Android平臺上經常有使用https的需求,對於https伺服器使用的根證書是受信任的證書的話,實現https是非常簡單的,直接用httpclient庫就行了,與使用http幾乎沒有區別。但是在大多數情況下,伺服器所使用的根證書是自簽名的,或者簽名機構不在裝置的信任證書列表中,這樣使用httpclient進行https連線就會失敗。解決這個問題的辦法有兩種,一是在發起https連線之前將伺服器證書加到httpclient的信任證書列表中,這個相對來說比較複雜一些,很容易出錯;另一種辦法是讓httpclient信任所有的伺服器證書,這種辦法相對來說簡單很多,但安全性則差一些,但在某些場合下有一定的應用場景。這裡要舉例說明的就是後一種方法:例項化HttpClinet物件時要進行一些處理主要是繫結https連線所使用的埠號,這裡綁定了443和8443:

SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(new Scheme("https",
                    new EasySSLSocketFactory(), 443));
schemeRegistry.register(new Scheme("https",
                    new EasySSLSocketFactory(), 8443));
ClientConnectionManager connManager = new ThreadSafeClientConnManager(params, schemeRegistry);
HttpClient httpClient = new DefaultHttpClient(connManager, params);


上面的EasySSLSocketFactory類是我們自定義的,主要目的就是讓httpclient接受所有的伺服器證書,能夠正常的進行https資料讀取。相關程式碼如下:

public class EasySSLSocketFactory implements SocketFactory,
        LayeredSocketFactory {

    private SSLContext sslcontext = null;

    private static SSLContext createEasySSLContext() throws IOException {
        try {
            SSLContext context = SSLContext.getInstance("TLS");
            context.init(null, new TrustManager[] { new EasyX509TrustManager(
                    null) }, null);
            return context;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private SSLContext getSSLContext() throws IOException {
        if (this.sslcontext == null) {
            this.sslcontext = createEasySSLContext();
        }
        return this.sslcontext;
    }

   
    public Socket connectSocket(Socket sock, String host, int port,
            InetAddress localAddress, int localPort, HttpParams params)
            throws IOException, UnknownHostException, ConnectTimeoutException {
        int connTimeout = HttpConnectionParams.getConnectionTimeout(params);
        int soTimeout = HttpConnectionParams.getSoTimeout(params);

        InetSocketAddress remoteAddress = new InetSocketAddress(host, port);
        SSLSocket sslsock = (SSLSocket) ((sock != null) ? sock : createSocket());

        if ((localAddress != null) || (localPort > 0)) {
            // we need to bind explicitly
            if (localPort < 0) {
                localPort = 0; // indicates "any"
            }
            InetSocketAddress isa = new InetSocketAddress(localAddress,
                    localPort);
            sslsock.bind(isa);
        }

        sslsock.connect(remoteAddress, connTimeout);
        sslsock.setSoTimeout(soTimeout);
        return sslsock;

    }

   
    public Socket createSocket() throws IOException {
        return getSSLContext().getSocketFactory().createSocket();
    }

   
    public boolean isSecure(Socket socket) throws IllegalArgumentException {
        return true;
    }

   
    public Socket createSocket(Socket socket, String host, int port,
            boolean autoClose) throws IOException, UnknownHostException {
        return getSSLContext().getSocketFactory().createSocket(socket, host,
                port, autoClose);
    }

    // -------------------------------------------------------------------
    // javadoc in org.apache.http.conn.scheme.SocketFactory says :
    // Both Object.equals() and Object.hashCode() must be overridden
    // for the correct operation of some connection managers
    // -------------------------------------------------------------------

    public boolean equals(Object obj) {
        return ((obj != null) && obj.getClass().equals(
                EasySSLSocketFactory.class));
    }

    public int hashCode() {
        return EasySSLSocketFactory.class.hashCode();
    }
}

public class EasyX509TrustManager implements X509TrustManager {

    private X509TrustManager standardTrustManager = null;

   
    public EasyX509TrustManager(KeyStore keystore)
            throws NoSuchAlgorithmException, KeyStoreException {
        super();
        TrustManagerFactory factory = TrustManagerFactory
               .getInstance(TrustManagerFactory.getDefaultAlgorithm());
        factory.init(keystore);
        TrustManager[] trustmanagers = factory.getTrustManagers();
        if (trustmanagers.length == 0) {
            throw new NoSuchAlgorithmException("no trust manager found");
        }
        this.standardTrustManager = (X509TrustManager) trustmanagers[0];
    }

   
    public void checkClientTrusted(X509Certificate[] certificates,
            String authType) throws CertificateException {
        standardTrustManager.checkClientTrusted(certificates, authType);
    }

   
    public void checkServerTrusted(X509Certificate[] certificates,
            String authType) throws CertificateException {
        if ((certificates != null) && (certificates.length == 1)) {
            certificates[0].checkValidity();
        } else {
            standardTrustManager.checkServerTrusted(certificates, authType);
        }
    }

   
    public X509Certificate[] getAcceptedIssuers() {
        return this.standardTrustManager.getAcceptedIssuers();
    }
}