文章目录
前言
安卓app作为应用侧访问华为物联网平台需要携带证书,Android的私钥和信任证书的格式必须是BKS格式的,可用openssl等工具进行证书格式转换(具体操作)转换完成后在src/mian目录下创建assets文件夹,不可直接创建文件夹(创建方式),并将bks证书(注意客户端和服务端证书都是bks类型)复制到文件夹内
工具类
SSLHelper类
public class SSLHelper{
private static final String TAG = "SSLHelper";
private static final String CLIENT_PRI_KEY = "client.bks";
private static final String TRUSTSTORE_PUB_KEY = "truststore.bks";
private static final String CLIENT_BKS_PW = "IoM@1234";//证书密钥
private static final String TRUSTSTORE_BKS_PW = "Huawei@123";//证书密钥
private static final String KEYSTORE_TYPE = "BKS";
private static final String PROTOCOL_TYPE = "TLS";
private static final String CERTIFICATE_STANDARD ="X509";
public static SSLSocketFactory getSSLCertificate(Context context){
SSLSocketFactory sslSocketFactory = null;
try {
//服务端需要验证的客户端证书,客户端的keystore(Keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中)
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
//客户端信任服务端的证书
KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE);
//读取证书
InputStream ksIn = context.getAssets().open(CLIENT_PRI_KEY);
InputStream tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY);
//加载证书
keyStore.load(ksIn,CLIENT_BKS_PW.toCharArray());
trustStore.load(tsIn,TRUSTSTORE_BKS_PW.toCharArray());
ksIn.close();
tsIn.close();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(CERTIFICATE_STANDARD);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(CERTIFICATE_STANDARD);
trustManagerFactory.init(trustStore);
keyManagerFactory.init(keyStore,CLIENT_BKS_PW.toCharArray());
//初始化SSLContext
SSLContext sslContext = SSLContext.getInstance(PROTOCOL_TYPE);
sslContext.init(keyManagerFactory.getKeyManagers(),trustManagerFactory.getTrustManagers(),new java.security.SecureRandom());
sslSocketFactory = sslContext.getSocketFactory();
return sslSocketFactory;
} catch (KeyStoreException e) {
Log.d("KeyStoreException",e.toString());
e.printStackTrace();
} catch (IOException e) {
Log.d("IOException",e.toString());
e.printStackTrace();
} catch (CertificateException e) {
Log.d("CertificateException",e.toString());
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
Log.d("NoSuchAlgorithm",e.toString());
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
Log.d("UnrecoverableKey",e.toString());
e.printStackTrace();
} catch (KeyManagementException e) {
Log.d("KeyManagement",e.toString());
e.printStackTrace();
}
return sslSocketFactory;
}
}
HttpsUtils类
public class HttpsUtils {
public static class SSLParams{
public SSLSocketFactory sslSocketFactory;
public X509TrustManager trustManager;
}
public static SSLParams getSSLSocketFactory(InputStream[] certificates, InputStream bksFile, String password)