java androidOKHttp HTTPS 请求证书验证 PFX证书(2)
2016-11-25 11:33
627 查看
地址:http://blog.csdn.net/doubleping/article/details/53332665
HTTPS 请求证书验证 PFX证书(2)的使用
PFX Load 关键代码
完整代码:
HTTPS 请求证书验证 PFX证书(2)的使用
PFX Load 关键代码
... KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(in, password); ..... TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); SSLContext ssContext = SSLContext.getInstance("TLS"); ssContext.init(null,trustManagers,null); ... client = new OkHttpClient.Builder() .sslSocketFactory(sslSocketFactory).hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }) .build(); ...
完整代码:
import android.content.Context; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.util.Arrays; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import okhttp3.CertificatePinner; import okhttp3.OkHttpClient; public final class CustomTrust { public static final String tag = "CustomTrust"; private static final String CLIENT_KET_PASSWORD = "23234244224"; public final OkHttpClient client; Context context; public CustomTrust(Context context) { this.context = context; X509TrustManager trustManager; SSLSocketFactory sslSocketFactory=null; // trustManager = new X509TrustManager() { // @Override // public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException { // // } // // @Override // public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException { // // } // // @Override // public X509Certificate[] getAcceptedIssuers() { // return new X509Certificate[0]; // } // }; try { // trustManager = trustManagerForCertificates(trustedCertificatesInputStream()); SSLContext sslContext = trustManagerForCertificates(trustedCertificatesInputStream()); //SSLContext.getInstance("TLS"); // sslContext = SSLContext.getInstance("SSL"); // sslContext.init(null,new X509TrustManager[]{trustManager},null); sslSocketFactory = sslContext.getSocketFactory(); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } catch (IOException e) { e.printStackTrace(); } client = new OkHttpClient.Builder() .sslSocketFactory(sslSocketFactory).hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }) .build(); } /** * Returns an input stream containing one or more certificate PEM files. This implementation just * embeds the PEM files in Java strings; most applications will instead read this from a resource * file that gets bundled with the application. */ private InputStream trustedCertificatesInputStream() { // PEM files for root certificates of Comodo and Entrust. These two CAs are sufficient to view // https://publicobject.com (Comodo) and https://squareup.com (Entrust). But they aren't // sufficient to connect to most HTTPS sites including https://godaddy.com and https://visa.com. // Typically developers will need to get a PEM file from their organization's TLS administrator. return context.getResources().openRawResource(R.raw.a22323) ; /*return new Buffer() .writeUtf8(comodoRsaCertificationAuthority) .writeUtf8(entrustRootCertificateAuthority) .inputStream();*/ } /** * Returns a trust manager that trusts {@code certificates} and none other. HTTPS services whose * certificates have not been signed by these certificates will fail with a {@code * SSLHandshakeException}. * * <p>This can be used to replace the host platform's built-in trusted certificates with a custom * set. This is useful in development where certificate authority-trusted certificates aren't * available. Or in production, to avoid reliance on third-party certificate authorities. * * <p>See also {@link CertificatePinner}, which can limit trusted certificates while still using * the host platform's built-in trust store. * * <h3>Warning: Customizing Trusted Certificates is Dangerous!</h3> * * <p>Relying on your own trusted certificates limits your server team's ability to update their * TLS certificates. By installing a specific set of trusted certificates, you take on additional * operational complexity and limit your ability to migrate between certificate authorities. Do * not use custom trusted certificates in production without the blessing of your server's TLS * administrator. */ private SSLContext trustManagerForCertificates(InputStream in) throws GeneralSecurityException, IOException { // Put the certificates a key store. char[] password = CLIENT_KET_PASSWORD.toCharArray(); // Any password will work. KeyStore keyStore = newEmptyKeyStore(password); keyStore.load(in,CLIENT_KET_PASSWORD.toCharArray()); // Use it to build an X509 trust manager. KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(keyStore, password); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers)); } SSLContext ssContext = SSLContext.getInstance("TLS"); ssContext.init(keyManagerFactory.getKeyManagers(),trustManagers,null); return ssContext; } private KeyStore newEmptyKeyStore(char[] password) throws GeneralSecurityException { try { KeyStore keyStore = KeyStore.getInstance("PKCS12"); InputStream in = null; // By convention, 'null' creates an empty key store. keyStore.load(in, password); return keyStore; } catch (IOException e) { throw new AssertionError(e); } } // public static void main(String... args) throws Exception { // new CustomTrust().run(); // } }
相关文章推荐
- java Android OKHttp HTTPS 请求证书验证 PEM证书(1)
- java请求https地址如何绕过证书验证?
- java 请求https接口 证书验证
- java 关于httpclient 请求https (如何绕过证书验证)
- OKHttp请求https证书验证
- java 关于httpclient 请求https (如何绕过证书验证)
- Java使用HttpsURLConnection进行Get和Post请求(绕过证书验证)
- OKHttp HTTPS 请求支持所有Https服务器 证书验证忽略客户端证书,(3)
- Android下OkHttp请求自定义HTTPS证书接口设置
- OKHttp HTTPS 请求证书验证 PEM证书
- Https双向验证证书:Android+OpenSSL
- java访问未验证证书的HTTPS
- java,android中https请求调用使用安全的方式
- C#创建https请求并使用pfx证书
- C#创建https请求并使用pfx证书
- Android:Https跳过证书验证、Https使用证书、HttpClient、
- java访问未验证证书的HTTPS
- Java进行https请求需要证书的问题 unable to find valid certification path to requested target
- iOS https请求 忽略证书验证
- C#创建https请求并使用pfx证书