Android開發環境、tomcat html
總體的步驟就是 java
1. 用keystore生成服務器端所用的密鑰,用它配置服務器 android
2.客戶端導入其中的公鑰,將其添加到信任的證書庫中。 web
下面是具體的參考資料。 apache
1.密碼學基礎(像我這樣非科班出身的須要看一下,知其然還得知其因此然)注意:具體的配置可能不同,請找你的tomcat文檔,SSL部分。 瀏覽器
<!-- 不配置APR時 --> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="conf/cert/tomcat.keystore" keystorePass="password" />
b. 導入公鑰。把xxxx.cer放在Android的assets文件夾中,以方便在運行時經過代碼讀取此證書。 tomcat
獲取本地的證書 public static KeyStore getCertificate(Context context) { AssetManager assetManager = context.getAssets(); InputStream ins = null; KeyStore keyStore = null; try { ins = assetManager.open("darrenf.crt"); // 讀取證書 CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //Certificate的type Certificate cer = cerFactory.generateCertificate(ins); // 建立一個證書庫,並將證書導入證書庫 //android平臺上支持的keystore type好像只有PKCS12,不支持JKS keyStore = KeyStore.getInstance("PKCS12", "BC"); keyStore.load(null, null); keyStore.setCertificateEntry("trust", cer); return keyStore; } catch (IOException e) { e.printStackTrace(); } catch (CertificateException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } catch (NoSuchProviderException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } finally { try { if(ins != null){ ins.close(); } } catch (IOException e) { e.printStackTrace(); } } return keyStore; }
// 鏈接服務器獲取信息 public void connectServer() { // 獲取本地證書 KeyStore keystore = CertificateUtils.getCertificate(getContext()); if(keystore == null){ Log.e(TAG, "獲取證書錯誤"); return; } // 把咱的證書庫做爲信任證書庫 SSLSocketFactory socketFactory = null; try { socketFactory = new SSLSocketFactory(keystore); // 容許全部主機 socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); } catch (KeyManagementException e) { e.printStackTrace(); } catch (UnrecoverableKeyException e) { e.printStackTrace(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (KeyStoreException e) { e.printStackTrace(); } final Scheme sch = new Scheme("https", socketFactory, 443); Thread thread = new Thread() { public void run() { String path = "https://192.168.16.34:8443/SpringREST/simple/22"; HttpClient mHttpClient = new DefaultHttpClient(); mHttpClient.getConnectionManager().getSchemeRegistry().register(sch); HttpGet httpGet = new HttpGet(path); InputStream inputStream = null; ByteArrayOutputStream baos = null; try { HttpResponse response = mHttpClient.execute(httpGet); StatusLine stateLine = response.getStatusLine(); if (stateLine.getStatusCode() == HttpStatus.SC_OK) { HttpEntity entity = response.getEntity(); inputStream = entity.getContent(); baos = new ByteArrayOutputStream(); int len = 0; byte[] buffer = new byte[1024]; while ((len = inputStream.read(buffer)) != -1) { baos.write(buffer, 0, len); } String content = new String(baos.toByteArray()); } } catch (ClientProtocolException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } finally { try { if (baos != null) { baos.close(); } if (inputStream != null) { inputStream.close(); } } catch (IOException e) { e.printStackTrace(); } } } }; thread.start(); }
<!-- 配置使http訪問轉向https --> <security-constraint> <web-resource-collection> <web-resource-name>SSL</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint>
爲 Tomcat 安裝 apr 服務器
http://pengranxiang.iteye.com/blog/1128905 socket
http://blog.sina.com.cn/s/blog_64a52f2a0101g35m.html ide
TOMCAT官方文檔
http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration