Android上使用Https鏈接

Android開發環境、tomcat html

總體的步驟就是 java

1. 用keystore生成服務器端所用的密鑰,用它配置服務器   android

2.客戶端導入其中的公鑰,將其添加到信任的證書庫中。 web

下面是具體的參考資料。 apache

1.密碼學基礎(像我這樣非科班出身的須要看一下,知其然還得知其因此然)
http://www.williamlong.info/archives/499.html

2.keytool使用與tomcat配置
英文好的朋友請直接看tomcat文檔,SSL部分;
英文很差的朋友請尋找中文版文檔,或者看這篇文章:
http://ln-ydc.iteye.com/blog/1330674

注意:具體的配置可能不同,請找你的tomcat文檔,SSL部分。 瀏覽器


<!-- 不配置APR時 -->
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" 
			   keystoreFile="conf/cert/tomcat.keystore" keystorePass="password"
			   />




3.android配置
若是不須要驗證服務器端證書,直接照這裏作
http://elsila.blog.163.com/blog/static/17319715820101128832427/

若是須要驗證服務器端證書(這樣可以防釣魚),我是這樣作的,還有些問題問大牛:
    a. 導出公鑰。在瀏覽器上用https訪問tomcat,查看其證書,並另存爲一個文件(存成了X.509格式:xxxx.cer)

   b. 導入公鑰。把xxxx.cer放在Android的assets文件夾中,以方便在運行時經過代碼讀取此證書。 tomcat


獲取本地的證書
public static KeyStore getCertificate(Context context) {
		AssetManager assetManager = context.getAssets();
		InputStream ins = null;
		KeyStore keyStore = null;
		try {
			ins = assetManager.open("darrenf.crt");
			// 讀取證書
			CertificateFactory cerFactory = CertificateFactory.getInstance("X.509"); //Certificate的type
			Certificate cer = cerFactory.generateCertificate(ins);
			// 建立一個證書庫,並將證書導入證書庫
			//android平臺上支持的keystore type好像只有PKCS12,不支持JKS
			keyStore = KeyStore.getInstance("PKCS12", "BC"); 
			keyStore.load(null, null);

			keyStore.setCertificateEntry("trust", cer);
			return keyStore;

		} catch (IOException e) {
			e.printStackTrace();
		} catch (CertificateException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		} catch (NoSuchProviderException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} finally {
			try {
				if(ins != null){
					ins.close();
				}
			} catch (IOException e) {
				e.printStackTrace();
			}
		}
		return keyStore;
	}



// 鏈接服務器獲取信息
	public void connectServer() {
		// 獲取本地證書
		KeyStore keystore = CertificateUtils.getCertificate(getContext());
		if(keystore == null){
			Log.e(TAG, "獲取證書錯誤");
			return;
		}
		// 把咱的證書庫做爲信任證書庫
		SSLSocketFactory socketFactory = null;
		try {
			socketFactory = new SSLSocketFactory(keystore);
			// 容許全部主機
			socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
		} catch (KeyManagementException e) {
			e.printStackTrace();
		} catch (UnrecoverableKeyException e) {
			e.printStackTrace();
		} catch (NoSuchAlgorithmException e) {
			e.printStackTrace();
		} catch (KeyStoreException e) {
			e.printStackTrace();
		}
		final Scheme sch = new Scheme("https", socketFactory, 443);

		Thread thread = new Thread() {

			public void run() {
				String path = "https://192.168.16.34:8443/SpringREST/simple/22";
				HttpClient mHttpClient = new DefaultHttpClient();
				mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

				HttpGet httpGet = new HttpGet(path);
				InputStream inputStream = null;
				ByteArrayOutputStream baos = null;
				try {
					HttpResponse response = mHttpClient.execute(httpGet);
					StatusLine stateLine = response.getStatusLine();
					if (stateLine.getStatusCode() == HttpStatus.SC_OK) {
						HttpEntity entity = response.getEntity();
						inputStream = entity.getContent();

						baos = new ByteArrayOutputStream();
						int len = 0;
						byte[] buffer = new byte[1024];
						while ((len = inputStream.read(buffer)) != -1) {
							baos.write(buffer, 0, len);
						}
						String content = new String(baos.toByteArray());
					}
				} catch (ClientProtocolException e) {
					e.printStackTrace();
				} catch (IOException e) {
					e.printStackTrace();
				} finally {
					try {
						if (baos != null) {
							baos.close();
						}
						if (inputStream != null) {
							inputStream.close();
						}
					} catch (IOException e) {
						e.printStackTrace();
					}
				}
			}
		};
		thread.start();
	}


web.xml中配置http訪問轉向https



<!-- 配置使http訪問轉向https -->
	<security-constraint>
		<web-resource-collection>
			<web-resource-name>SSL</web-resource-name>
			<url-pattern>/*</url-pattern>
		</web-resource-collection>
		<user-data-constraint>
			<transport-guarantee>CONFIDENTIAL</transport-guarantee>
		</user-data-constraint>
	</security-constraint>


 爲 Tomcat 安裝 apr 服務器

http://pengranxiang.iteye.com/blog/1128905 socket


在tomcat7中啓用HTTPS的詳細配置

http://blog.sina.com.cn/s/blog_64a52f2a0101g35m.html ide


TOMCAT官方文檔

http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration

相關文章
相關標籤/搜索