Java 如何在android中连接到SSL服务器
我需要连接具有如下URL的服务器:Java 如何在android中连接到SSL服务器,java,android,ssl,Java,Android,Ssl,我需要连接具有如下URL的服务器: https://www.abc.xxx/ 当我试图通过默认的httpClient连接它时,它抛出了SSL证书异常。我也不想绕过SSL证书 有人能告诉我连接到具有自签名SSL证书的web服务器的过程是什么吗?我需要从服务器获取证书/密钥吗。 如果我获得了密钥/证书,如何在发出HTTP请求时使用该密钥。您可以将CA证书放入res/raw中,并使用它连接自签名web服务器,如下所示: sslSocketFactory = new MySSLSocketFactor
https://www.abc.xxx/
当我试图通过默认的httpClient连接它时,它抛出了SSL证书异常。我也不想绕过SSL证书
有人能告诉我连接到具有自签名SSL证书的web服务器的过程是什么吗?我需要从服务器获取证书/密钥吗。
如果我获得了密钥/证书,如何在发出HTTP请求时使用该密钥。您可以将CA证书放入res/raw中,并使用它连接自签名web服务器,如下所示:
sslSocketFactory = new MySSLSocketFactory(context);
schemeRegistry.register(new Scheme("https", sslSocketFactory, 443));
ClientConnectionManager cm = new ThreadSafeClientConnManager(params,
schemeRegistry);
mHttpClient = new DefaultHttpClient(cm, params);
和MySSLSocketFactory:
public class MySSLSocketFactory extends SSLSocketFactory {
private SSLContext sslContext;
public MySSLSocketFactory(Context context)
throws NoSuchAlgorithmException, KeyManagementException,
KeyStoreException, UnrecoverableKeyException, CertificateException,
IOException {
super(null);
sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, new TrustManager[] {
new MyTrustManager(context)
}, null);
}
@Override
public Socket createSocket() throws IOException {
// TODO Auto-generated method stub
return sslContext.getSocketFactory().createSocket();
}
@Override
public Socket createSocket(Socket socket, String host, int port,
boolean autoClose) throws IOException, UnknownHostException {
// TODO Auto-generated method stub
return sslContext.getSocketFactory().createSocket(socket, host, port,
autoClose);
}
}
现在是MyTrustManager:
public class MyTrustManager implements X509TrustManager {
private X509TrustManager defaultTrustManager;
private X509TrustManager myTrustManager;
private X509Certificate[] acceptedIssuers;
public MyTrustManager(Context context) throws KeyStoreException,
NoSuchAlgorithmException, CertificateException, IOException {
defaultTrustManager = getDefaultManager();
myTrustManager = getLocalManager(context);
if (defaultTrustManager == null || myTrustManager == null) {
throw new IOException("Couldn't load X509TrustManager");
}
ArrayList<X509Certificate> acceptedIssuersList = new ArrayList<X509Certificate>();
this.addToAccepted(acceptedIssuersList, defaultTrustManager);
this.addToAccepted(acceptedIssuersList, myTrustManager);
acceptedIssuers = acceptedIssuersList
.toArray(new X509Certificate[acceptedIssuersList.size()]);
}
private void addToAccepted(
ArrayList<X509Certificate> x509Certificates,
X509TrustManager x509TrustManager) {
for (X509Certificate x509Certificate : x509TrustManager
.getAcceptedIssuers()) {
x509Certificates.add(x509Certificate);
}
}
private X509TrustManager getX509TrustManager(
TrustManagerFactory trustManagerFactory) {
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
for (TrustManager trustManager : trustManagers) {
if (trustManager instanceof X509TrustManager) {
return (X509TrustManager) trustManager;
}
}
return null;
}
private X509TrustManager getDefaultManager() throws KeyStoreException,
NoSuchAlgorithmException {
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((KeyStore) null);
return getX509TrustManager(trustManagerFactory);
}
private X509TrustManager getLocalManager(Context context)
throws CertificateException, NoSuchAlgorithmException,
KeyStoreException, IOException {
if (context == null) {
return null;
}
InputStream inputStream = context
.getResources().openRawResource(
R.raw.ca);
CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
X509Certificate x509Certificate = (X509Certificate) certificateFactory
