xutils3的https配置与验证

服务器端的https的配置请查看我的上一篇的博客:https://blog.csdn.net/qq_21229739/article/details/97658707

1.Xutils3支持的https请求:

xutils3的https配置与验证_第1张图片

public class HttpsUtil {

    /**
     * 获取双向认证的SSLSocketFactory
     *
     * @param needTrustServerCers 需要信任的所有服务器端公钥cer文件
     * @param clientBks           客户端bks密钥库
     * @param clientBksPassword   客户端bks密钥库的密码
     * @return 双向认证的SSLSocketFactory
     */
    public static SSLSocketFactory getSslSocketFactory(InputStream[] needTrustServerCers, InputStream clientBks, 
                                                       String clientBksPassword) {
        try {
            // 信任服务器端公钥管理器列表
            TrustManager[] trustManagers = prepareTrustManager(needTrustServerCers);
            Log.i("aa","trustManagers:"+trustManagers.length);
            // 当前客户端bks密钥库的所有证书管理器
            KeyManager[] keyManagers = prepareKeyManager(clientBks, clientBksPassword);
            // SSLContext
            SSLContext sslContext = SSLContext.getInstance("TLS");
            // 初始化
            sslContext.init(keyManagers, new TrustManager[]{new DefaultTrustManager(chooseX509TrustManager
                    (trustManagers))}, new SecureRandom());
            // 得到SSLSocketFactory
            SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
            return sslSocketFactory;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (KeyManagementException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        }

        return null;
    }

    /**
     * 获取单向认证的SSLSocketFactory
     *
     * @param needTrustServerCers 需要信任的所有服务器端公钥cer文件
     * @return 单向认证的SSLSocketFactory
     */
    public static SSLSocketFactory getSslSocketFactory(InputStream[] needTrustServerCers) {
        return getSslSocketFactory(needTrustServerCers, null, null);
    }

    private static TrustManager[] prepareTrustManager(InputStream[] needTrustServerCers) {

        if (needTrustServerCers == null || needTrustServerCers.length <= 0) {
            return null;
        }

        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(null);

            int index = 0;
            for (InputStream certificate : needTrustServerCers) {
                String certificateAlias = Integer.toString(index++);
                keyStore.setCertificateEntry(certificateAlias, certificateFactory.generateCertificate(certificate));
                try {
                    if (certificate != null) {
                        certificate.close();
                    }
                } catch (IOException e) {
                    e.printStackTrace();
                }
            }

            TrustManagerFactory trustManagerFactory = null;
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);

            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            return trustManagers;
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

    private static KeyManager[] prepareKeyManager(InputStream bksFile, String password) {

        if (bksFile == null || password == null) {
            return null;
        }

        try {
            KeyStore keyStore = KeyStore.getInstance("BKS");
            keyStore.load(bksFile, password.toCharArray());

            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm
                    ());
            keyManagerFactory.init(keyStore, password.toCharArray());
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        } catch (UnrecoverableKeyException e) {
            e.printStackTrace();
        } catch (CertificateException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        } catch (Exception e) {
            e.printStackTrace();
        }

        return null;
    }

    private static X509TrustManager chooseX509TrustManager(TrustManager[] trustManagers) {
        for (TrustManager trustManager : trustManagers) {
            if (trustManager instanceof X509TrustManager) {
                Log.i("aa","找到了"+((X509TrustManager) trustManager).getAcceptedIssuers());
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    private static class DefaultTrustManager implements X509TrustManager {

        private X509TrustManager allX509TrustManager;
        private X509TrustManager localTrustManager;

        public DefaultTrustManager(X509TrustManager localTrustManager) throws NoSuchAlgorithmException, 
                KeyStoreException {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory
                    .getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            allX509TrustManager = chooseX509TrustManager(trustManagerFactory.getTrustManagers());
            this.localTrustManager = localTrustManager;
        }

        @Override
        public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {
            try {
                allX509TrustManager.checkServerTrusted(chain, authType);
            } catch (CertificateException e) {
                e.printStackTrace();
                try {
                    localTrustManager.checkServerTrusted(chain, authType);
                } catch (CertificateException e1) {
                    e1.printStackTrace();
                }
            }
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    }
}

2. 双向验证的请求结果:

客户端与服务器验证证书成功的情况,与验证证书失败的情况

xutils3的https配置与验证_第2张图片xutils3的https配置与验证_第3张图片

使用Fidders 截取http请求数据包的情况:

xutils3的https配置与验证_第4张图片

使用Fidders 截取https请求数据包的情况:(根本截取不到)

xutils3的https配置与验证_第5张图片

使用Sniffer嗅探器截取http数据包请求

xutils3的https配置与验证_第6张图片

使用Sniffer嗅探器截取https数据包的请求:

xutils3的https配置与验证_第7张图片

 

你可能感兴趣的:(Android开发)