我的服务器端是用Centos6.4+apache搭建的https 网站。
Android通过http下载不需要证书,不需要SSLfactory等,所以https和http的区别仅此而已。
1.证书相关的类,添加如下类:
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.X509TrustManager;
public class TrustAllManager implements X509TrustManager {
public void checkClientTrusted(X509Certificate[] cert, String authType)
throws CertificateException {
}
public void checkServerTrusted(X509Certificate[] cert, String authType)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
}
2.SSLFactory相关的类如下:
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
public class TrustAllSSLSocketFactory extends SSLSocketFactory {
private javax.net.ssl.SSLSocketFactory factory;
public TrustAllSSLSocketFactory() throws KeyManagementException,
NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException {
super(null);
try {
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(null, new TrustManager[] { new TrustAllManager() },
null);
factory = sslcontext.getSocketFactory();
setHostnameVerifier(new AllowAllHostnameVerifier());
} catch (Exception ex) {
}
}
public static SSLSocketFactory getDefault() throws KeyManagementException,
NoSuchAlgorithmException, KeyStoreException,
UnrecoverableKeyException {
return new TrustAllSSLSocketFactory();
}
@Override
public Socket createSocket() throws IOException {
return factory.createSocket();
}
@Override
public Socket createSocket(Socket socket, String s, int i, boolean flag)
throws IOException {
return factory.createSocket(socket, s, i, flag);
}
public javax.net.ssl.SSLSocketFactory getSSLSocketFactory() {
return factory;
}
}
3.https需要把上面的Factory注册上,TrustAllManager 已经用在Factory上面了。
// Step One register scheme of https
HostnameVerifier hostnameVerifier = org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
SSLSocketFactory socketFactory = null;
try {
socketFactory = TrustAllSSLSocketFactory.getDefault();
}
catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
HttpsURLConnection.setDefaultSSLSocketFactory(((TrustAllSSLSocketFactory)socketFactory).getSSLSocketFactory());
注意第三步应该放在等到HttpsURLConnection得到连接之前,或者DefaultHttpClient类初始化之间,否则就会报各种各样的错误。