android SSLsocket建立连接,不需要非要使用.bks类型的证书秘钥文件
2017-11-06 16:27
633 查看
Sslsocket连接,主要是秘钥格式等的加载问题。
遇到的问题,服务器端是linux系统生成的秘钥文件除了需要的一串字符串外还有一个头部,要去掉那个头部才行。
例子:
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJBVTET
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMB4XDTE3MTAyNTA4NDQ1MloXDTI3MTAyMzA4NDQ1MlowRTELMAkGA1UE
BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMS6
QqE6L0dl2ceRl/GIFBO0LQzicwQ/7xRzLQJ8ksjGlckrKzay7FAFVFJoziWEdnmJ
ZrUp/aH4rI/KpLqBloV8WC5bN5kHAtp7/n1q42kqkt1puxtsC9SUgTY38lPvS/ml
Tw3mLJ/SlEwvkd0PuTFl04GcGVTFjcEfPQi8xGkYBFr2BjFhJZpXXAgMTXHZYK9X
Ly3gpyI7+v9jotvFN8vDVQadp/Wu2Bb1NTNzbdkqJbzKdXyreXZ6pLOK+xd9/WoB
UcA0QjYlbfXuaso8/4cCAwEAAaOBvDCBuTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU2bR3
b5aqZ+6SixiKKS+9ax3CtqEwXwYDVR0jBFgwVqFJpEcwRTELMAkGA1UEBhMCQVUx
EzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAJ/+/m3aZgC5MA0GCSqGSIb3DQEBCwUAA4IBAQA57z9N1PuHn6Xw
iRxTAdI0QlEuoGMrL4dZidbCSqV7Z6KM82iNwVKbgp210CkY5hPMzkk+41MQL8ar
uugxgrXF6+qun6XRexPOWXuM+3xYcU75b9vdz/pZBTlSyIY3FR6zRnJKRN0x3PKX
-----END CERTIFICATE-----
得是这样的才行,有其他东西的不行。
public void sslSocket() {
if (sslSocket
!= null) {
try {
sslSocket.close();
} catch (IOException e) {
e.printStackTrace();
}
sslSocket =
null;
}
try {
// Loading CAs from an InputStream
CertificateFactory cf;
cf = CertificateFactory.getInstance("X.509");
final X509Certificate server_ca;
InputStream cert = mContext.getResources().openRawResource(R.raw.server);
server_ca = (X509Certificate) cf.generateCertificate(cert);
cert.close();
// Creating a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null,
null);
keyStore.setCertificateEntry("ca-certificate", server_ca);
InputStream pkcs12in = mContext.getResources().openRawResource(R.raw.client);
KeyStore pKeyStore = KeyStore.getInstance("PKCS12");
pKeyStore.load(pkcs12in, AppConstant.PASSWORD_FOR_PKCS12.toCharArray());
// Creating a TrustManager that trusts the CAs in our KeyStore.
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(pKeyStore, null);
pkcs12in.close();
// Creating an SSLSocketFactory that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(/*AppConstant.SERVER_IP, AppConstant.TCP_CONNECT_PORT*/);
sslSocket.setSoTimeout(5000);
sslSocket.addHandshakeCompletedListener(new
HandshakeCompletedListener() {
@Override
public void
handshakeCompleted(HandshakeCompletedEvent event) {
Log.i(TAG,"ssl握手成功回调");
}
});
if (ipAddress
!= null && !ipAddress.equals("")) {
address =
new InetSocketAddress(ipAddress, AppConstant.TCP_CONNECT_PORT);
} else {
address =
new InetSocketAddress(AppConstant.SERVER_IP, AppConstant.TCP_CONNECT_PORT);
a636
}
sslSocket.connect(address, AppConstant.SERVER_CONNECT_TIMEOUT);
Log.e(TAG,
"init sslSocket success 创建socket"
+ address.toString());
} catch (Exception e) {
if(ipAddress!=null){
Log.i(TAG,"连接的ip不可用, ip="+ipAddress);
dataListener.onConnectDeviceFail(ipAddress);
}
e.printStackTrace();
}
}
步骤:
