安卓https双向认证配置

最新推荐文章于 2024-09-11 01:01:34 发布
最新推荐文章于 2024-09-11 01:01:34 发布
阅读量1k 收藏 1
点赞数
分类专栏: 安卓HTTPS 双向认证
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/liuno0/article/details/108362744
版权

1.先写一个SSLHelper类 ,client.bks和root.bks 这两个文件 请看我上一遍文章,123456是证书密码,其他地方不用动,原封不动拷贝。

package com.ssl;

import android.content.Context;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

public class SSLHelper {
    private static final String TAG = "SSLHelper";
    private final static String CLIENT_PRI_KEY = "client.bks";
    private final static String TRUSTSTORE_PUB_KEY = "root.bks";
    private final static String CLIENT_BKS_PASSWORD = "123456";
    private final static String TRUSTSTORE_BKS_PASSWORD = "123456";
    private final static String KEYSTORE_TYPE = "BKS";
    private final static String PROTOCOL_TYPE = "TLS";
    private final static String CERTIFICATE_STANDARD = "X509";

    public static SSLSocketFactory getSSLCertifcation(Context context) {
        SSLSocketFactory sslSocketFactory = null;
        try {
            // 服务器端需要验证的客户端证书,其实就是客户端的keystore
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            // 客户端信任的服务器端证书
            KeyStore trustStore = KeyStore.getInstance(KEYSTORE_TYPE);

            //读取证书
            InputStream ksIn = context.getAssets().open(CLIENT_PRI_KEY);
            InputStream tsIn = context.getAssets().open(TRUSTSTORE_PUB_KEY);

            //加载证书
            keyStore.load(ksIn, CLIENT_BKS_PASSWORD.toCharArray());
            trustStore.load(tsIn, TRUSTSTORE_BKS_PASSWORD.toCharArray());
            ksIn.close();
            tsIn.close();


            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(CERTIFICATE_STANDARD);
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(CERTIFICATE_STANDARD);
            trustManagerFactory.init(trustStore);
            keyManagerFactory.init(keyStore, CLIENT_BKS_PASSWORD.toCharArray());

            //初始化SSLContext
            SSLContext sslContext = SSLContext.getInstance(PROTOCOL_TYPE);
            sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new java.security.SecureRandom());

            sslSocketFactory = sslContext.getSocketFactory();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        }
        return sslSocketFactory;
    }


}

2.写一个HttpsUtil。

package com.ssl;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

public class HttpsUtil {
    public static class SSLParams
    {
        public SSLSocketFactory sSLSocketFactory;
        public X509TrustManager trustManager;
    }

    public static SSLParams getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password)
    {
        SSLParams sslParams = new SSLParams();
        try
        {
            TrustManager[] trustManagers = prepareTrustManager(certificates);
            KeyManager[] keyManagers = prepareKeyManager(bksFile, password);
            SSLContext sslContext = SSLContext.getInstance("TLS");
            X509TrustManager trustManager = null;
            if (trustManagers != null)
            {
                trustManager = new MyTrustManager(chooseTrustManager(trustManagers));
            } else
            {
                trustManager = new UnSafeTrustManager();
            }
            sslContext.init(keyManagers, new TrustManager[]{trustManager},null);
            sslParams.sSLSocketFactory = sslContext.getSocketFactory();
            sslParams.trustManager = trustManager;
            return sslParams;
        } catch (NoSuchAlgorithmException e)
        {
            throw new AssertionError(e);
        } catch (KeyManagementException e)
        {
            throw new AssertionError(e);
        } catch (KeyStoreException e)
        {
            throw new AssertionError(e);
        }
    }

    public static class  UnSafeHostnameVerifier implements HostnameVerifier
    {
        @Override
        public boolean verify(String hostname, SSLSession session)
        {
            return true;
        }
    }

    public static class UnSafeTrustManager implements X509TrustManager
    {
        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType)
                throws CertificateException
        {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType)
                throws CertificateException
        {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers()
        {
            return new X509Certificate[]{};
        }
    }

    private static TrustManager[] prepareTrustManager(InputStream... certificates)
    {
        if (certificates == null || certificates.length <= 0) return null;
        try
        {

            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);
            int index = 0;
            for (InputStream certificate : certificates)
            {
                String certificateAlias = Integer.toString(index++);
                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
                try
                {
                    if (certificate != null)
                        certificate.close();
                } catch (IOException e)

                {
                }
            }
            TrustManagerFactory trustManagerFactory = null;

            trustManagerFactory = TrustManagerFactory.
                    getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);

