Android平台实现https信任所有证书的方法

Android平台上经常有使用https的需求，对于https服务器使用的根证书是受信任的证书的话，实现https是非常简单的，直接用httpclient库就行了，与使用http几乎没有区别。但是在大多数情况下，服务器所使用的根证书是自签名的，或者签名机构不在设备的信任证书列表中，这样使用httpclient进行https连接就会失败。解决这个问题的办法有两种，一是在发起https连接之前将服务器证书加到httpclient的信任证书列表中，这个相对来说比较复杂一些，很容易出错；另一种办法是让httpclient信任所有的服务器证书，这种办法相对来说简单很多，但安全性则差一些，但在某些场合下有一定的应用场景。这里要举例说明的就是后一种方法：实例化HttpClinet对象时要进行一些处理主要是绑定https连接所使用的端口号，这里绑定了443和8443：

[java] view plain copy

1. SchemeRegistryschemeRegistry=newSchemeRegistry();
2. schemeRegistry.register(newScheme("https",
3. newEasySSLSocketFactory(),443));
4. schemeRegistry.register(newScheme("https",
5. newEasySSLSocketFactory(),8443));
6. ClientConnectionManagerconnManager=newThreadSafeClientConnManager(params,schemeRegistry);
7. HttpClienthttpClient=newDefaultHttpClient(connManager,params);

上面的EasySSLSocketFactory类是我们自定义的，主要目的就是让httpclient接受所有的服务器证书，能够正常的进行https数据读取。相关代码如下：

[java] view plain copy

1. publicclassEasySSLSocketFactoryimplementsSocketFactory,
2. LayeredSocketFactory{
4. privateSSLContextsslcontext=null;
6. privatestaticSSLContextcreateEasySSLContext()throwsIOException{
7. try{
8. SSLContextcontext=SSLContext.getInstance("TLS");
9. context.init(null,newTrustManager[]{newEasyX509TrustManager(
10. null)},null);
11. returncontext;
12. }catch(Exceptione){
13. thrownewIOException(e.getMessage());
14. }
15. }
17. privateSSLContextgetSSLContext()throwsIOException{
18. if(this.sslcontext==null){
19. this.sslcontext=createEasySSLContext();
20. }
21. returnthis.sslcontext;
22. }
25. publicSocketconnectSocket(Socketsock,Stringhost,intport,
26. InetAddresslocalAddress,intlocalPort,HttpParamsparams)
27. throwsIOException,UnknownHostException,ConnectTimeoutException{
28. intconnTimeout=HttpConnectionParams.getConnectionTimeout(params);
29. intsoTimeout=HttpConnectionParams.getSoTimeout(params);
31. InetSocketAddressremoteAddress=newInetSocketAddress(host,port);
32. SSLSocketsslsock=(SSLSocket)((sock!=null)?sock:createSocket());
34. if((localAddress!=null)||(localPort>0)){
35. //weneedtobindexplicitly
36. if(localPort<0){
37. localPort=0;//indicates"any"
38. }
39. InetSocketAddressisa=newInetSocketAddress(localAddress,
40. localPort);
41. sslsock.bind(isa);
42. }
44. sslsock.connect(remoteAddress,connTimeout);
45. sslsock.setSoTimeout(soTimeout);
46. returnsslsock;
48. }
51. publicSocketcreateSocket()throwsIOException{
52. returngetSSLContext().getSocketFactory().createSocket();
53. }
56. publicbooleanisSecure(Socketsocket)throwsIllegalArgumentException{
57. returntrue;
58. }
61. publicSocketcreateSocket(Socketsocket,Stringhost,intport,
62. booleanautoClose)throwsIOException,UnknownHostException{
63. returngetSSLContext().getSocketFactory().createSocket(socket,host,
64. port,autoClose);
65. }
67. //-------------------------------------------------------------------
68. //javadocinorg.apache.http.conn.scheme.SocketFactorysays:
69. //BothObject.equals()andObject.hashCode()mustbeoverridden
70. //forthecorrectoperationofsomeconnectionmanagers
71. //-------------------------------------------------------------------
73. publicbooleanequals(Objectobj){
74. return((obj!=null)&&obj.getClass().equals(
75. EasySSLSocketFactory.class));
76. }
78. publicinthashCode(){
79. returnEasySSLSocketFactory.class.hashCode();
80. }
81. }
83. publicclassEasyX509TrustManagerimplementsX509TrustManager{
85. privateX509TrustManagerstandardTrustManager=null;
88. publicEasyX509TrustManager(KeyStorekeystore)
89. throwsNoSuchAlgorithmException,KeyStoreException{
90. super();
91. TrustManagerFactoryfactory=TrustManagerFactory
92. .getInstance(TrustManagerFactory.getDefaultAlgorithm());
93. factory.init(keystore);
94. TrustManager[]trustmanagers=factory.getTrustManagers();
95. if(trustmanagers.length==0){
96. thrownewNoSuchAlgorithmException("notrustmanagerfound");
97. }
98. this.standardTrustManager=(X509TrustManager)trustmanagers[0];
99. }
102. publicvoidcheckClientTrusted(X509Certificate[]certificates,
103. StringauthType)throwsCertificateException{
104. standardTrustManager.checkClientTrusted(certificates,authType);
105. }
108. publicvoidcheckServerTrusted(X509Certificate[]certificates,
109. StringauthType)throwsCertificateException{
110. if((certificates!=null)&&(certificates.length==1)){
111. certificates[0].checkValidity();
112. }else{
113. standardTrustManager.checkServerTrusted(certificates,authType);
114. }
115. }
118. publicX509Certificate[]getAcceptedIssuers(){
119. returnthis.standardTrustManager.getAcceptedIssuers();
120. }
121. }