https自签名证书验证相关代码
2017-06-22 17:15
387 查看
import java.io.IOException; import java.io.InputStream; import java.net.URL; import java.security.KeyStore; import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import okhttp3.OkHttpClient; public class SafeOkHttp { /** * 访问在认证机构有认证的https访问 * @param hostHome 需要访问的地址 * @return OkHttpClient */ public static OkHttpClient getUnsafeOkHttpClient(final String hostHome) { try { // Create a trust manager that does not validate certificate chains final TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() { @Override public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException { } @Override public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } }}; // Install the all-trusting trust manager final SSLContext sslContext = SSLContext.getInstance("SSL"); sslContext.init(null, trustAllCerts, new java.security.SecureRandom()); // Create an ssl socket factory with our all-trusting manager final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory(); OkHttpClient okHttpClient = new OkHttpClient.Builder().sslSocketFactory(sslSocketFactory).hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { if (hostname.equals(hostHome)) return true; else return false; } }).build(); return okHttpClient; } catch (Exception e) { throw new RuntimeException(e); } } /** * 获取带有制定输入流的认证证书的 OkHttpClient * 构造CertificateFactory对象,通过它的generateCertificate(is)方法得到Certificate。 * 然后讲得到的Certificate放入到keyStore中。 * 接下来利用keyStore去初始化我们的TrustManagerFactory * 由trustManagerFactory.getTrustManagers获得TrustManager[]初始化我们的SSLContext * 最后,设置我们mOkHttpClient.setSslSocketFactory即可。 * @param certificates 证书输入流 * @return OkHttpClient * @throws Exception */ public static OkHttpClient setCertificates(final URL url,InputStream... certificates) throws Exception { CertificateFactory factory = CertificateFactory.getInstance("X.509"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); int index = 0; for (InputStream is : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, factory.generateCertificate(is)); try { if (is != null) { is.close(); } } catch (IOException e) { e.printStackTrace(); } } SSLContext sslContent = SSLContext.getInstance("TLS"); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); sslContent.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom()); OkHttpClient client = new OkHttpClient.Builder().sslSocketFactory(sslContent.getSocketFactory()).hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { if (hostname.equals(url.getHost())){ return true; } return false; } }).build(); return client; } /** * 双向证书验证 * 详见:Https的证书生成和相关代码 * 获取带有制定输入流的认证证书的 OkHttpClient * @param certificates 证书输入流 * @return OkHttpClient * @throws Exception */ public static OkHttpClient setCertificatesTwo(final URL url,InputStream keyClient,String password,InputStream... certificates) throws Exception { //初始化公钥 CertificateFactory factory = CertificateFactory.getInstance("X.509"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); int index = 0; for (InputStream is : certificates) { String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, factory.generateCertificate(is)); try { if (is != null) { is.close(); } } catch (IOException e) { e.printStackTrace(); } } TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); //初始化Android端的密钥 KeyStore keyClientStore = KeyStore.getInstance("PKCS12"); keyClientStore.load(keyClient, password.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyClientStore,password.toCharArray()); // KeyManager keyManager = new MyX509KeyManager(keyClientStore,password,keyManagerFactory.getKeyManagers()); // KeyManager[] keyManagerArray = keyManagerFactory.getKeyManagers(); // keyManagerArray[0] = keyManager; SSLContext sslContent = SSLContext.getInstance("TLS"); sslContent.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom()); OkHttpClient client = new OkHttpClient.Builder().sslSocketFactory(sslContent.getSocketFactory()).hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { if (hostname.equals(url.getHost())){ return true; } return false; } }).build(); return client; } }
Java平台默认识别jks格式的证书文件,但是android平台只识别bks格式的证书文件
去Portecle下载Download portecle-1.9.zip (3.4
MB)。
解压后,里面包含
bcprov.jar文件,使用jave -jar bcprov.jar即可打开GUI界面
张鸿洋https详解,包含如何生成自签名证书
相关文章推荐
- openssl 简单的https验证 自签名证书
- Https与Http,SSL,DevOps, 静态代码分析工具,RFID, SSH, 非对称加密算法(使用最广泛的一种是RSA), 数字签名, 数字证书
- curl请求https禁止验证证书(钉钉机器人php测试代码)
- 验证证书签名 与CSp相关
- 编程实现可执行文件的数字签名验证及证书安装
- JSSE访问带有未验证证书的HTTPS
- OpenSSL学习之使用个人信息数字证书(PFX)进行签名和验证
- java数字签名(签名生成,用证书验证签名)
- JSSE访问带有未验证证书的HTTPS
- iphone代码签名相关
- .NET中RAS加解密和签名与验证的c#实现代码讲解,及实现程序提供
- .NET中RAS加解密和签名与验证的c#实现代码讲解,及实现程序提供——转自《起跑线的专栏》
- 【签名】和【证书】 相关问题的解释
- java数字签名(签名生成,用证书验证签名)
- VC++2010基于windows Sdk for windows7 开发CrytoAPI应用--用数字证书签名消息并验证消息签名
- 调用Https WebService发布后使用时报“基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系”证书验证失败的解决过程(3)
- 网络安全系列连载(5)利用数字证书进行代码签名
- java数字签名(签名生成,用证书验证签名)
- 使用Microsoft CryptoAPI进行加密、解密、签名及验证(代码)
- java数字签名(签名生成,用证书验证签名)