您好,我正在开发 android 应用程序,我在所有 Web 服务中使用 https 协议(protocol)。所以要从 android 应用程序与启用 https 的服务器进行通信,我们是否需要在我的 android 的 raw 文件夹中添加任何证书?
如果是那么它的过程是什么。我检查了很多答案,但人们只是忽略了 https 协议(protocol),只是接受所有证书或绕过。
提前致谢。
最佳答案
- 创建BouncyCaSTLe
KeyStore,将您的证书放入其中(您可以使用openssl),稍后将创建的KeyStore放入res/raw文件夹。
在应用中:
- 将您的 keystore 文件加载到 java
KeyStore - 为您的
HttpClient提供您的KeyStore
例子:
// Load CAs from an InputStream
// (could be from a resource or ByteArrayInputStream or ...)
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// From https://www.washington.edu/itconnect/security/ca/load-der.crt
InputStream caInput = new BufferedInputStream(new FileInputStream("load-der.crt"));
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());
} finally {
caInput.close();
}
// Create a KeyStore containing our trusted CAs
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
// Create an SSLContext that uses our TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
// Tell the URLConnection to use a SocketFactory from our SSLContext
URL url = new URL("https://certs.cac.washington.edu/CAtest/");
HttpsURLConnection urlConnection =
(HttpsURLConnection)url.openConnection();
urlConnection.setSSLSocketFactory(context.getSocketFactory());
InputStream in = urlConnection.getInputStream();
copyInputStreamToOutputStream(in, System.out);
来源: https://developer.android.com/training/articles/security-ssl.html
关于android - 我们是否需要创建任何证书才能在 Android 中调用 https Web 服务,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/26202474/