歡迎您光臨深圳塔燈網(wǎng)絡(luò)科技有限公司!
余先生:13699882642
余先生:13699882642
8年
專注物流供應(yīng)鏈系統(tǒng)
為您解碼網(wǎng)站建設(shè)的點(diǎn)點(diǎn)滴滴
發(fā)表日期:2016-11 文章編輯:小燈 瀏覽次數(shù):2490
簡(jiǎn)單講,https 是在http的基礎(chǔ)上增加了SSL/TLS協(xié)議。
詳細(xì)參見HTTPS傳輸加密原理
1)受信證書(由安卓認(rèn)可的證書頒發(fā)機(jī)構(gòu), 或這些機(jī)構(gòu)的下屬機(jī)構(gòu)頒發(fā)的證書)詳細(xì)參見受信任的證書頒發(fā)機(jī)構(gòu)
2)不受信證書(沒有得到安卓認(rèn)可的證書頒發(fā)機(jī)構(gòu)頒發(fā)的證書)
3)自簽名證書(自己頒發(fā)的證書, 分臨時(shí)性的(在開發(fā)階段使用)或在發(fā)布的產(chǎn)品中永久性使用的兩種)
1)免費(fèi)( 購(gòu)買受信任機(jī)構(gòu)頒發(fā)的證書每年要交 100 到 500 美元不等的費(fèi)用. 自簽名證書不花一分錢)
2)普及率高(自簽名證書在手機(jī)應(yīng)用中的普及率較高 ,跟用電腦瀏覽網(wǎng)頁(yè)不同, 手機(jī)的應(yīng)用一般就固定連一臺(tái)服務(wù)器)
3)方便(在開發(fā)階段寫的代碼,測(cè)試跟發(fā)布的時(shí)候也可以用)
1)受信證書,不需要修改代碼,直接使用,就像SSL/TLS協(xié)議透明
2)不受信證書和自簽名證書,需要修改Volley庫(kù)代碼(Volley底層支持,但是沒有暴露出來方法)
1)clone volley庫(kù)
a.從Google Repositoryclone
b.從清華鏡像clone
2)代碼修改
企業(yè)建站知識(shí)
推廣知識(shí)
小程序
微信營(yíng)銷
APP開發(fā)
import android.content.Context; import android.util.Log;import java.io.IOException; import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory;import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class SSLSocketHelper { private static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) { final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0]; return new TrustManager[]{ new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return originalTrustManager.getAcceptedIssuers(); }public void checkClientTrusted(X509Certificate[] certs, String authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkClientTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkClientTrusted", e.toString()); } }public void checkServerTrusted(X509Certificate[] certs, String authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkServerTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkServerTrusted", e.toString()); } } } }; }public static SSLSocketFactory getSSLSocketFactoryByCertificate(Context context,String keyStoreType, int keystoreResId) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = context.getResources().openRawResource(keystoreResId);Certificate ca = cf.generateCertificate(caInput); caInput.close();if (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca);String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null);return sslContext.getSocketFactory(); }public static SSLSocketFactory getSSLSocketFactoryByKeyStore(Context context,String keyStoreType, int keystoreResId, String keyPassword) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {InputStream caInput = context.getResources().openRawResource(keystoreResId);// creating a KeyStore containing trusted CAsif (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType);keyStore.load(caInput, keyPassword.toCharArray());// creating a TrustManager that trusts the CAs in the KeyStoreString tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null);return sslContext.getSocketFactory(); } } 4)詳細(xì)可參看GitHub工程
GitHub工程與原始的volley對(duì)比:
a.增加了cache包,com.android.volley.ssl包,com.android.volley.utils包
b.在com.android.volley.toolbox包中,新增ByteRequest.java,GsonRequest.java,JsonArrayPostRequest.java,JsonObjectPostRequest.java,修改了Volley.java
c.只有com.android.volley.ssl包和Volley.java與支持https自簽名證書有關(guān)系
一般是運(yùn)維搞,可參考如下鏈接:
使用 OpenSSL 生成自簽名證書
基于OpenSSL自建CA和頒發(fā)SSL證書
使用openssl生成自簽名證書以及nginx ssl雙向驗(yàn)證
創(chuàng)建并部署自簽名的 SSL 證書到 Nginx
import android.webkit.WebView; import android.webkit.WebViewClient; import android.webkit.SslErrorHandler; import android.net.http.SslError;private WebView webView;webView = (WebView) findViewById(R.id.my_webview); webView.setWebViewClient(new WebViewClient() {@Override public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { handler.proceed(); } }); 國(guó)內(nèi)鏡像加速Android源碼下載
通過 HTTPS 和 SSL 確保安全
Certificate authority
清華大學(xué)開源軟件鏡像站
Does the Web View on Android support SSL?
Android _實(shí)現(xiàn)SSL解決不受信任的證書問題
Using Android Volley With Self-Signed SSL Certificate
Android volley self signed HTTPS trust anchor for certification path not found
Android 網(wǎng)絡(luò)--我是怎么做的: Volley+OkHttp+Https
Making a HTTPS request using Android Volley
1)上層使用(HttpService.java 修改)
2)最上層使用(BaseActivity.java修改)
