★38.HTTPS

流程圖

前言

  • 以下代碼需要catch一堆異常,使用try-catch所有的異常并打印即可。
  • 可以使用工具類

1. 創(chuàng)建KeyStore

方式一:通過證書

1. 創(chuàng)建Certificate

1. 獲取公鑰

方式一:從服務(wù)器獲取公鑰
InputStream pkStream = /* 服務(wù)器獲取公鑰輸入流 */;
方式二:硬編碼公鑰
final String PUBLIC_KEY = "blablabla";
InputStream pkStream = new Buffer().writeUtf8(PUBLIC_KEY).inputStream();

2. 使用公鑰生成Certificate 

CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
Certificate certificate = certificateFactory.generateCertificate(pkStream);
Log.d("cert key", certificate.getPublicKey().toString());

2. 創(chuàng)建KeyStore 

String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("certificate", certificate);

方式二:通過本地KeyStore

  • KeyStore.load(..)參數(shù)說明:
    • InputStreamKeyStore文件輸入流,可以把KeyStore文件放入res/raw目錄中,通過R.raw.your_keystore_filename獲得。
    • char[]:密碼,用于解鎖KeyStore文件。
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
FileInputStream fileIS = getActivity().getApplicationContext()
        .getResources().openRawResource(R.raw.your_keystore_filename);
char[] password = "Password".toCharArray();
keyStore.load(fileIS, password);
if (fileIS != null) fileIS.close();

2. 獲取TrustManager[]

  • 流程:KeyStore -> TrustManagerFactory -> TrustManager[] 
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(tmfAlgorithm);
trustManagerFactory.init(keyStore);
TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();

3. 獲取KeyManager[]

  • 流程:KeyStore -> KeyManagerFactory -> KeyManager[] 
String kmAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(kmAlgorithm);
keyManagerFactory.init(keyStore, "Password".toCharArray());
KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

4. 創(chuàng)建SSLContext 

SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(keyManagers, trustManagers, new SecureRandom());

5. 創(chuàng)建SSLSocketFactory 

SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

6. HostnameVerifier

  • 用于域名驗證,確保域名沒有被替換。
public static HostnameVerifier getHostnameVerifier(String[] myHostUrls) {
    return (hostname, session) -> {
        boolean isAcceptable = false;
        for (String host : myHostUrls) {
            if (host.equalsIgnoreCase(hostname)) {
                isAcceptable = true;
            }
        }
        return isAcceptable;
    };
}

7. 從TrustManager[]中獲取X509TrustManager 

if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) {
    throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
}
X509TrustManager trustManager = (X509TrustManager) trustManagers[0];

8. 創(chuàng)建OkHttpClient 

OkHttpClient okHttpClient = new OkHttpClient.Builder()
        .sslSocketFactory(sslSocketFactory, trustManager)
        .hostnameVerifier(getHostnameVerifier(myHostUrls))
        .build();
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

推薦閱讀更多精彩內(nèi)容