android中进行https连接的方式(源码)

如果不需要验证服务器端证书，直接照这里做

[java]
view plaincopyprint?

public class Demo extends Activity {
/** Called when the activity is first created. */
private TextView text;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
text = (TextView)findViewById(R.id.text);
GetHttps();
}

private void GetHttps(){
String https = " https://800wen.com/"; try{
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.connect();

BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null)
sb.append(line);

text.setText(sb.toString());

}catch(Exception e){
Log.e(this.getClass().getName(), e.getMessage());
}

}

private class MyHostnameVerifier implements HostnameVerifier{

@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub

return true;
}
}

private class MyTrustManager implements X509TrustManager{

@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub

}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub

}

@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub

return null;
}
}
}

public class Demo extends Activity {
/** Called when the activity is first created. */
private TextView text;
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.main);
text = (TextView)findViewById(R.id.text);
GetHttps();
}

private void GetHttps(){
String https = " https://800wen.com/"; try{
SSLContext sc = SSLContext.getInstance("TLS");
sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
conn.setDoOutput(true);
conn.setDoInput(true);
conn.connect();

BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));
StringBuffer sb = new StringBuffer();
String line;
while ((line = br.readLine()) != null)
sb.append(line);

text.setText(sb.toString());

}catch(Exception e){
Log.e(this.getClass().getName(), e.getMessage());
}

}

private class MyHostnameVerifier implements HostnameVerifier{

@Override
public boolean verify(String hostname, SSLSession session) {
// TODO Auto-generated method stub
return true;
}
}

private class MyTrustManager implements X509TrustManager{

@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub

}

@Override
public void checkServerTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
// TODO Auto-generated method stub

}

@Override
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return null;
}
}
}

如果需要验证服务器端证书（这样能够防钓鱼），我是这样做的，还有些问题问大牛：

a. 导出公钥。在浏览器上用https访问tomcat，查看其证书，并另存为一个文件(存成了X.509格式：xxxx.cer)

b. 导入公钥。把xxxx.cer放在Android的assets文件夹中，以方便在运行时通过代码读取此证书，留了两个问题给大牛：

[java]
view plaincopyprint?

AssetManager am = context.getAssets();
InputStream ins = am.open("robusoft.cer");
try {
//读取证书
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //问1

Certificate cer = cerFactory.generateCertificate(ins);
//创建一个证书库，并将证书导入证书库

KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); //问2

keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
return keyStore;
} finally {
ins.close();
}
//把咱的证书库作为信任证书库
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
Scheme sch = new Scheme("https", socketFactory, 443);
//完工
HttpClient mHttpClient = new DefaultHttpClient();
mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

AssetManager am = context.getAssets();
InputStream ins = am.open("robusoft.cer");
try {
//读取证书
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");  //问1
Certificate cer = cerFactory.generateCertificate(ins);
//创建一个证书库，并将证书导入证书库
KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");   //问2
keyStore.load(null, null);
keyStore.setCertificateEntry("trust", cer);
return keyStore;
} finally {
ins.close();
}
//把咱的证书库作为信任证书库
SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
Scheme sch = new Scheme("https", socketFactory, 443);
//完工
HttpClient mHttpClient = new DefaultHttpClient();
mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

问1：这里用"PKCS12"不行

答1：PKCS12和JKS是keystore的type，不是Certificate的type，所以X.509不能用PKCS12代替

问2：这里用"JKS"不行。

答2：android平台上支持的keystore type好像只有PKCS12，不支持JKS，所以不能用JKS代替在PKCS12，不过在windows平台上是可以代替的