Android之HttpsURLConnection访问网络(android https协议)
2015-04-06 15:03
477 查看
Android之HttpsURLConnection访问网络(android https协议)
android 基于https协议(HttpsURLConnection)的网络访问:
由于HttpsURLConnection是HttpURLConnection的子类,在这里就不多作介绍了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(当前
项目中是http、https都可以访问,所以采用的是HttpURLConnection)
在这里值得注意的是:
1. 本人没用研究过X509HostnameVerifier这个接口,就直接重写了X509HostnameVerifier这个接口,
把它唯一的方法写为空,直接return ture;结果一直抛:CertificationException: Trust anchor
for certification path not found,根据字面意思是指数字签名证书找不到,后来无意中在网上
看到一句这样的代码(当然这安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
设置签名证书为所有主机验证通过,然后再设置下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最后此异常它不抛了。。。。嘿嘿,由此我猜:这个东西可能是指对安全验证的过滤(也可说的安全
级别的设置)
2. 在android中,目前只支持数字签名证书为BKS的格式,如果其它格式的话需要转换,转换就不说了,
网上一大堆。如果有异常为:KeyStore JKSimplementation not found的话一般就是这个原因了。
3. 通过SSLContext.getInstance("TLS")来获取SSL上下文,这个有些不太明白为什么"SSL"和"TLS"有
什么区别,谁知道的话告诉我一下.
[java] view
plaincopy
public class NetHelper {
public static final String DOMAIN_LIST = "RestService/User/DomainList";
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLContext sslContext = null;
InputStream in = null;
public NetHelper() {
try {
MyX509TrustManager mtm = new MyX509TrustManager();
TrustManager[] tms = new TrustManager[] { mtm };
// 初始化X509TrustManager中的SSLContext
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
// 为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* 取Domain
*/
public InputStream getDomainList(String path) throws Exception {
String uri = path + DOMAIN_LIST;
Log.i("sys", uri);
URL url = new URL(uri);
HttpURLConnection conn = null;//也可用HttpsURLConnection,但将不可进行http访问
//if(uri.contains("https")){
// conn = (HttpsURLConnection) url.openConnection();
//}else
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.setDoOutput(true);
conn.setDoInput(true);
// 设置连接超时时间
conn.setConnectTimeout(4 * 1000);
conn.setRequestProperty("Content-Type", "text/xml");
conn.connect();
in = conn.getInputStream();
return in;
}
}
还需自定义X509TrustManager:
注:通过实现X509TrustManager来定义了证书管理器,对服务器和客户端进行验证方法,
把所有的方法写成空(如果有的话则需要验证),还需要定义我们的KeyStore来源数字
签名证书文件)。然后初始化证书管理工厂,并调用getTrustManagers()方法来获取这个
管理器
[java] view
plaincopy
public class MyX509TrustManager implements X509TrustManager {
X509TrustManager myJSSEX509TrustManager;
public MyX509TrustManager() throws Exception {
KeyStore ks = KeyStore.getInstance("BKS");
// ks.load(new FileInputStream("trustedCerts"),
// "passphrase".toCharArray()); //----> 这是加载自己的数字签名证书文件和密码,在这里这里没有,所以不需要
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
myJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
// .getAcceptedIssuers();
// return acceptedIssuers;
return null;
}
}
先记到这里,以后发现错误再改,留给自己以后懂了再来看看改
android 基于https协议(HttpsURLConnection)的网络访问:
由于HttpsURLConnection是HttpURLConnection的子类,在这里就不多作介绍了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(当前
项目中是http、https都可以访问,所以采用的是HttpURLConnection)
在这里值得注意的是:
1. 本人没用研究过X509HostnameVerifier这个接口,就直接重写了X509HostnameVerifier这个接口,
把它唯一的方法写为空,直接return ture;结果一直抛:CertificationException: Trust anchor
for certification path not found,根据字面意思是指数字签名证书找不到,后来无意中在网上
看到一句这样的代码(当然这安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
设置签名证书为所有主机验证通过,然后再设置下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最后此异常它不抛了。。。。嘿嘿,由此我猜:这个东西可能是指对安全验证的过滤(也可说的安全
级别的设置)
2. 在android中,目前只支持数字签名证书为BKS的格式,如果其它格式的话需要转换,转换就不说了,
网上一大堆。如果有异常为:KeyStore JKSimplementation not found的话一般就是这个原因了。
3. 通过SSLContext.getInstance("TLS")来获取SSL上下文,这个有些不太明白为什么"SSL"和"TLS"有
什么区别,谁知道的话告诉我一下.
