注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

少华是也的笔记

编程:为生活?为兴趣?

 
 
 

日志

 
 

HTTP/HTTPS on Android  

2011-03-25 10:09:11|  分类: Android |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
  • Https Connection Android

http://stackoverflow.com/questions/995514/https-connection-android

I'm making a guess, but if you want an actual handshake to occur, you have to let android know of your certificate. If you want to just accept no matter what, then use this pseudo-code to get what you need with the Apache HTTP Client:


SchemeRegistry schemeRegistry = new SchemeRegistry ();
schemeRegistry.register (new Scheme ("http",
    PlainSocketFactory.getSocketFactory (), 80));
schemeRegistry.register (new Scheme ("https",
    new CustomSSLSocketFactory (), 443));
ThreadSafeClientConnManager cm = new ThreadSafeClientConnManager (
    params, schemeRegistry);
return new DefaultHttpClient (cm, params);
 

CustomSSLSocketFactory:


private SSLSocketFactory FACTORY = HttpsURLConnection.getDefaultSSLSocketFactory ();
public CustomSSLSocketFactory
(
)
    {
    try
        {
        SSLContext context = SSLContext.getInstance ("TLS");
        TrustManager[] tm = new TrustManager[] { new FullX509TrustManager () };
        context.init (null, tm, new SecureRandom ());
        FACTORY = context.getSocketFactory ();
        }
    catch (Exception e)
        {
        e.printStackTrace();
        }
    }
public Socket createSocket() throws IOException
{
    return FACTORY.createSocket();
}

FullX509TrustManager is a class that implements javax.net.ssl.X509TrustManager, yet none of the methods actually perform any work.

Good Luck!

 

 http://blog.crazybob.org/2010/02/android-trusting-ssl-certificates.html

  • Creating an HTTP Client Example

http://thinkandroid.wordpress.com/2009/12/31/creating-an-http-client-example/
Hey everyone,

To conclude my series of examples on working with HTTP/web based Android programming, I thought I would include an example on how to set up a working HTTP Client that will allow you to do all of your POST/GET calls or whatever it is you might be looking to do. So here it is!


public DefaultHttpClient getClient() {
        DefaultHttpClient ret = null;
        //SETS UP PARAMETERS
        HttpParams params = new BasicHttpParams();
        HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
        HttpProtocolParams.setContentCharset(params, "utf-8");
        params.setBooleanParameter("http.protocol.expect-continue", false);
 
        //REGISTERS SCHEMES FOR BOTH HTTP AND HTTPS
        SchemeRegistry registry = new SchemeRegistry();
        registry.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
        final SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory();
        sslSocketFactory.setHostnameVerifier(SSLSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        registry.register(new Scheme("https", sslSocketFactory, 443));
 
        ThreadSafeClientConnManager manager = new ThreadSafeClientConnManager(params, registry);
        ret = new DefaultHttpClient(manager, params);
        return ret;
    }


So yes, if you ever encounter any annoying log errors saying things like “HTTPS SSL ERROR”, then it probably has something to do with how your HTTP Client is set up, and in my experience the example above works well in most cases!

Happy New Year! And Happy coding.

 

项目需要,在Android上实施SSL的双向验证。

准备环境:

Windows 2003 EE;

OpenSSL;

Tomcat 7;

简单的过程:

1.用OpenSSL和keytools做CA,Client,Server的证书、私钥。

2.搭建Tomcat的双向验证的Web服务器。

3.用IE验证SSL的双向验证的有效性。

    上面的三步参见下面的文档:    tomcat下https ssl 双向认证

    唯一的问题是:Tomcat7的配置不同。server.xml


<Connector   
    className="org.apache.catalina.connector.http.HttpConnector"  
    protocol="org.apache.coyote.http11.Http11NioProtocol"        
           port="8443" minSpareThreads="5" maxSpareThreads="75"        
           enableLookups="true" disableUploadTimeout="true"          
           acceptCount="100"  maxThreads="200"        
           scheme="https" secure="true" SSLEnabled="true"        
           clientAuth="true" sslProtocol="TLS"        
           keystoreFile="C:/OpenSSL/server/server_keystore"       
           keystorePass="66666"/>   

 

  keystorePass 是自己server_keystore的密码

  单向验证把clientAuth="true" 修改为false

4.编写Android的SSL验证程序,但只能做到单向验证服务器的证书。参看下面的链接,其还有源码

   Android OpenSSL分析及实例 - zhenyongyuan123的专栏

5.编写Java版本的Client/Server程序验证SSL的双向验证。

   java实现 SSL双向认证 

6.为了了解SSL的握手过程,测试用OpenSSL命令行直接验证Tomcat的SSL双向验证过程。

  用openssl连接TomCat SSL双向验证的命令行。


openssl s_client -connect localhost:8443 -cert client\client-cert.pem -key client\client-key.pem -CAfile ca\ca-cert.pem -state  

 

7.通过上面的过程,发现了步骤4的问题所在,解决了Android访问TomCat的双向SSL验证的WEB服务器。

8.最有一步,直接用Android 的WebView访问Tomcat的双向SSL服务器,正在研究中... 可能需要修改WebView的源码,研究完成单独书写文档表述实现方法。

 

  • Java实现 SSL双向认证

http://avery-leo.javaeye.com/blog/276096

  评论这张
 
阅读(2219)| 评论(0)
推荐 转载

历史上的今天

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2018