由于之前项目的接口需要安全测评,从HTTP变成了https,搞得Android这边也要变,原本以为和移动端没关系。事实错了。。。我用的是HttpClient来进行访问,没有进行证书验证则会报错。Android采用X509的证书信息机制,于是乎百度了一下,找到了解决方案。下面贴出工具类。
package test;
import java.io.IOException;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.http.HttpVersion;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.tsccm.ThreadSafeClientConnManager;
import org.apache.http.params.BasicHttpParams;
import org.apache.http.params.HttpProtocolParams;
import org.apache.http.protocol.HTTP;
/*
* 信任所有证书
* */
public class HttpsUtil extends SSLSocketFactory{
SSLContext sslContext = SSLContext.getInstance("TLS");
@SuppressWarnings("deprecation")
public static HttpClient getMyHttpsClient() {
BasicHttpParams params = new BasicHttpParams();
HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
HttpProtocolParams.setContentCharset(params, HTTP.DEFAULT_CONTENT_CHARSET);
HttpProtocolParams.setUseExpectContinue(params, true);
SchemeRegistry schReg = new SchemeRegistry();
schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
schReg.register(new Scheme("https", HttpsUtil.getSocketFactory(), 443));
ClientConnectionManager connMgr = new ThreadSafeClientConnManager(params, schReg);
return new DefaultHttpClient(connMgr, params);
}
public HttpsUtil(KeyStore truststore) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException {
super(truststore);
// Android 采用X509的证书信息机制
TrustManager tm = new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() {
return null;
}
// Create a trust manager that does not validate certificate chains
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
};
// Install the all-trusting trust manager
sslContext.init(null, new TrustManager[]{tm}, null);
}
@Override
public Socket createSocket() throws IOException {
return sslContext.getSocketFactory().createSocket();
}
@Override
public Socket createSocket(Socket socket, String host, int port, boolean autoClose) throws IOException, UnknownHostException {
return sslContext.getSocketFactory().createSocket(socket, host, port, autoClose);
}
public static SSLSocketFactory getSocketFactory() {
try {
KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(null, null);
SSLSocketFactory factory = new HttpsUtil(trustStore);
//factory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); //允许所有主机的验证
return factory;
} catch (Exception e) {
e.getMessage();
return null;
}
}
}
工具类加上,直接在HttpClient初始化时赋予它就行。想这样:HttpClient httpclient =HttpsUtil.getMyHttpsClient();
初始化之后,就可以愉快的玩耍了,你之前HttpClient 怎么写就怎么写。get post都可以。不用怕访问https时会有报错了~~~当然,你直接用其他网络框架其实更加单。。。这里用的网络请求包是httpclient-4.5.jar 。