推荐阅读:
参考:
SSL与TLS的区别以及介绍
https://blog.csdn.net/anningzhu/article/details/77517432
关于JAVA发送Https请求(HttpsURLConnection和HttpURLConnection)
https://blog.csdn.net/shumeng_xiaoyan/article/details/76503601
Android安全开发之正确使用Https(内含OkHttp、HttpUrlConnection配置https方式)
https://blog.csdn.net/u011084603/article/details/73873677
Android中进行https请求信任证书问题(效率解决,小白适用)
https://blog.csdn.net/dabendan0714/article/details/54614781
代码:
/**
* Android HttpsURLConnection忽略Https证书是否正确的Https请求工具类,不需要验证服务器端证书是否正确,也不需要验证服务器证书中的域名是否有效。
* (PS:建议下面代码仅仅用于测试阶段,不建议用于发布后的产品中。否则的话HTTPS就形同虚设了。)
*/
public class HttpUtil {
private static final String DEFAULT_CHARSET = "UTF-8"; // 默认字符集
private static final String _GET = "GET"; // GET
private static final String _POST = "POST";// POST
/**
* 初始化http请求参数
*/
private static HttpURLConnection initHttp(String url, String method, Map<String, String> headers)
throws IOException {
URL _url = new URL(url);
HttpURLConnection http = (HttpURLConnection) _url.openConnection();
// 连接超时
http.setConnectTimeout(25000);
// 读取超时 --服务器响应比较慢,增大时间
http.setReadTimeout(25000);
http.setRequestMethod(method);
http.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
http.setRequestProperty("User-Agent",
"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36");
if (null != headers && !headers.isEmpty()) {
for (Map.Entry<String, String> entry : headers.entrySet()) {
http.setRequestProperty(entry.getKey(), entry.getValue());
}
}
http.setDoOutput(true);
http.setDoInput(true);
http.connect();
return http;
}
/**
* 初始化http请求参数
*/
private static HttpsURLConnection initHttps(String url, String method, Map<String, String> headers)
throws IOException, NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException {
TrustManager[] trustManagers = {new MyX509TrustManager()};
//不需要验证服务器端证书
//SSL(Secure Socket Layer 安全套接层)是基于HTTPS下的一个协议加密层
// SSLContext sslContext = SSLContext.getInstance("SSL");
//SSLContext:负责证书管理和信任管理器
SSLContext sslContext = SSLContext.getInstance("TLS");//注意点一
sslContext.init(null, trustManagers, new SecureRandom());
// 从上述SSLContext对象中得到SSLSocketFactory对象
SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
URL _url = new URL(url);
HttpsURLConnection httpsURLConnection = (HttpsURLConnection) _url.openConnection();
// 设置域名校验
httpsURLConnection.setHostnameVerifier(new MyHostnameVerifier());
httpsURLConnection.setSSLSocketFactory(sslSocketFactory);
// HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory);
// HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
// 连接超时
httpsURLConnection.setConnectTimeout(25000);
// 读取超时 --服务器响应比较慢,增大时间
httpsURLConnection.setReadTimeout(25000);
httpsURLConnection.setRequestMethod(method);
httpsURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
httpsURLConnection.setRequestProperty("User-Agent",
"Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.146 Safari/537.36");
if (null != headers && !headers.isEmpty()) {
for (Map.Entry<String, String> entry : headers.entrySet()) {
httpsURLConnection.setRequestProperty(entry.getKey(), entry.getValue());
}
}
httpsURLConnection.setDoOutput(true);
httpsURLConnection.setDoInput(true);
httpsURLConnection.connect();
return httpsURLConnection;
}
/**
* get请求
*/
public static String get(String url, Map<String, String> params, Map<String, String> headers) {
StringBuffer bufferRes = null;
try {
HttpURLConnection http = null;
if (isHttps(url)) {
http = initHttps(initParams(url, params), _GET, headers);
} else {
http = initHttp(initParams(url, params), _GET, headers);
}
InputStream in = http.getInputStream();
BufferedReader read = new BufferedReader(new InputStreamReader(in, DEFAULT_CHARSET));
String valueString = null;
bufferRes = new StringBuffer();
while ((valueString = read.readLine()) != null) {
bufferRes.append(valueString);
}
in.close();
if (http != null) {
http.disconnect();// 关闭连接
}
return bufferRes.toString();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* get请求
*/
public static String get(String url) {
return get(url, null);
}
/**
* get请求
*/
public static String get(String url, Map<String, String> params) {
return get(url, params, null);
}
/**
* post请求
*/
public static String post(String url, String params, Map<String, String> headers) {
StringBuffer bufferRes = null;
try {
HttpURLConnection http = null;
if (isHttps(url)) {
http = initHttps(url, _POST, headers);
