android 基於https協議(HttpsURLConnection)的網路訪問:
由於HttpsURLConnection是HttpURLConnection的子類,在這裡就不多作介紹了,
如果需要,可直接把下面的HttpURLConnection改成HttpsURLConnection即可(當前
項目中是http、https都可以訪問,所以採用的是HttpURLConnection)
在這裡值得注意的是:
1.本人沒用研究過X509HostnameVerifier這個介面,就直接重寫了X509HostnameVerifier這個介面,
把它唯一的方法寫為空白,直接return ture;結果一直拋:CertificationException: Trust anchor
for certification path not found,根據字面意思是指數位簽章認證找不到,後來無意中在網上
看到一句這樣的代碼(當然這安全性低):
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
設定簽署憑證為所有主機驗證通過,然後再設定下面:
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
最後此異常它不拋了。。。。嘿嘿,由此我猜:這個東西可能是指對安全驗證的過濾(也可說的安全
層級的設定)
2.在android中,目前只支援數位簽章認證為BKS的格式,如果其它格式的話需要轉換,轉換就不說了,
網上一大堆。如果有異常為:KeyStore JKSimplementation not found的話一般就是這個原因了。
3.通過SSLContext.getInstance("TLS")來擷取SSL上下文,這個有些不太明白為什麼"SSL"和"TLS"有
什麼區別,誰知道的話告訴我一下.
public class NetHelper {
public static final String DOMAIN_LIST = "RestService/User/DomainList";
X509HostnameVerifier hostnameVerifier = SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLContext sslContext = null;
InputStream in = null;
public NetHelper() {
try {
MyX509TrustManager mtm = new MyX509TrustManager();
TrustManager[] tms = new TrustManager[] { mtm };
// 初始化X509TrustManager中的SSLContext
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tms, new java.security.SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
// 為javax.net.ssl.HttpsURLConnection設定預設的SocketFactory和HostnameVerifier
if (sslContext != null) {
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext
.getSocketFactory());
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
}
/*
* 取Domain
*/
public InputStream getDomainList(String path) throws Exception {
String uri = path + DOMAIN_LIST;
Log.i("sys", uri);
URL url = new URL(uri);
HttpURLConnection conn = null;//也可用HttpsURLConnection,但將不可進行http訪問
//if(uri.contains("https")){
// conn = (HttpsURLConnection) url.openConnection();
//}else
conn = (HttpURLConnection) url.openConnection();conn.setRequestMethod("GET");
conn.setDoOutput(true);
conn.setDoInput(true);
// 設定連線逾時時間
conn.setConnectTimeout(4 * 1000);
conn.setRequestProperty("Content-Type", "text/xml");
conn.connect();
in = conn.getInputStream();
return in;
}
}
還需自訂X509TrustManager:
註:通過實現X509TrustManager來定義了Cert Manager,對伺服器和用戶端進行驗證方法,
把所有的方法寫成空(如果有的話則需要驗證),還需要定義我們的KeyStore來源數字
簽署憑證檔案)。然後初始化認證管理工廠,並調用getTrustManagers()方法來擷取這個
管理器
public class MyX509TrustManager implements X509TrustManager {
X509TrustManager myJSSEX509TrustManager;
public MyX509TrustManager() throws Exception {
KeyStore ks = KeyStore.getInstance("BKS");
// ks.load(new FileInputStream("trustedCerts"),
// "passphrase".toCharArray()); //----> 這是載入自己的數位簽章認證檔案和密碼,在這裡這裡沒有,所以不需要
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ks);
TrustManager tms[] = tmf.getTrustManagers();
for (int i = 0; i < tms.length; i++) {
if (tms[i] instanceof X509TrustManager) {
myJSSEX509TrustManager = (X509TrustManager) tms[i];
return;
}
}
}
@Override
public void checkClientTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkClientTrusted(arg0, arg1);
}
@Override
public void checkServerTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// sunJSSEX509TrustManager.checkServerTrusted(arg0, arg1);
}
@Override
public X509Certificate[] getAcceptedIssuers() {
// X509Certificate[] acceptedIssuers = sunJSSEX509TrustManager
// .getAcceptedIssuers();
// return acceptedIssuers;
return null;
}
}
先記到這裡,以後發現錯誤再改,留給自己以後懂了再來看看改
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
