Xutils加载自建证书与服务器进行双向验证

public static HttpUtils getInstances(Context mContext) {

if (mInstance == null) {
mInstance = new HttpUtils();
mInstance.configTimeout(5000);
mInstance.configSSLSocketFactory(CustomerSocketFactory.
getSocketFactory(mContext));//在这里设置双向证书验证
}
return mInstance;

}

下面为证书验证工具类:

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import android.content.Context;


public class CustomerSocketFactory extends SSLSocketFactory{

public CustomerSocketFactory(KeyStore keystore, String keystorePassword,
KeyStore truststore) throws NoSuchAlgorithmException,
KeyManagementException, KeyStoreException,
UnrecoverableKeyException {
super(keystore, keystorePassword, truststore);
}
private static KeyStore keyStore;
private static KeyStore trustStore;
private static final String KEY_STORE_TYPE_BKS = "bks";
private static final String KEY_STORE_TYPE_P12 = "PKCS12";
private static final String KEY_STORE_CLIENT_PATH = "/assets/client.p12";
private static final String KEY_STORE_TRUST_PATH = "/assets/nginx.bks";
private static final String KEY_STORE_PASSWORD = "zng123";
private static final String KEY_STORE_TRUST_PASSWORD = "zng123";

public static SSLSocketFactory getSocketFactory(Context context) {
InputStream input = null;
InputStream tsIn = null;
try {
input = context.getAssets().open("client.p12"); // 下载的证书放到项目中的assets目录中
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(input, KEY_STORE_PASSWORD.toCharArray());
tsIn = context.getResources().getAssets().open("nginx.bks");
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(tsIn, KEY_STORE_PASSWORD.toCharArray());

SSLSocketFactory factory = new CustomerSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);
//默认设置通过ip和网址验证
X509HostnameVerifier hostnameVerifier = new X509HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;
}
public void verify(String arg0, SSLSocket arg1) throws IOException {}
public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {}
public void verify(String arg0, X509Certificate arg1) throws SSLException {}
};
factory.setHostnameVerifier(hostnameVerifier);
return factory;
} catch (Exception e) {
e.printStackTrace();
return null;
} finally {
closeStream(input);
closeStream(tsIn);
}}

private static void closeStream(InputStream input){
if (input != null) {
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
input = null;
}}}