘链接分享

*2020 慕课网所有课程全部都有,百分百高清原画,所有课程全部包含课件源码,完整无密,百度网盘链接分享,官方同步永久包更新! *官方品质,信誉保障!所有课程全部支持试看任何章节! *【点击下载】 *...

Node.js+Koa2+MySQL打造前后端分离精品项目《旧岛》完整无密 云盘分享

Node.js+Koa2+MySQL打造前后端分离精品项目《旧岛》完整无密 【点击下载】Nodejs逐渐成为前端同学进阶的必修技术之一,本课程将带大家从0到1开发一个前后端分离的精品项目《旧岛》,手把...

Learn Go in Y Minutes

转自:https://learnxinyminutes.com/docs/zh-cn/go-cn/ 发明 Go 语言是出于更好地完成工作的需要。Go 不是计算机科学的最新发展潮流,但它却提供了解决现实...

实战企业级项目 践行App重构之路

实战企业级项目 践行App重构之路 完整无密 随着企业级App功能不断累加强大,App代码质量下降、设计缺陷、难以维护、迭代困难等问题越来越突出,App的重构迭代已经成为Android工程师急需解决的...

你好,米粒

米粒小米粒小小米粒其实有时候很孤单...

大学计算机必修课新讲--编译原理+操作系统+图形学

大学计算机必修课新讲--编译原理+操作系统+图形学 无密 [【点击下载】](http://www.97yrbl.com/t-310.html)编译原理,操作系统,图形学被称为程序员的三大浪漫,不仅因为...

2020最新慕课网全站课程完整无密网盘分享

*2020 慕课网所有课程全部都有,百分百高清原画,所有课程全部包含课件源码,完整无密,百度网盘链接分享,官方同步永久包更新!*官方品质,信誉保障!所有课程全部支持试看任何章节!*下载地址:&nbsp...

asdfasdfasdf

asdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasdf ~asdfasdfasdfasdfsadfasdfffffffffffffff...

asdfasdfasdf

tttttt...