} else {
http = initHttp(url, _POST, headers);
}
OutputStream out = http.getOutputStream();
out.write(params.getBytes(DEFAULT_CHARSET));
out.flush();
out.close();
InputStream in = http.getInputStream();
BufferedReader read = new BufferedReader(new InputStreamReader(in, DEFAULT_CHARSET));
String valueString = null;
bufferRes = new StringBuffer();
while ((valueString = read.readLine()) != null) {
bufferRes.append(valueString);
}
in.close();
if (http != null) {
http.disconnect();// 关闭连接
}
return bufferRes.toString();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* post请求
*/
public static String post(String url, Map<String, String> params) {
return post(url, map2Url(params), null);
}
/**
* post请求
*/
public static String post(String url, Map<String, String> params, Map<String, String> headers) {
return post(url, map2Url(params), headers);
}
/**
* 初始化参数
*/
public static String initParams(String url, Map<String, String> params) {
if (null == params || params.isEmpty()) {
return url;
}
StringBuilder sb = new StringBuilder(url);
if (url.indexOf("?") == -1) {
sb.append("?");
}
sb.append(map2Url(params));
return sb.toString();
}
/**
* map转url参数
*/
public static String map2Url(Map<String, String> paramToMap) {
if (null == paramToMap || paramToMap.isEmpty()) {
return null;
}
StringBuffer url = new StringBuffer();
boolean isfist = true;
for (Map.Entry<String, String> entry : paramToMap.entrySet()) {
if (isfist) {
isfist = false;
} else {
url.append("&");
}
url.append(entry.getKey()).append("=");
String value = entry.getValue();
if (null == value || "".equals(value.trim())) {
try {
url.append(URLEncoder.encode(value, DEFAULT_CHARSET));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
}
}
return url.toString();
}
/**
* 检测是否https
*/
private static boolean isHttps(String url) {
return url.startsWith("https");
}
/**
* 不进行主机名确认
*/
private static class MyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;//注意点二
}
}
/**
* 信任所有主机 对于任何证书都不做SSL检测
* 安全验证机制,Android采用的是X509验证
*/
private static class MyX509TrustManager implements X509TrustManager {
//返回受信任的X509证书数组。
public X509Certificate[] getAcceptedIssuers() {
// return null;
return new X509Certificate[]{};//注意点三
}
//该方法检查客户端的证书,若不信任该证书则抛出异常。由于我们不需要对客户端进行认证,
//因此我们只需要执行默认的信任管理器的这个方法。JSSE中,默认的信任管理器类为TrustManager。
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
//该方法检查服务器的证书,若不信任该证书同样抛出异常。通过自己实现该方法,可以使之信任我们指定的任何证书。
//在实现该方法时,也可以简单的不做任何处理,即一个空的函数体,由于不会抛出异常,它就会信任任何证书。
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
}
}
工具类:
public class SSLContextUtil {
//有安全证书的SSLContext
//我们把Https的证书放在assets目录下,然后通过流加载:
public static SSLContext getSSLContext() {
// 生成SSLContext对象
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLS");
// 从assets中加载证书
InputStream inStream = MyApplication.getInstance().getAssets().open("srca.cer");
// 证书工厂
CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");
Certificate cer = cerFactory.generateCertificate(inStream);
// 密钥库
KeyStore kStore = KeyStore.getInstance("PKCS12");
kStore.load(null, null);
kStore.setCertificateEntry("trust", cer);// 加载证书到密钥库中
// 密钥管理器
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyFactory.init(kStore, null);// 加载密钥库到管理器
// 信任管理器
TrustManagerFactory tFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tFactory.init(kStore);// 加载密钥库到信任管理器
// 初始化
//new SecureRandom()在Android4.4之前的系统中有Bug
sslContext.init(keyFactory.getKeyManagers(), tFactory.getTrustManagers(), new SecureRandom());
} catch (NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException
| KeyStoreException | KeyManagementException | IOException e) {
e.printStackTrace();
}
return sslContext;
}
/*--------------------------------------------------------------*/
//没有安全证书的SSLContext
public static SSLContext getSLLContext() {
SSLContext sslContext = null;
try {
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[]{new UnSafeTrustManager()}, new SecureRandom());
} catch (Exception e) {
e.printStackTrace();
}
return sslContext;
}
//没有安全证书的SSLContext
private static class UnSafeTrustManager implements X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[]{};
}
}
//没有安全证书的SSLContext
public static HostnameVerifier unSafeHostnameVerifier = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
/*--------------------------------------------------------------------*/
}