[java] view
plaincopy
public class NetHelper {
public static final String DOMAIN_LIST = "RestService/User/DomainList";
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLContext sslContext = null;
InputStream in = null;
public NetHelper() {
try {
MyX509TrustManager mtm = new MyX509TrustManager();
TrustManager[] tms = new TrustManager[] { mtm };
// 初始化X509TrustManager中的SSLContext
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
// 为javax.net.ssl.HttpsURLConnection设置默认的SocketFactory和HostnameVerifier
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* 取Domain
*/
public InputStream getDomainList(String path) throws Exception {
String uri = path + DOMAIN_LIST;
Log.i("sys", uri);
URL url = new URL(uri);
HttpURLConnection conn = null;//也可用HttpsURLConnection,但将不可进行http访问
//if(uri.contains("https")){
// conn = (HttpsURLConnection) url.openConnection();
//}else
conn = (HttpURLConnection) url.openConnection();
conn.setRequestMethod("GET");
conn.setDoOutput(true);
conn.setDoInput(true);
// 设置连接超时时间
conn.setConnectTimeout(4 * 1000);
conn.setRequestProperty("Content-Type", "text/xml");
conn.connect();
in = conn.getInputStream();
return in;
}
}
还需自定义X509TrustManager:
注:通过实现X509TrustManager来定义了证书管理器,对服务器和客户端进行验证方法,
把所有的方法写成空(如果有的话则需要验证),还需要定义我们的KeyStore来源数字
签名证书文件)。然后初始化证书管理工厂,并调用getTrustManagers()方法来获取这个
管理器
[java] view
plaincopy
public class MyX509TrustManager implements X509TrustManager {
X509TrustManager myJSSEX509TrustManager;
public MyX509TrustManager() throws Exception {
KeyStore ks = KeyStore.getInstance("BKS");
// ks.load(new FileInputStream("trustedCerts"),
// "passphrase".toCharArray()); //----> 这是加载自己的数字签名证书文件和密码,在这里这里没有,所以不需要
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
myJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
// sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
// .getAcceptedIssuers();
// return acceptedIssuers;
return null;
}
}
先记到这里,以后发现错误再改,留给自己以后懂了再来看看改
相关文章推荐
- Android之HttpsURLConnection访问网络(android https协议)
- Android 4.x 在 https 协议下无法利用 okhttp 进行网络访问的临时解决办法
- Android学习指南之三十:使用URLConnection和HttpClient访问网络的方法
- Android http https访问网络及资源
- android 网络协议等socket,http,HTTPS,get。post请求 等详解
- Android Http协议访问网络
- Android解决okhttpUtils框架无法在4.4.4以下系统访问https协议的问题
- android 7.0 使用 webview 访问 https 协议的网址,界面显示空白,其他android版本正常。
- Android Http协议访问网络实例(3种)
- 关于Android中https的网络访问的问题z
- Android - HTTP 协议访问网络
- Android网络连接,HttpsURLConnection还是ApacheHTTPClient?
- Android访问Https协议的接口
- android HTTPURLConnection解决不能访问HTTPs请求
- android HTTPURLConnection解决不能访问HTTPs请求
- Android网络访问之http、https、 cookie的使用
- Android HttpsURLConnection get、post 访问网络
- 【Android 网络协议 三】HTTPS协议
- Android中进行基于HTTP协议的网络访问基础
- android HTTPURLConnection解决不能访问Https请求