1.Loading CAs from an InputStream
2. Creating a KeyStore containing our trusted CAs
3. Creating a TrustManager that trusts the CAs in our KeyStore.
4. Creating an SSLSocketFactory that uses our TrustManager
这4步在代码中都有对应,之前网上有一遍文章说是非要bks的,看来那个人要被打脸了,我这个不用bks的
这里服务器端一个.cer证书文件
客户端一个.p12秘钥文件
都是由搞服务器的人提供
遇到的问题,服务器端是linux系统生成的秘钥文件除了需要的一串字符串外还有一个头部,要去掉那个头部才行。
例子:
-----BEGIN CERTIFICATE-----
MIIDwjCCAqqgAwIBAgIBATANBgkqhkiG9w0BAQsFADBFMQswCQYDVQQGEwJBVTET
MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
dHkgTHRkMB4XDTE3MTAyNTA4NDQ1MloXDTI3MTAyMzA4NDQ1MlowRTELMAkGA1UE
BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
ZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMS6
QqE6L0dl2ceRl/GIFBO0LQzicwQ/7xRzLQJ8ksjGlckrKzay7FAFVFJoziWEdnmJ
ZrUp/aH4rI/KpLqBloV8WC5bN5kHAtp7/n1q42kqkt1puxtsC9SUgTY38lPvS/ml
Tw3mLJ/SlEwvkd0PuTFl04GcGVTFjcEfPQi8xGkYBFr2BjFhJZpXXAgMTXHZYK9X
Ly3gpyI7+v9jotvFN8vDVQadp/Wu2Bb1NTNzbdkqJbzKdXyreXZ6pLOK+xd9/WoB
UcA0QjYlbfXuaso8/4cCAwEAAaOBvDCBuTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIB
DQQfFh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU2bR3
b5aqZ+6SixiKKS+9ax3CtqEwXwYDVR0jBFgwVqFJpEcwRTELMAkGA1UEBhMCQVUx
EzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMg
UHR5IEx0ZIIJAJ/+/m3aZgC5MA0GCSqGSIb3DQEBCwUAA4IBAQA57z9N1PuHn6Xw
iRxTAdI0QlEuoGMrL4dZidbCSqV7Z6KM82iNwVKbgp210CkY5hPMzkk+41MQL8ar
uugxgrXF6+qun6XRexPOWXuM+3xYcU75b9vdz/pZBTlSyIY3FR6zRnJKRN0x3PKX
-----END CERTIFICATE-----
得是这样的才行,有其他东西的不行。
public void sslSocket() {
if (sslSocket
!= null) {
try {
sslSocket.close();
} catch (IOException e) {
e.printStackTrace();
}
sslSocket =
null;
}
try {
// Loading CAs from an InputStream
CertificateFactory cf;
cf = CertificateFactory.getInstance("X.509");
final X509Certificate server_ca;
InputStream cert = mContext.getResources().openRawResource(R.raw.server);
server_ca = (X509Certificate) cf.generateCertificate(cert);
cert.close();
// Creating a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null,
null);
keyStore.setCertificateEntry("ca-certificate", server_ca);
InputStream pkcs12in = mContext.getResources().openRawResource(R.raw.client);
KeyStore pKeyStore = KeyStore.getInstance("PKCS12");
pKeyStore.load(pkcs12in, AppConstant.PASSWORD_FOR_PKCS12.toCharArray());
// Creating a TrustManager that trusts the CAs in our KeyStore.
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(pKeyStore, null);
pkcs12in.close();
// Creating an SSLSocketFactory that uses our TrustManager
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
sslSocket = (SSLSocket) sslContext.getSocketFactory().createSocket(/*AppConstant.SERVER_IP, AppConstant.TCP_CONNECT_PORT*/);
sslSocket.setSoTimeout(5000);
sslSocket.addHandshakeCompletedListener(new
HandshakeCompletedListener() {
@Override
public void
handshakeCompleted(HandshakeCompletedEvent event) {
Log.i(TAG,"ssl握手成功回调");
}
});
if (ipAddress
!= null && !ipAddress.equals("")) {
address =
new InetSocketAddress(ipAddress, AppConstant.TCP_CONNECT_PORT);
} else {
address =
new InetSocketAddress(AppConstant.SERVER_IP, AppConstant.TCP_CONNECT_PORT);
a636
}
sslSocket.connect(address, AppConstant.SERVER_CONNECT_TIMEOUT);
Log.e(TAG,
"init sslSocket success 创建socket"
+ address.toString());
} catch (Exception e) {
if(ipAddress!=null){
Log.i(TAG,"连接的ip不可用, ip="+ipAddress);
dataListener.onConnectDeviceFail(ipAddress);
}
e.printStackTrace();
}
}
步骤:
1.Loading CAs from an InputStream
2. Creating a KeyStore containing our trusted CAs
3. Creating a TrustManager that trusts the CAs in our KeyStore.
4. Creating an SSLSocketFactory that uses our TrustManager
这4步在代码中都有对应,之前网上有一遍文章说是非要bks的,看来那个人要被打脸了,我这个不用bks的
这里服务器端一个.cer证书文件
客户端一个.p12秘钥文件
都是由搞服务器的人提供
相关文章推荐
- 调用Https WebService发布后使用时报“基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系”证书验证失败的解决过程(3)
- 使用CloudFlare 的 PKI 工具集 cfssl 来生成 Certificate Authority (CA) 证书和秘钥文件
- Android中SSL通信中使用的bks格式证书的生成
- 使用 AndroidSocketClient 库建立 SSL 安全链接
- 在Android上实现SSL握手(客户端需要密钥和证书),实现服务器和客户端之间Socket交互
- 关于android中建立socket连接的一点小经验
- 驱动程序无法通过使用安全套接字层(SSL)加密与 SQL Server 建立安全连接 错误解决办法
- 使用Java与Flex建立Socket连接(已解决沙箱问题)
- 如何通过手机客户端Android、Iphone 等访问要求使用客户端证书SSL加密的https网站
- qt使用sslSocket及openssl生成证书__心得
- 主题:在Android上实现SSL握手(客户端需要密钥和证书),实现服务器和客户端之间Socket交互
- 使用SVCUTIL生成客户端代理类时:元数据包含无法解析的引用:“https: 无法为 SSL/TLS 安全通道与颁发机构“localhost”建立信任关系。基础连接已经关闭: 未能为 SSL/TL
- Android应用开发之使用Socket进行大文件断点上传续传
- 驱动程序无法通过使用安全套接字层(SSL)加密与SQL Server 建立安全连接
- android 通过局域网udp广播自动建立socket连接
- TOMCAT使用BKS类型证书问题解决
- "基础连接已经关闭: 未能为 SSL/TLS 安全通道建立信任关系"证书验证失败的解决过程(3)
- 转载:在Android上实现SSL握手(客户端需要密钥和证书),实现服务器和客户端之间Socket交互
- android开发(20) 使用adb建立pc和android设备之间的连接。usb连接方式。