發表日期:2016-11 文章編輯:小燈 瀏覽次數:2184
簡單講,https 是在http的基礎上增加了SSL/TLS協議。
詳細參見HTTPS傳輸加密原理
1)受信證書(由安卓認可的證書頒發機構, 或這些機構的下屬機構頒發的證書)詳細參見受信任的證書頒發機構
2)不受信證書(沒有得到安卓認可的證書頒發機構頒發的證書)
3)自簽名證書(自己頒發的證書, 分臨時性的(在開發階段使用)或在發布的產品中永久性使用的兩種)
1)免費( 購買受信任機構頒發的證書每年要交 100 到 500 美元不等的費用. 自簽名證書不花一分錢)
2)普及率高(自簽名證書在手機應用中的普及率較高 ,跟用電腦瀏覽網頁不同, 手機的應用一般就固定連一臺服務器)
3)方便(在開發階段寫的代碼,測試跟發布的時候也可以用)
1)受信證書,不需要修改代碼,直接使用,就像SSL/TLS協議透明
2)不受信證書和自簽名證書,需要修改Volley庫代碼(Volley底層支持,但是沒有暴露出來方法)
1)clone volley庫
a.從Google Repositoryclone
b.從清華鏡像clone
2)代碼修改
import android.content.Context; import android.util.Log;import java.io.IOException; import java.io.InputStream; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory;import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; import java.security.cert.X509Certificate; public class SSLSocketHelper { private static TrustManager[] getWrappedTrustManagers(TrustManager[] trustManagers) { final X509TrustManager originalTrustManager = (X509TrustManager) trustManagers[0]; return new TrustManager[]{ new X509TrustManager() { public X509Certificate[] getAcceptedIssuers() { return originalTrustManager.getAcceptedIssuers(); }public void checkClientTrusted(X509Certificate[] certs, String authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkClientTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkClientTrusted", e.toString()); } }public void checkServerTrusted(X509Certificate[] certs, String authType) { try { if (certs != null && certs.length > 0){ certs[0].checkValidity(); } else { originalTrustManager.checkServerTrusted(certs, authType); } } catch (CertificateException e) { Log.w("checkServerTrusted", e.toString()); } } } }; }public static SSLSocketFactory getSSLSocketFactoryByCertificate(Context context,String keyStoreType, int keystoreResId) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {CertificateFactory cf = CertificateFactory.getInstance("X.509"); InputStream caInput = context.getResources().openRawResource(keystoreResId);Certificate ca = cf.generateCertificate(caInput); caInput.close();if (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType); keyStore.load(null, null); keyStore.setCertificateEntry("ca", ca);String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null);return sslContext.getSocketFactory(); }public static SSLSocketFactory getSSLSocketFactoryByKeyStore(Context context,String keyStoreType, int keystoreResId, String keyPassword) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, KeyManagementException {InputStream caInput = context.getResources().openRawResource(keystoreResId);// creating a KeyStore containing trusted CAsif (keyStoreType == null || keyStoreType.length() == 0) { keyStoreType = KeyStore.getDefaultType(); } KeyStore keyStore = KeyStore.getInstance(keyStoreType);keyStore.load(caInput, keyPassword.toCharArray());// creating a TrustManager that trusts the CAs in the KeyStoreString tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm(); TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm); tmf.init(keyStore);TrustManager[] wrappedTrustManagers = getWrappedTrustManagers(tmf.getTrustManagers());SSLContext sslContext = SSLContext.getInstance("TLS"); sslContext.init(null, wrappedTrustManagers, null);return sslContext.getSocketFactory(); } }
4)詳細可參看GitHub工程
GitHub工程與原始的volley對比:
a.增加了cache包,com.android.volley.ssl包,com.android.volley.utils包
b.在com.android.volley.toolbox包中,新增ByteRequest.java,GsonRequest.java,JsonArrayPostRequest.java,JsonObjectPostRequest.java,修改了Volley.java
c.只有com.android.volley.ssl包和Volley.java與支持https自簽名證書有關系
一般是運維搞,可參考如下鏈接:
使用 OpenSSL 生成自簽名證書
基于OpenSSL自建CA和頒發SSL證書
使用openssl生成自簽名證書以及nginx ssl雙向驗證
創建并部署自簽名的 SSL 證書到 Nginx
import android.webkit.WebView; import android.webkit.WebViewClient; import android.webkit.SslErrorHandler; import android.net.http.SslError;private WebView webView;webView = (WebView) findViewById(R.id.my_webview); webView.setWebViewClient(new WebViewClient() {@Override public void onReceivedSslError (WebView view, SslErrorHandler handler, SslError error) { handler.proceed(); } });
國內鏡像加速Android源碼下載
通過 HTTPS 和 SSL 確保安全
Certificate authority
清華大學開源軟件鏡像站
Does the Web View on Android support SSL?
Android _實現SSL解決不受信任的證書問題
Using Android Volley With Self-Signed SSL Certificate
Android volley self signed HTTPS trust anchor for certification path not found
Android 網絡--我是怎么做的: Volley+OkHttp+Https
Making a HTTPS request using Android Volley
1)上層使用(HttpService.java 修改)
2)最上層使用(BaseActivity.java修改)
日期:2018-04 瀏覽次數:6763
日期:2017-02 瀏覽次數:3438
日期:2017-09 瀏覽次數:3659
日期:2017-12 瀏覽次數:3529
日期:2018-12 瀏覽次數:4819
日期:2016-12 瀏覽次數:4584
日期:2017-07 瀏覽次數:13647
日期:2017-12 瀏覽次數:3508
日期:2018-06 瀏覽次數:4267
日期:2018-05 瀏覽次數:4446
日期:2017-12 瀏覽次數:3558
日期:2017-06 瀏覽次數:3984
日期:2018-01 瀏覽次數:3945
日期:2016-12 瀏覽次數:3915
日期:2018-08 瀏覽次數:4428
日期:2017-12 瀏覽次數:3708
日期:2016-09 瀏覽次數:6406
日期:2018-07 瀏覽次數:3208
日期:2016-12 瀏覽次數:3232
日期:2018-10 瀏覽次數:3386
日期:2018-10 瀏覽次數:3482
日期:2018-09 瀏覽次數:3580
日期:2018-02 瀏覽次數:3600
日期:2015-05 瀏覽次數:3521
日期:2018-09 瀏覽次數:3308
日期:2018-06 瀏覽次數:3435
日期:2017-02 瀏覽次數:3874
日期:2018-02 瀏覽次數:4337
日期:2018-02 瀏覽次數:4176
日期:2016-12 瀏覽次數:3573
Copyright ? 2013-2018 Tadeng NetWork Technology Co., LTD. All Rights Reserved.