最近项目需要访问到https双向认证的相关东西,以下是Android客户端访问https双向认证API的代码,如有不足之处请指正。原文链接:http://frank-zhu.github.io/android/2014/12/26/android-https-ssl/,参考了此篇文章的代码,谢谢。
话不多说,直接上代码:
import java.io.InputStream;
import java.security.KeyStore;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;
import android.content.Context;
public class TwoWayAuth {
private static final String KEY_STORE_TYPE_BKS = "bks"; //信任库证书类型 固定值
private static final String KEY_STORE_TYPE_P12 = "PKCS12";//客户端证书类型 固定值
private static final String KEY_STORE_CLIENT_PATH = "client.p12";//客户端要给服务器端认证的证书
private static final String KEY_STORE_TRUST_PATH = "tclient.bks";//客户端验证服务器端的证书库
private static final String KEY_STORE_PASSWORD = "123456";// 客户端证书密码
private static final String KEY_STORE_TRUST_PASSWORD = "123456";//客户端证书库密码
/**
* 获取SslSocketFactory
* @param context 上下文
* @return SSLSocketFactory
*/
public static SSLSocketFactory getSslSocketFactory(Context context) {
try {
// 服务器端需要验证的客户端证书
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);
// 客户端信任的服务器端证书
KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);
InputStream ksIn = context.getResources().getAssets().open(KEY_STORE_CLIENT_PATH);
InputStream tsIn = context.getResources().getAssets().open(KEY_STORE_TRUST_PATH);
try {
keyStore.load(ksIn, KEY_STORE_PASSWORD.toCharArray());
trustStore.load(tsIn, KEY_STORE_TRUST_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
ksIn.close();
} catch (Exception ignore) {
}
try {
tsIn.close();
} catch (Exception ignore) {
}
}
return new SSLSocketFactory(keyStore, KEY_STORE_PASSWORD, trustStore);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 获取SSL认证需要的HttpClient
*
* @param context 上下文
* @param port 端口号
* @return HttpClient
*/
public static HttpClient getSslSocketFactoryHttp(Context context, int port) {
HttpClient httpsClient = new DefaultHttpClient();
SSLSocketFactory sslSocketFactory = getSslSocketFactory(context);
//sslSocketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); //设置信任任何服务器证书
if (sslSocketFactory != null) {
Scheme sch = new Scheme("https", sslSocketFactory, port);
httpsClient.getConnectionManager().getSchemeRegistry().register(sch);
}
return httpsClient;
}
/**
* 发送GET请求,获取请求结果
* @param url 地址
* @param context 应用程序上下文
* @return 资源结果 or null
* @throws Exception
*/
public static String sendHttpsGet(String url,Context context) throws Exception{
String result=null;
HttpGet httpGet = new HttpGet(url);
HttpResponse response = TwoWayAuth.getSslSocketFactoryHttp(context, 443).execute(httpGet);
if (response != null) {
int statusCode = response.getStatusLine().getStatusCode();
if (statusCode == 200) {
HttpEntity httpEntity=response.getEntity();
result=EntityUtils.toString(httpEntity);
}
} else {
android.util.Log.w("NetService", "response null");
}
return result;
}
}