Android开发中实现https校验

在安卓开发中需要自己写代码实现校验公钥的功能

当然, 如果是自己服务器，就不用校验,

如果是别人的服务器，比如银行，就需要校验

在这里, 小编采用从github上下载的开源框架实现,在开源框架中添加部分代码





下载到开源框架后, 在 AsyncHttpClient.java文件中添加



找到215行代码, 在这里添加校验的代码

证书文件需要拷贝到src的根目录

//在这里添加一段 代码, 实现 https 连接,   检验  , 主要是去校验 证书的合法性
try {
InputStream ins = AsyncHttpClient.class.getClassLoader()
.getResourceAsStream("hehe.cer"); // 这个文件就是网站的公钥

CertificateFactory cerFactory = CertificateFactory
.getInstance("X.509");// X.509 公钥文件 .pk8 私钥文件的扩展名
Certificate cer = cerFactory.generateCertificate(ins);
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
schemeRegistry.register(new Scheme("https", socketFactory,
httpsPort));

} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}

return schemeRegistry;

还有不校验的代码

//在这里添加一段 代码, 实现 https 连接,  不检验
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
//相当于 不在校验数据的合法性
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // 允许所有主机的验证
schemeRegistry.register(new Scheme("https", sslSocketFactory,
httpsPort));
schemeRegistry.register(new Scheme("https",sf, httpsPort));
} catch (Exception e) {
e.printStackTrace();
}

return schemeRegistry;

注意,

在拷贝代码的过程中 SSLSocketFactory 需要自己创建出来, 代码如下:

package com.loopj.android.http;

import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;

import org.apache.http.conn.ssl.SSLSocketFactory;

class SSLSocketFactoryEx extends SSLSocketFactory {

SSLContext sslContext = SSLContext.getInstance("TLS");

public SSLSocketFactoryEx(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore);

TrustManager tm = new X509TrustManager() {

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}

@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {

}

@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException {

}
};

sslContext.init(null, new TrustManager[] { tm }, null);
}

@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host,
port, autoClose);
}

@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}