1. 程式人生 > >Android實現https網路通訊之新增指定信任證書/信任所有證書

Android實現https網路通訊之新增指定信任證書/信任所有證書

當Android客戶端訪問https網站,預設情況下,受證書信任限制,無法訪問,可以有兩種解決方法來實現:

1、將要訪問的https網站的ca證書新增到客戶端信任證書列表中,此種方式為谷歌推薦,安全性高。

2、將客戶端設定為信任所有證書,也就是說不驗證伺服器證書,此種方式實現簡單,但是安全性低,不推薦使用。

直接上程式碼,分別實現兩種方式的訪問。

1、客戶端新增指定信任證書

assets目錄中放置ca.crt證書,此證書為https://certs.cac.washington.edu/CAtest/網站的信任證書。

public void initSSL() throws CertificateException, IOException, KeyStoreException,
            NoSuchAlgorithmException, KeyManagementException {
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        InputStream in = getAssets().open("ca.crt");
        Certificate ca = cf.generateCertificate(in);

        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
        keystore.load(null, null);
        keystore.setCertificateEntry("ca", ca);

        String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
        tmf.init(keystore);

        // Create an SSLContext that uses our TrustManager
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, tmf.getTrustManagers(), null);
        URL url = new URL("https://certs.cac.washington.edu/CAtest/");
//        URL url = new URL("https://github.com");
        HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
        urlConnection.setSSLSocketFactory(context.getSocketFactory());
        InputStream input = urlConnection.getInputStream();

        BufferedReader reader = new BufferedReader(new InputStreamReader(input, "UTF-8"));
        StringBuffer result = new StringBuffer();
        String line = "";
        while ((line = reader.readLine()) != null) {
            result.append(line);
        }
        Log.e("TTTT", result.toString());
    }
2、客戶端信任所有https,免證書驗證
public void initSSLALL() throws KeyManagementException, NoSuchAlgorithmException, IOException {
//        URL url = new URL("https://certs.cac.washington.edu/CAtest/");
        URL url = new URL("https://github.com");
        SSLContext context = SSLContext.getInstance("TLS");
        context.init(null, new TrustManager[]{new TrustAllManager()}, null);
        HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
        HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {

            @Override
            public boolean verify(String arg0, SSLSession arg1) {
                return true;
            }
        });
        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
        connection.setDoInput(true);
        connection.setDoOutput(false);
        connection.setRequestMethod("GET");
        connection.connect();
        InputStream in = connection.getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(in));
        String line = "";
        StringBuffer result = new StringBuffer();
        while ((line = reader.readLine()) != null) {
            result.append(line);
        }
        Log.e("TTTT", result.toString());
    }