引入HTTPS是为了解决HTTP所带来的三个问题:
- HTTP是明文传输,数据容易被窃取,因此要加密数据以防止数据中途窃取
- 认证服务器身份,确保数据发送到正确的服务器
- 维护数据的完整性,防止数据在传输中被改变,如中间人攻击
所以本章主要是讲述如何使用OkHttp或HttpUrlConnection来实现自制证书的访问。
设置证书校验
前面博客中写了如何绕过证书访问,那是不安全的访问方式,容易受到中间人攻击,所以客户端需要做双向证书校验,来保证客户端的合法性。
private static SSLSocketFactory setCertificates(InputStream... certificates) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates) {
String certificateAlias = Integer.toString(index++);
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
if (certificate != null) {
certificate.close();
}
}
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init</