Android HTTPS驗證和新增http頭資訊token認證
阿新 • • 發佈:2019-01-31
SchemeRegistry schemeRegistry = new SchemeRegistry(); schemeRegistry.register(new Scheme("http", PlainSocketFactory .getSocketFactory(), 80)); SSLSocketFactory sf = SSLSocketFactory.getSocketFactory(); try { KeyStore trustStore = KeyStore.getInstance(KeyStore .getDefaultType()); trustStore.load(null, null); sf = new SSLSocketFactoryEx(trustStore); sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // 允許所有主機的驗證 } catch (Exception e) { Log.e("erro", "SSLSocketFactory Error"); } schemeRegistry.register(new Scheme("https", sf, 443)); ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager( httpParams, schemeRegistry); DefaultHttpClient httpClient = new DefaultHttpClient(cm, httpParams);
上面的SSLSocketFactoryEx類主要目的就是讓httpclient接受所有的伺服器證書,能夠正常的進行https資料讀取。相關程式碼如下:
class SSLSocketFactoryEx extends SSLSocketFactory { SSLContext sslContext = SSLContext.getInstance("TLS"); public SSLSocketFactoryEx(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { super(truststore); TrustManager tm = new X509TrustManager() { @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted( java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { } @Override public void checkServerTrusted( java.security.cert.X509Certificate[] chain, String authType) throws java.security.cert.CertificateException { } }; sslContext.init(null, new TrustManager[] { tm }, null); } @Override public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException { return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose); } @Override public Socket createSocket() throws IOException { return sslContext.getSocketFactory().createSocket(); } }
新增http頭資訊token認證
有時候伺服器端需要傳遞token來驗證請求來源是否是受信任的,以增強安全性:
httppost.addHeader("Authorization", "your token"); //token認證
重點是有些伺服器要求將token轉化成Base64編碼。
於是 String token ="Basic " + Base64.encodeToString("your token".getBytes(), Base64.NO_WRAP);
注意,引數是 Base64.NO_WRAP,而不是Base64.DEFAULT
。而否則會返回 “400 Bad Request”,而得不到資料。