上篇文章有写如何在Android上开启https单向认证的方法,说白了单向认证的过程就是客户端认证服务器的身份。下面我们来讨论服务器端如何认证客户端的身份。
网上很多人都说Android只认识BKS格式的证书,但是查了官方文档以后可以看到
所以,我这里采用PKCS12格式的证书,
openssl pkcs12 -export -out leikey1.p12 -inkey leikey.crt -in leichain.crt
由于我的整个系统都需要使用该证书,所以我需要将它导入到系统中,在这里我使用了一种比较取巧的方式
void initSSL() {
try{
InputStream kmin = this.getApplicationContext().getAssets().open("leikey1.p12");
KeyStore kmkeyStore = KeyStore.getInstance("PKCS12");
kmkeyStore.load(kmin,strKeyPWD.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance("X509");
kmf.init(kmkeyStore, strKeyPWD.toCharArray());
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(kmf.getKeyManagers(), null, null);
SSLContext.setDefault(context);
Log.d(TAG, "init SSLContext for Https!");
}catch(Exception e){
e.printStackTrace();
}
}
使用方式如下:
void testConnect() {
try{
URL url = new URL(strUrl);
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setDoOutput(true);
//主要是添加这行代码,我们的公钥和私钥都存在系统里面,通过下面这行代码调用。
urlConnection.setSSLSocketFactory(SSLContext.getDefault().getSocketFactory());
InputStream input = urlConnection.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(input, "UTF-8"));
StringBuffer result = new StringBuffer();
String line = "";
while ((line = reader.readLine()) != null) {
result.append(line);
}
Log.e(TAG, result.toString());
}catch(Exception e){
e.printStackTrace();
}
}
参考文档
https://developer.android.google.cn/reference/java/security/KeyStore.html
http://frank-zhu.github.io/android/2014/12/26/android-https-ssl/
http://blog.csdn.net/zww986736788/article/details/78425459
http://blog.csdn.net/Innost/article/details/44081147
http://blog.csdn.net/Innost/article/details/44199503