Android HTTPS 采用HTTPClient实现

Android为我们提供了两种HTTP交互的方式： HttpURLConnection 和 Apache HTTP Client

当访问https时，认证方案在客户端可以决定是否验证服务器，而服务器端可以选择是否验证客户端，如果双方都选择验证那么，就是双向验证；如果有一方选择不验证，那就是单向验证。

  双向认证：服务器验证客户端，需要给手机安装证书（参考http://blog.csdn.net/yuxiaohui78/article/details/41975915）

单向认证： 即不验证服务器，在连接过程中首先读取本地客户端证书，然后采用不验证服务端信任证书的方式建立SSLContext

 

单向认证如下

准备工作 

1.下载 bcprov-ext-jdk16-1.46.jar，放入JAVA_HOME \jre\lib\ext下面。

2.修改JAVA_HOME\jre\lib\security\java.security 

找到security.provider.1=sun.security.provider.Sun这行，这里有好几行，在最后一行加上

security.provider.10=org.bouncycastle.jce.provider.BouncyCastleProvider

一、生成keystone

1.keytool -genkey -alias asia -keyalg RSA -keystore server.keystore -validity 3600  

 解释：keytool是jdk下的命令行工具。 alias 随意指定，表示别名。keyalg表示加密算法为RSA，输出文件为server.keystore  这里面需要输入密码（123456） 

2.keytool -export -alias asia  -file server.cer -keystore server.keystore -storepass 123456 

3.keytool -import -alias asia -file server.cer -keystore server_trust.keystore -storepass 123456 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

 

二、服务端

编辑${catalina.base}/conf/server.xml

<Connector SSLEnabled="true" clientAuth="false"   disableUploadTimeout="true"   enableLookups="true"  
           keystoreFile="${catalina.base}/key/server.keystore" keystorePass="123456"  maxSpareThreads="75"  maxThreads="200" 
           minSpareThreads="5" port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"  scheme="https"  secure="true" 
           sslProtocol="TLS"/> 

三、客户端

　　

/** 
     * 密库，这里用的是BouncyCastle密库 
     */  
    private static final String CLIENT_KEY_KEYSTORE = "BKS"; 
    
    
    /** 
     * 私钥密码 
     */  
    private static final String CLIENT_KET_PASSWORD = "123456";  
    
    /**
     * keystore路径
     */
    private static final String CLIENT_KEY_KEYSTORE_PATH = "server_trust.keystore"; 




public HttpClient initHttpClient(Context mContext) {
        if (null == hc) {
            // 初始化工作
            try {
                 KeyStore trustStore = KeyStore.getInstance(CLIENT_KEY_KEYSTORE); 
                 trustStore.load(mContext.getResources().getAssets().open(CLIENT_KEY_KEYSTORE_PATH), CLIENT_KET_PASSWORD.toCharArray()); 
                 
                 SSLSocketFactory socketFactory = new SSLSocketFactoryImpl(trustStore); 
                 //host认证
                 socketFactory.setHostnameVerifier(new X509HostnameVerifier() {
                        public boolean verify(String arg0, SSLSession arg1) { return true;}
                        public void verify(String arg0, SSLSocket arg1) throws IOException {}
                        public void verify(String arg0, String[] arg1, String[] arg2) throws SSLException {}
                        public void verify(String arg0, X509Certificate arg1) throws SSLException {}
                    });
                 //设置HTTP参数
                 final HttpParams params = new BasicHttpParams();
                 HttpProtocolParams.setVersion(params, HttpVersion.HTTP_1_1);
                 HttpProtocolParams.setContentCharset(params, DEFAULT_CHARSET);
                 HttpConnectionParams.setStaleCheckingEnabled(params, false);
                 HttpConnectionParams.setConnectionTimeout(params, timeout);
                 HttpConnectionParams.setSoTimeout(params, timeout);
                 HttpConnectionParams.setSocketBufferSize(params, 8192);
                 HttpClientParams.setRedirecting(params, false);
                  
                 SchemeRegistry schReg = new SchemeRegistry();
//                 schReg.register(new Scheme("http", PlainSocketFactory.getSocketFactory(), 80));
                 schReg.register(new Scheme("https", socketFactory, 443));
                 ClientConnectionManager conManager = new ThreadSafeClientConnManager(params, schReg);
                 hc = new DefaultHttpClient(conManager, params);
                 
            } catch (Exception e) {
                e.printStackTrace();
                return new DefaultHttpClient();
            }
        }
        return hc;
    }



。。。。。。。。
class SSLSocketFactoryImpl extends SSLSocketFactory {
        /** 
         * 使用协议 
         */  
        private static final String CLIENT_AGREEMENT = "TLS";  
        SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);  
    
        public SSLSocketFactoryImpl(KeyStore keystore)
                throws NoSuchAlgorithmException, KeyManagementException,
                KeyStoreException, UnrecoverableKeyException, IOException, CertificateException {
            super(keystore);
            TrustManager tm = new X509TrustManager() {

                @Override
                public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                    return null;
                }

                @Override
                public void checkClientTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType)
                        throws java.security.cert.CertificateException {

                }

                @Override
                public void checkServerTrusted(
                        java.security.cert.X509Certificate[] chain,
                        String authType)
                        throws java.security.cert.CertificateException {

                }
            };

            sslContext.init(null, new TrustManager[] { tm }, null);
        }
    
        @Override
        public Socket createSocket(Socket socket, String host, int port,
                boolean autoClose) throws IOException, UnknownHostException {
            return sslContext.getSocketFactory().createSocket(socket, host, port,
                    autoClose);
        }
    
        @Override
        public Socket createSocket() throws IOException {
            return sslContext.getSocketFactory().createSocket();
        }
    }

 测试通过 。。。。。。。。。。。。。！！！！