.generateCertificate(inputStream);
TrustManagerFactory trustManagerFactory = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
keyStore.setCertificateEntry("ca", x509Certificate);
trustManagerFactory.init(keyStore);
return getX509TrustManager(trustManagerFactory);
}
@Override
public void checkClientTrusted(X509Certificate[] ax509certificate, String s)
throws CertificateException {
// TODO Auto-generated method stub
try {
myTrustManager.checkClientTrusted(ax509certificate, s);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
defaultTrustManager.checkClientTrusted(ax509certificate, s);
}
}
@Override
public void checkServerTrusted(X509Certificate[] ax509certificate, String s)
throws CertificateException {
// TODO Auto-generated method stub
try {
myTrustManager.checkServerTrusted(ax509certificate, s);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
defaultTrustManager.checkServerTrusted(ax509certificate, s);
}
}
public X509Certificate[] getAcceptedIssuers() {
// TODO Auto-generated method stub
return acceptedIssuers;
}
}
公共类MyTrustManager实现X509TrustManager{
私有X509TrustManager defaultTrustManager;
私人X509TrustManager myTrustManager;
私人X509证书[]接受发行人;
public MyTrustManager(上下文)抛出KeyStoreException,
NoSuchAlgorithmException、CertificateException、IOException{
defaultTrustManager=getDefaultManager();
myTrustManager=getLocalManager(上下文);
如果(defaultTrustManager==null | | myTrustManager==null){
抛出新IOException(“无法加载X509TrustManager”);
}
ArrayList AcceptEdissuerList=新的ArrayList();
此.addToAccepted(acceptedIssuersList,defaultTrustManager);
此.addToAccepted(acceptedIssuersList,myTrustManager);
AcceptedAssuers=AcceptedAssuers列表
.toArray(新的X509证书[acceptedIssuersList.size()]);
}
私有无效添加为可接受(
ArrayList X509证书,
X509TrustManager(X509TrustManager){
对于(X509证书X509证书:x509TrustManager
.getAcceptedAssuers()){
X509证书。添加(X509证书);
}
}
私有X509TrustManager getX509TrustManager(
TrustManagerFactory TrustManagerFactory){
TrustManager[]TrustManager=trustManagerFactory.GetTrustManager();
for(TrustManager TrustManager:TrustManager){
if(X509TrustManager的trustManager实例){
返回(X509TrustManager)trustManager;
}
}
返回null;
}
私有X509TrustManager getDefaultManager()引发KeyStoreException,
NoSuchAlgorithmException{
TrustManagerFactory TrustManagerFactory=TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init((密钥库)null);
返回getX509TrustManager(trustManagerFactory);
}
专用X509TrustManager getLocalManager(上下文)
抛出CertificateException,NoSuchAlgorithmException,
KeyStoreException,IOException{
if(上下文==null){
返回null;
}
InputStream InputStream=上下文
.getResources().openRawResource(
R.raw.ca);
CertificateFactory CertificateFactory=CertificateFactory
.getInstance(“X.509”);
X509证书X509证书=(X509证书)证书工厂
.生成证书(输入流);
TrustManagerFactory TrustManagerFactory=TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore KeyStore=KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null);
密钥库.setCertificateEntry(“ca”,x509Certificate);
trustManagerFactory.init(密钥库);
返回getX509TrustManager(trustManagerFactory);
}
@凌驾
公共无效checkClientTrusted(X509Certificate[]ax509certificate,字符串s)
抛出证书异常{
//TODO自动生成的方法存根
试一试{
myTrustManager.checkClientTrusted(ax509certificate,s);
}捕获(证书例外e){
//TODO自动生成的捕捉块
e、 printStackTrace();
defaultTrustManager.checkClientTrusted(ax509certificate,s);
}
}
@凌驾
公共无效checkServerTrusted(X509Certificate[]ax509certificate,字符串s)
抛出证书异常{
//TODO自动生成的方法存根
试一试{
myTrustManager.checkServerTrusted(ax509certificate,s);
}捕获(证书例外e){
//TODO自动生成的捕捉块
e、 printStackTrace();
defaultTrustManager.checkServerTrusted(ax509certificate,s);
}
}
公共X509证书[]getAcceptedIssuers(){
//TODO自动生成的方法存根
退货承兑人;
}
}
引发什么SSLCertificate异常?您可能需要将自签名证书安装到可信证书存储中。