1.需要server提供服务器端证书
2.到官网下载bcprov-ext-jdk15on-146.jar http://www.bouncycastle.org/
放置到Java\jdk1.8.0_20\jre\lib\ext
配置bcprov
在 jdk_home\jre\lib\security\目录中找到 java.security 在内容增加一行(数字可以自己定义)
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
3.生成android平台的证书(只支持BKS证书)
keytool -importcert -keystore test.bks -file test.cert -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
4.tcp socket 连接
public void connectTls(String ip, int port, int timeOut) throws Exception {
char[] password = "changeit".toCharArray();
SSLContext context = null;
try {
KeyStore ts = KeyStore.getInstance("BKS");
ts.load(AppContext.getInstance().getApplicationContext()
.getResources().openRawResource(R.raw.cacerts226), password);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("X509");
tmf.init(ts);
TrustManager[] tm = tmf.getTrustManagers();
context = SSLContext.getInstance("SSL");
context.init(null, tm, null);
SSLSocketFactory ssf = context.getSocketFactory();
mSocket = (SSLSocket) ssf.createSocket(ip, port);
if (isConnected()) {
out = new DataOutputStream(mSocket.getOutputStream());// 获取网络输出流
in = new DataInputStream(mSocket.getInputStream());// 获取网络输入流
if (isConnected()) {
callback.tcpConnected();
}
}
} catch (Exception e) {
e.printStackTrace();
callback.tcpDisconnect();
}
}