在项目中遇到了https传输问题,使用自签名证书,是的android手机端与服务器可与进行数据通信,尝试了多种方法,最终实现。在此做笔记,以防忘记、加固记忆。
1、生成证书
服务器端 证书库 keytool -validity 365 -genkey -v -alias server -keyalg RSA -keystore server.keystore -dname "CN=192.168.1.110,OU=monkey,O=monkey,L=BeiJIng,ST=BeiJing,c=cn" -storepass 123456 -keypass 123456
客户端 证书库 keytool -validity 365 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore client.p12 -dname "CN=client,OU=monkey,O=monkey,L=BeiJing,ST=BeiJing,c=cn" -storepass 123456 -keypass 123456
服务器端证书库导出服务器端证书 keytool -export -v -alias server -keystore server.keystore -storepass 123456 -rfc -file server.cer
从客户端证书库导入客户端证书 keytool -export -v -alias client -keystore client.p12 -storetype PKCS12 -storepass 123456 -rfc -file client.cer
生成Android客户端信任证书库(由服务端证书生成的证书库) keytool -importcert -keystore server.bks -file server.cer -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
将客户端证书导入到服务器证书库(使得服务器信任客户端证书) keytool -import -v -alias client -file client.cer -keystore server.keystore -storepass 123456
将client.p12和server.bks复制到手机端的某个文件夹下,关于一些说放到assets文件夹下的,其实并不非要放到那里,那个文件夹是系统文件夹,一般来说你无法直接查看或者读写。
2、配置tomcat
在tomca的conf文件夹下的server.xml找到被注释掉的端口为8443的HTTPS打开
加入
keystoreFile="D:\\test\\server.keystore" keystorePass="123456"
truststoreFile="D:\\test\\server.keystore" truststorePass="123456"
保存后重启服务器
3、测试服务器
配置浏览器 双击client.p12导入浏览器,选择安装到“受信任的根证书颁发机构”。输入https://192.x.x.x:8443 访问服务器,观察是否成功访问,出现tomcat首页即为访问成功,地址处出现小锁标志。
4、android 客户端代码
很惭愧 代码是网上一位前辈写的 经过测试 非常完美的实现了android端的https的配置,结合项目 我对于部分代码做出了调整。
菜鸟一个 互相学习
写道
import android.content.Context;
import android.os.Environment;
import android.util.Log;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.Socket;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
/**
* Created by Administrator on 2016/7/11.
*/
public class SSLConnection {
private static TrustManager[] trustManagers;
private static final String KEY_STORE_TYPE_BKS = "bks";
private static final String KEY_STORE_TYPE_P12 = "PKCS12";
private static final String keyStoreFileName = Environment.getExternalStorageDirectory().getPath() + "/asset/client.p12";
private static final String keyStorePassword = "123456";
private static final String trustStoreFileName = Environment.getExternalStorageDirectory().getPath() + "/asset/server.bks";
private static final String trustStorePassword = "123456";
private static final String alias = null;//"client";
private static Context pContext = null;
public static void allowAllSSL() {
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
//TODO Auto-generated method stub
return true;
}
});
// pContext = ct;
SSLContext context;
if (trustManagers == null) {
try {
KeyManager[] keyManagers = createKeyManagers(keyStoreFileName, keyStorePassword, alias);
trustManagers = createTrustManagers(trustStoreFileName, trustStorePassword);
context = SSLContext.getInstance("TLS");
context.init(keyManagers, trustManagers, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(context.getSocketFactory());
} catch (KeyStoreException e) {
//TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
//TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
//TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
//TODO Auto-generated catch block
e.printStackTrace();
} catch (UnrecoverableKeyException e) {
//TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyManagementException e) {
Log.e("allowAllSSL", e.toString());
}//new TrustManager[]{new _FakeX509TrustManager()};
}
}
private static KeyManager[] createKeyManagers(String keyStoreFileName, String eyStorePassword, String alias)
throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
FileInputStream inputStream = new FileInputStream(keyStoreFileName);
KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);
keyStore.load(inputStream, keyStorePassword.toCharArray());
printKeystoreInfo(keyStore);//for debug
KeyManager[] managers;
if (alias != null) {
managers =
new KeyManager[]{
new SSLConnection().new AliasKeyManager(keyStore, alias, keyStorePassword)};
} else {
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());//PKIX "X509")
keyManagerFactory.init(keyStore, keyStorePassword == null ? null : keyStorePassword.toCharArray());
managers = keyManagerFactory.getKeyManagers();
}
return managers;
}
private static TrustManager[] createTrustManagers(String trustStoreFileName, String trustStorePassword)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
FileInputStream inputStream = new FileInputStream(trustStoreFileName);
KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);
trustStore.load(inputStream, trustStorePassword.toCharArray());
printKeystoreInfo(trustStore);//for debug
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
return trustManagerFactory.getTrustManagers();
}
private static void printKeystoreInfo(KeyStore keystore) throws KeyStoreException {
System.out.println("Provider : " + keystore.getProvider().getName());
System.out.println("Type : " + keystore.getType());
System.out.println("Size : " + keystore.size());
Enumeration en = keystore.aliases();
while (en.hasMoreElements()) {
System.out.println("Alias: " + en.nextElement());
}
}
private class AliasKeyManager implements X509KeyManager {
private KeyStore _ks;
private String _alias;
private String _password;
public AliasKeyManager(KeyStore ks, String alias, String password) {
_ks = ks;
_alias = alias;
_password = password;
}
public String chooseClientAlias(String[] str, Principal[] principal, Socket socket) {
return _alias;
}
public String chooseServerAlias(String str, Principal[] principal, Socket socket) {
return _alias;
}
public X509Certificate[] getCertificateChain(String alias) {
try {
Certificate[] certificates = this._ks.getCertificateChain(alias);
if (certificates == null) {
throw new FileNotFoundException("no certificate found for alias:" + alias);
}
X509Certificate[] x509Certificates = new X509Certificate[certificates.length];
System.arraycopy(certificates, 0, x509Certificates, 0, certificates.length);
return x509Certificates;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
public String[] getClientAliases(String str, Principal[] principal) {
return new String[]{_alias};
}
public PrivateKey getPrivateKey(String alias) {
try {
return (PrivateKey) _ks.getKey(alias, _password == null ? null : _password.toCharArray());
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
public String[] getServerAliases(String str, Principal[] principal) {
return new String[]{_alias};
}
}
}