            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

            return trustManagers;
        } catch (NoSuchAlgorithmException e)
        {
            e.printStackTrace();
        } catch (CertificateException e)
        {
            e.printStackTrace();
        } catch (KeyStoreException e)
        {
            e.printStackTrace();
        } catch (Exception e)
        {
            e.printStackTrace();
        }
        return null;

    }

    private static KeyManager[] prepareKeyManager(InputStream bksFile, String password)
    {
        try
        {
            if (bksFile == null || password == null) return null;

            KeyStore clientKeyStore = KeyStore.getInstance("BKS");
            clientKeyStore.load(bksFile, password.toCharArray());
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(clientKeyStore, password.toCharArray());
            return keyManagerFactory.getKeyManagers();

        } catch (KeyStoreException e)
        {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e)
        {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e)
        {
            e.printStackTrace();
        } catch (CertificateException e)
        {
            e.printStackTrace();
        } catch (IOException e)
        {
            e.printStackTrace();
        } catch (Exception e)
        {
            e.printStackTrace();
        }
        return null;
    }

    private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers)
    {
        for (TrustManager trustManager : trustManagers)
        {
            if (trustManager instanceof X509TrustManager)
            {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }


    private static class MyTrustManager implements X509TrustManager
    {
        private X509TrustManager defaultTrustManager;
        private X509TrustManager localTrustManager;

        public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException
        {
            TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            var4.init((KeyStore) null);
            defaultTrustManager = chooseTrustManager(var4.getTrustManagers());
            this.localTrustManager = localTrustManager;
        }


        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException
        {

        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException
        {
            try
            {
                defaultTrustManager.checkServerTrusted(chain, authType);
            } catch (CertificateException ce)
            {
                localTrustManager.checkServerTrusted(chain, authType);
            }
        }


        @Override
        public X509Certificate[] getAcceptedIssuers()
        {
            return new X509Certificate[0];
        }
    }


}

3,okhttp,这个 需要okhttp 来 传输,JSUtil.execCallback(webview, callbackId, resultMsg, JSUtil.OK, false);是MUI 的js 调用安卓原生的一个写法,resultMsg这里面就是请求返回的值


    /**
     * 调用okhttp,这里面有ssl
     * @param json
     */
    public void httpsUtil(JSONArray json){
        resultMsg.remove(0);

        String url = "";

        OkHttpClient okHttpClient = new OkHttpClient().newBuilder()
                .sslSocketFactory(SSLHelper.getSSLCertifcation(NetConfig.getContextData()), new HttpsUtil.UnSafeTrustManager())
                .hostnameVerifier(new HttpsUtil.UnSafeHostnameVerifier())//此处设置忽略掉域名校验
                .build();
        final Request request = new Request.Builder()
                .url(url)
                .get()
                .build();
        Call call = okHttpClient.newCall(request);
        call.enqueue(new Callback() {
            @Override
            public void onFailure(Call call, IOException e) {
                LogUtils.i("请求失败:"+e.getMessage());
                e.printStackTrace();
            }

            @Override
            public void onResponse(Call call, Response response) throws IOException {
                resultMsg.put(response.body().string());
                String b=response.message();
                LogUtils.i("请求成功" + response.body().toString());
                LogUtils.i("请求成功" + response.message());
                JSUtil.execCallback(webview, callbackId, resultMsg, JSUtil.OK, false);
            }
        });
    }

 

