美文网首页
★38.HTTPS

★38.HTTPS

作者: iDragonfly | 来源:发表于2017-06-29 00:07 被阅读0次

    流程图

    前言

    • 以下代码需要catch一堆异常,使用try-catch所有的异常并打印即可。
    • 可以使用工具类

    1. 创建KeyStore

    方式一:通过证书

    1. 创建Certificate

    1. 获取公钥

    方式一:从服务器获取公钥
    InputStream pkStream = /* 服务器获取公钥输入流 */;
    方式二:硬编码公钥
    final String PUBLIC_KEY = "blablabla";
InputStream pkStream = new Buffer().writeUtf8(PUBLIC_KEY).inputStream();

    2. 使用公钥生成Certificate 

    CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(pkStream);
Log.d("cert key", certificate.getPublicKey().toString());

    2. 创建KeyStore 

    String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("certificate", certificate);

    方式二:通过本地KeyStore

    • KeyStore.load(..)参数说明:
      • InputStreamKeyStore文件输入流,可以把KeyStore文件放入res/raw目录中,通过R.raw.your_keystore_filename获得。
      • char[]:密码,用于解锁KeyStore文件。
    String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
FileInputStream fileIS = getActivity().getApplicationContext()
        .getResources().openRawResource(R.raw.your_keystore_filename);
char[] password = "Password".toCharArray();
keyStore.load(fileIS, password);
if (fileIS != null) fileIS.close();

    2. 获取TrustManager[]

    • 流程:KeyStore -> TrustManagerFactory -> TrustManager[] 
    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

    3. 获取KeyManager[]

    • 流程:KeyStore -> KeyManagerFactory -> KeyManager[] 
    String kmAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(kmAlgorithm);
keyManagerFactory.init(keyStore, "Password".toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

    4. 创建SSLContext 

    SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagers, trustManagers, new SecureRandom());

    5. 创建SSLSocketFactory 

    SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

    6. HostnameVerifier

    • 用于域名验证,确保域名没有被替换。
    public static HostnameVerifier getHostnameVerifier(String[] myHostUrls) {
    return (hostname, session) -> {
        boolean isAcceptable = false;
        for (String host : myHostUrls) {
            if (host.equalsIgnoreCase(hostname)) {
                isAcceptable = true;
            }
        }
        return isAcceptable;
    };
}

    7. 从TrustManager[]中获取X509TrustManager 

    if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
    throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];

    8. 创建OkHttpClient 

    OkHttpClient okHttpClient = new OkHttpClient.Builder()
        .sslSocketFactory(sslSocketFactory, trustManager)
        .hostnameVerifier(getHostnameVerifier(myHostUrls))
        .build();

    相关文章

      网友评论

          本文标题:★38.HTTPS

          本文链接:https://www.haomeiwen.com/subject/mgbpcxtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|★38.HTTPS|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!