本篇文章給大家分享的是有關(guān)HTTPS配置如何在Android項(xiàng)目中使用,小編覺得挺實(shí)用的,因此分享給大家學(xué)習(xí),希望大家閱讀完這篇文章后可以有所收獲,話不多說,跟著小編一起來看看吧。
專注于為中小企業(yè)提供成都做網(wǎng)站、網(wǎng)站制作服務(wù),電腦端+手機(jī)端+微信端的三站合一,更高效的管理,為中小企業(yè)中方免費(fèi)做網(wǎng)站提供優(yōu)質(zhì)的服務(wù)。我們立足成都,凝聚了一批互聯(lián)網(wǎng)行業(yè)人才,有力地推動(dòng)了成百上千家企業(yè)的穩(wěn)健成長,幫助中小企業(yè)通過網(wǎng)站建設(shè)實(shí)現(xiàn)規(guī)模擴(kuò)充和轉(zhuǎn)變。
Android 使用 HTTPS 配置的步驟。
1、step
配置hostnameVerifier
new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } };
2.step
配置 sslSocketFactory
public static SSLSocketFactory getSslSocketFactory(InputStream[] certificates, InputStream bksFile, String password){ try{ TrustManager[] trustManagers = prepareTrustManager(certificates); KeyManager[] keyManagers = prepareKeyManager(bksFile, password); SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManager trustManager = null; if (trustManagers != null){ trustManager = new MyTrustManager(chooseTrustManager(trustManagers)); } else{ trustManager = new UnSafeTrustManager(); } sslContext.init(keyManagers, new TrustManager[]{trustManager}, new SecureRandom()); return sslContext.getSocketFactory(); } catch (NoSuchAlgorithmException e){ throw new AssertionError(e); } catch (KeyManagementException e){ throw new AssertionError(e); } catch (KeyStoreException e){ throw new AssertionError(e); } } private class UnSafeHostnameVerifier implements HostnameVerifier{ @Override public boolean verify(String hostname, SSLSession session){ return true; } } private static class UnSafeTrustManager implements X509TrustManager{ @Override public void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException{} @Override public void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException{} @Override public X509Certificate[] getAcceptedIssuers(){ return new X509Certificate[]{}; } } private static TrustManager[] prepareTrustManager(InputStream... certificates){ if (certificates == null || certificates.length <= 0) return null; try{ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); keyStore.load(null); int index = 0; for (InputStream certificate : certificates){ String certificateAlias = Integer.toString(index++); keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate)); try{ if (certificate != null) certificate.close(); } catch (IOException e){ } } TrustManagerFactory trustManagerFactory = null; trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); trustManagerFactory.init(keyStore); TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); return trustManagers; } catch (NoSuchAlgorithmException e){ e.printStackTrace(); } catch (CertificateException e){ e.printStackTrace(); } catch (KeyStoreException e){ e.printStackTrace(); } catch (Exception e){ e.printStackTrace(); } return null; } private static KeyManager[] prepareKeyManager(InputStream bksFile, String password){ try{ if (bksFile == null || password == null) return null; KeyStore clientKeyStore = KeyStore.getInstance("BKS"); clientKeyStore.load(bksFile, password.toCharArray()); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); keyManagerFactory.init(clientKeyStore, password.toCharArray()); return keyManagerFactory.getKeyManagers(); } catch (KeyStoreException e){ e.printStackTrace(); } catch (NoSuchAlgorithmException e){ e.printStackTrace(); } catch (UnrecoverableKeyException e){ e.printStackTrace(); } catch (CertificateException e){ e.printStackTrace(); } catch (IOException e){ e.printStackTrace(); } catch (Exception e){ e.printStackTrace(); } return null; } private static X509TrustManager chooseTrustManager(TrustManager[] trustManagers){ for (TrustManager trustManager : trustManagers){ if (trustManager instanceof X509TrustManager){ return (X509TrustManager) trustManager; } } return null; } private static class MyTrustManager implements X509TrustManager{ private X509TrustManager defaultTrustManager; private X509TrustManager localTrustManager; public MyTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, KeyStoreException{ TrustManagerFactory var4 = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); var4.init((KeyStore) null); defaultTrustManager = chooseTrustManager(var4.getTrustManagers()); this.localTrustManager = localTrustManager; } @Override public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException{} @Override public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException{ try{ defaultTrustManager.checkServerTrusted(chain, authType); } catch (CertificateException ce){ localTrustManager.checkServerTrusted(chain, authType); } } @Override public X509Certificate[] getAcceptedIssuers(){ return new X509Certificate[0]; } }
調(diào)用 getSslSocketFactory(null,null,null)
即可。
3.step
設(shè)置OkhttpClient。
方法 getSslSocketFactory(null,null,null)
的第一個(gè)參數(shù) 本來要傳入自簽名證書的,當(dāng)傳入null 即可忽略自簽名證書。
如果你想嘗試不忽略自簽名證書 你可以調(diào)用下面的方法獲取 SSLSocketFactory。并設(shè)置到OkhttpClient中。
public static SSLSocketFactory getSSlFactory(Context context) { try { CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = new BufferedInputStream(context.getAssets().open("client.cer"));//把證書打包在asset文件夾中 Certificate ca; try { ca = cf.generateCertificate(caInput); LogUtil.d("Longer", "ca=" + ((X509Certificate) ca).getSubjectDN()); LogUtil.d("Longer", "key=" + ((X509Certificate) ca).getPublicKey()); } finally { caInput.close(); } // Create a KeyStore containing our trusted CAs String keyStoreType = KeyStore.getDefaultType(); KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca); // Create a TrustManager that trusts the CAs in our KeyStore String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore); // Create an SSLContext that uses our TrustManager SSLContext s = SSLContext.getInstance("TLSv1", "AndroidOpenSSL"); s.init(null, tmf.getTrustManagers(), null); return s.getSocketFactory(); } catch (CertificateException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (KeyManagementException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } return null; }
通過上面的幾步配置即可使用https的自簽名證書 和 單向驗(yàn)證的Https了。
Glide 訪問Https的圖片
1.step
在build.gradle 引入下面的aar
/提供的Module/ compile 'com.github.bumptech.glide:okhttp3-integration:1.4.0@aar'
2.step
OkHttpClient okhttpClient = new OkHttpClient.Builder() .connectTimeout(30, TimeUnit.SECONDS) .retryOnConnectionFailure(true) //設(shè)置出現(xiàn)錯(cuò)誤進(jìn)行重新連接。 .connectTimeout(15, TimeUnit.SECONDS) .readTimeout(60 * 1000, TimeUnit.MILLISECONDS) .sslSocketFactory(HttpsUtils.getSslSocketFactory(null,null,null)) .hostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession session) { return true; } }) .build(); //讓Glide能用HTTPS Glide.get(this).register(GlideUrl.class, InputStream.class, new OkHttpUrlLoader.Factory(okhttpClient));
設(shè)置已經(jīng)驗(yàn)證證書的的OkhttpClient 到Glide 既可。
以上就是HTTPS配置如何在Android項(xiàng)目中使用,小編相信有部分知識點(diǎn)可能是我們?nèi)粘9ぷ鲿?huì)見到或用到的。希望你能通過這篇文章學(xué)到更多知識。更多詳情敬請關(guān)注創(chuàng)新互聯(lián)行業(yè)資訊頻道。