_我要早睡晚起
关注
专栏目录
Android HTTPS 双向认证(基于OkHttp + Retrofit + Rxjava)
Super_Ks的博客
05-07 901
今天从这位大神这学到了,权当记录一下了。 先介绍下HTTPS吧 简单来说,HTTPS就是“安全版”的HTTP,HTTPS = HTTP + SSL。HTTPS相当于在应用层和TCP层之间加入了一个SSL(或TLS),SSL层对从应用层收到的数据进行加密。TLS/SSL中使用了RSA非对称加密,对称加密以及HASH算法。 RSA算法基于一个十分简单的数论事实:将两个大素数相乘十分容易,...
Android实现https双向认证/单向认证 okhttp+Retrofit+https
u011511057的专栏
01-03 3279
Android实现https双向认证/单向认证 okhttp+Retrofit+https 随着android版本的提升,和各个应用对通信安全的要求,https成为我们不得不去面对的问题 在开始本篇之前,首先最好是看下https通信原理,送上大神连接https://www.jianshu.com/p/07b055544123 看图说话,图片(取自上面链接中) 如果你已经看过https通信原理,应...
基于java的https双向认证,android上亦可用
weixin_33979363的博客
10-31 196
为什么80%的码农都做不了架构师?>>> ...
Android HTTPS 自制证书实现双向认证(OkHttp + Retrofit + Rxjava)
最新发布
2401_86964130的博客
09-11 467
File -> open Keystore File -> 选择证书库文件 -> 输入密码 -> Tools -> change keystore type -> BKS -> save keystore as -> 保存即可。// 客户端信任的服务器端证书。将客户端证书导入服务端keystore中,再将服务端证书导入客户端keystore中, 一个keystore可以导入多个证书,生成证书列表。.baseUrl(“https://10.2.8.56:8443”)//填写自己服务器IP。
android HTTPS双向认证
Froeverlove的博客
12-08 2028
近期项目中遇到需要对HTTPS进行双向认证,整理下可以实现的两种方式。
android自定义双向认证,AndroidHttps
weixin_42291186的博客
05-26 247
AndroidHttps安卓端使用双向认证请求服务器的完整示例前言众所周知,Http请求包含了地址、端口、请求头、请求体等等。与服务器的通信交由SocketFactory,而Https请求需要用SSLSocketFactory。创建SSLSocketFactory需要一个两个KeyStore:一个是keyStore,里面放着服务器信任的客户端证书和客户端私钥;一个是trustStore,里面放着客...
Android本地服务器NanoHttpd配置Https双向认证
MirkoWug的博客
01-13 1906
Android本地服务器Nanohttpd配置HttpsSSL双向认证
android 使用HttpsURLConnection方式的SSL双向认证
12-08
在Android开发中,HTTPS协议是用于安全数据传输的标准,而SSL(Secure Sockets Layer)双向认证则进一步增强了安全性。此项目“android 使用HttpsURLConnection方式的SSL双向认证”着重讲解了如何在Android应用中...
IOS,Android SSL双向认证HTTPS方式请求及配置证书
12-19
本文将详细介绍`IOS`和`Android`平台上如何实现`SSL`双向认证以及配置证书。 首先,理解`SSL`双向认证的概念。常规的`SSL`单向认证中,服务器会验证客户端的身份,但客户端并不验证服务器的身份。而在双向认证中,...
android https 双向验证
08-04
NULL 博文链接:https://zjingye.iteye.com/blog/2007868
Android项目中使用HTTPS配置的步骤详解
08-30
主要给大家介绍了关于Android项目中使用HTTPS配置步骤的相关资料,文中介绍的非常详细,对大家具有一定的参考学习价值,需要的朋友们下面来一起看看吧。
无Root安卓手机抓包HTTPS(可破解HTTPS双向验证)
05-22
无Root安卓手机抓包HTTPS(可破解HTTPS双向验证) 解压密码 qq810285810
OkHttpsUtils
08-30
OkHttp的封装及与服务器交互
android 开启Https双向认证
raykwok1150的博客
12-05 574
上篇文章有写如何在Android上开启https单向认证的方法,说白了单向认证的过程就是客户端认证服务器的身份。下面我们来讨论服务器端如何认证客户端的身份。 网上很多人都说Android只认识BKS格式的证书,但是查了官方文档以后可以看到 所以,我这里采用PKCS12格式的证书,openssl pkcs12 -export -out leikey1.p12 -inkey leikey.crt
Android平台访问https 双向认证(下)
u013598111的专栏
06-11 1088
访问https双向认证两种方式 public static void httpsRequest(Context c) { try { String path = "https://localhost:8443/123.html"; BasicHttpParams params = new BasicHttpParams(); HttpProtocolParams.
Android HTTPS 自制证书实现双向认证(OkHttp + Retrofit + Rxjava)(1)
2401_84149875的博客
05-10 948
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。深知大多数初中级Android工程师,想要提升技能,往往是自己摸索成长,自己不成体系的自学效果低效漫长且无助。因此我收集整理了一份《2024年Android移动开发全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友,同时减轻大家的负担。既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上Android开发知识点!
Android 配置https抓包
一杯清泉
03-02 2940
在Android中抓包常用fidder或者Charles,http可以直接抓去到请求信息,https抓取不到,如下: 下面介绍两种抓包方案,可以轻松的获取请求的信息。 一、使用用户证书 1、application中 android:networkSecurityConfig="@xml/network_security_config" android:usesCleartextTraffic="true" 2、res/xml 新建network_security_config: &l
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值