如果不需要验证服务器端证书,直接照这里做
public class Demo extends Activity {/** Called when the activity is first created. */private TextView text;@Overridepublic void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);setContentView(R.layout.main);text = (TextView)findViewById(R.id.text);GetHttps();}private void GetHttps(){String https = " https://800wen.com/";try{SSLContext sc = SSLContext.getInstance("TLS");sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();conn.setDoOutput(true);conn.setDoInput(true);conn.connect();BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));StringBuffer sb = new StringBuffer();String line;while ((line = br.readLine()) != null)sb.append(line);text.setText(sb.toString());}catch(Exception e){Log.e(this.getClass().getName(), e.getMessage());}}private class MyHostnameVerifier implements HostnameVerifier{@Overridepublic boolean verify(String hostname, SSLSession session) {// TODO Auto-generated method stubreturn true;}}private class MyTrustManager implements X509TrustManager{@Overridepublic void checkClientTrusted(X509Certificate[] chain, String authType)throws CertificateException {// TODO Auto-generated method stub}@Overridepublic void checkServerTrusted(X509Certificate[] chain, String authType)throws CertificateException {// TODO Auto-generated method stub}@Overridepublic X509Certificate[] getAcceptedIssuers() {// TODO Auto-generated method stubreturn null;}}}
如果需要验证服务器端证书(这样能够防钓鱼),我是这样做的,还有些问题问大牛:
a. 导出公钥。在浏览器上用https访问tomcat,查看其证书,并另存为一个文件(存成了X.509格式:xxxx.cer)b. 导入公钥。把xxxx.cer放在Android的assets文件夹中,以方便在运行时通过代码读取此证书,留了两个问题给大牛
AssetManager am = context.getAssets();InputStream ins = am.open("robusoft.cer");try {//读取证书CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //问1Certificate cer = cerFactory.generateCertificate(ins);//创建一个证书库,并将证书导入证书库KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC"); //问2keyStore.load(null, null);keyStore.setCertificateEntry("trust", cer);return keyStore;} finally {ins.close();}//把咱的证书库作为信任证书库SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);Scheme sch = new Scheme("https", socketFactory, 443);//完工HttpClient mHttpClient = new DefaultHttpClient();mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);
问1:这里用"PKCS12"不行 答1:PKCS12和JKS是keystore的type,不是Certificate的type,所以X.509不能用PKCS12代替 问2:这里用"JKS"不行。答2:android平台上支持的keystore type好像只有PKCS12,不支持JKS,所以不能用JKS代替在PKCS12,不过在windows平台上是可以代替的