Aandroid中https请求的单向认证
一、HTTPS 单向认证
1. 给服务器生成密钥
keytool -genkeypair -alias skxy -keyalg RSA -validity 3650 -keypass 123456 -storepass 123456 -keystore skxy.keystore
2. 给Tomcat服务器配置Https
tomcat/config/server.xml修改connector配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/skxy.keystore"
keystorePass="123456"/>
3.导出证书
keytool -export -alias skxy -file skxy.cer -keystore skxy.keystore -storepass 123456
4.将证书放在android客户端,能够读取的地方比如assert目录
5.代码中执行网络请求,获取证书,读取https网站的数据
String path = "https://10.0.3.2:8443/Test/Hlloer";
try {
//获取证书
InputStream stream = getAssets().open("skxy.cer");
SSLContext tls = SSLContext.getInstance("TLS");
//使用默认证书
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
//去掉系统默认证书
keystore.load(null);
Certificate certificate =
CertificateFactory.getInstance("X.509").generateCertificate(stream);
//设置自己的证书
keystore.setCertificateEntry("skxy", certificate);
//通过信任管理器获取一个默认的算法
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
//算法工厂创建
TrustManagerFactory instance = TrustManagerFactory.getInstance(algorithm);
instance.init(keystore);
tls.init(null, instance.getTrustManagers(), null);
SSLSocketFactory socketFactory = tls.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
URL url = new URL(path);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
//设置ip授权认证:如果已经安装该证书,可以不设置,否则需要设置
conn.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
InputStream inputStream = conn.getInputStream();
String result = getString(inputStream);
stream.close();
一、HTTPS 单向认证
1. 给服务器生成密钥
keytool -genkeypair -alias skxy -keyalg RSA -validity 3650 -keypass 123456 -storepass 123456 -keystore skxy.keystore
2. 给Tomcat服务器配置Https
tomcat/config/server.xml修改connector配置
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="conf/skxy.keystore"
keystorePass="123456"/>
3.导出证书
keytool -export -alias skxy -file skxy.cer -keystore skxy.keystore -storepass 123456
4.将证书放在android客户端,能够读取的地方比如assert目录
5.代码中执行网络请求,获取证书,读取https网站的数据
String path = "https://10.0.3.2:8443/Test/Hlloer";
try {
//获取证书
InputStream stream = getAssets().open("skxy.cer");
SSLContext tls = SSLContext.getInstance("TLS");
//使用默认证书
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
//去掉系统默认证书
keystore.load(null);
Certificate certificate =
CertificateFactory.getInstance("X.509").generateCertificate(stream);
//设置自己的证书
keystore.setCertificateEntry("skxy", certificate);
//通过信任管理器获取一个默认的算法
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
//算法工厂创建
TrustManagerFactory instance = TrustManagerFactory.getInstance(algorithm);
instance.init(keystore);
tls.init(null, instance.getTrustManagers(), null);
SSLSocketFactory socketFactory = tls.getSocketFactory();
HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
URL url = new URL(path);
HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
//设置ip授权认证:如果已经安装该证书,可以不设置,否则需要设置
conn.setHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
InputStream inputStream = conn.getInputStream();
String result = getString(inputStream);
stream.close();