在安卓开发中需要自己写代码实现校验公钥的功能
当然, 如果是自己服务器,就不用校验,
如果是别人的服务器,比如银行,就需要校验
在这里, 小编采用从github上下载的开源框架实现,在开源框架中添加部分代码
下载到开源框架后, 在 AsyncHttpClient.java文件中添加
找到215行代码, 在这里添加校验的代码
证书文件需要拷贝到src的根目录
//在这里添加一段 代码, 实现 https 连接, 检验 , 主要是去校验 证书的合法性
try {
InputStream ins = AsyncHttpClient.class.getClassLoader()
.getResourceAsStream("hehe.cer"); // 这个文件就是网站的公钥 CertificateFactory cerFactory = CertificateFactory
.getInstance("X.509");// X.509 公钥文件 .pk8 私钥文件的扩展名
Certificate cer = cerFactory.generateCertificate(ins);
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
SSLSocketFactory socketFactory = new SSLSocketFactory(keyStore);
schemeRegistry.register(new Scheme("https", socketFactory,
httpsPort)); } catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
} return schemeRegistry;
还有不校验的代码
//在这里添加一段 代码, 实现 https 连接, 不检验
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory sf = new SSLSocketFactoryEx(trustStore);
//相当于 不在校验数据的合法性
sf.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); // 允许所有主机的验证
schemeRegistry.register(new Scheme("https", sslSocketFactory,
httpsPort));
schemeRegistry.register(new Scheme("https",sf, httpsPort));
} catch (Exception e) {
e.printStackTrace();
} return schemeRegistry;
注意,
在拷贝代码的过程中 SSLSocketFactory 需要自己创建出来, 代码如下:
package com.loopj.android.http; import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException; import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager; import org.apache.http.conn.ssl.SSLSocketFactory; class SSLSocketFactoryEx extends SSLSocketFactory { SSLContext sslContext = SSLContext.getInstance("TLS"); public SSLSocketFactoryEx(KeyStore truststore)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException {
super(truststore); TrustManager tm = new X509TrustManager() { @Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
} @Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException { } @Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] chain,
String authType)
throws java.security.cert.CertificateException { }
}; sslContext.init(null, new TrustManager[] { tm }, null);
} @Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host,
port, autoClose);
} @Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
}