一、证书认证
1、浏览器下载 server.cer 证书 添加至 assets
public static SSLSocketFactory setCertificates(InputStream... certificates){
try{
//证书工厂。此处指明证书的类型
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
//创建一个证书库
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
int index = 0;
for (InputStream certificate : certificates){
String certificateAlias = Integer.toString(index++);
//将证书导入证书库
keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
try{
if (certificate != null)
certificate.close();
} catch (IOException e){
e.printStackTrace() ;
}
}
//取得SSL的SSLContext实例
SSLContext sslContext = SSLContext.getInstance("TLS");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.
getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
//初始化keystore
KeyStore clientKeyStore = KeyStore.getInstance(KeyStore.getDefaultType());
clientKeyStore.load(null, "password".toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(clientKeyStore, "password".toCharArray());
// 第一个参数是授权的密钥管理器,用来授权验证。TrustManager[]第二个是被授权的证书管理器,用来验证服务器端的证书。第三个参数是一个随机数值,可以填写null
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());
// sslContext.init(null, null, new SecureRandom());
return sslContext.getSocketFactory() ;
} catch (Exception e){
e.printStackTrace();
}
return null ;
}
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
2、网络访问
URL _url = new URL(url);
HttpsURLConnection http = (HttpsURLConnection) _url.openConnection();
// 设置域名校验
http.setHostnameVerifier(new TrustAnyHostnameVerifier());
http.setSSLSocketFactory(setCertificates(BaseApplication.getApplication().getAssets().open("server.cer")));
// 连接超时 读取超时 --服务器响应比较慢,增大时间
http.setConnectTimeout(5000);
http.setReadTimeout(20000);
二、信任所有证书
private static class TrustAnyHostnameVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
private static class MyX509TrustManager implements X509TrustManager {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
@Override
public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
}
}
2、网络访问时使用
TrustManager[] tm = {new MyX509TrustManager()};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
SSLSocketFactory ssf = sslContext.getSocketFactory();
URL _url = new URL(url);
HttpsURLConnection http = (HttpsURLConnection) _url.openConnection();
http.setHostnameVerifier(new TrustAnyHostnameVerifier());
http.setSSLSocketFactory(ssf);
// 连接超时 读取超时 --服务器响应比较慢,增大时间
http.setConnectTimeout(5000);
http.setReadTimeout(20000);