android中进行https连接的方式(源码)

如果不需要验证服务器端证书，直接照这里做

publicclassDemoextendsActivity{

/**Calledwhentheactivityisfirstcreated.*/

privateTextViewtext;

@Override

publicvoidonCreate(BundlesavedInstanceState){

super.onCreate(savedInstanceState);
setContentView(R.layout.main);
text=(TextView)findViewById(R.id.text);
GetHttps();
}


privatevoidGetHttps(){

Stringhttps="https://800wen.com/";

try{

SSLContextsc=SSLContext.getInstance("TLS");

sc.init(null,newTrustManager[]{newMyTrustManager()},newSecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

HttpsURLConnection.setDefaultHostnameVerifier(newMyHostnameVerifier());

HttpsURLConnectionconn=(HttpsURLConnection)newURL(https).openConnection();

conn.setDoOutput(true);

conn.setDoInput(true);
conn.connect();


BufferedReaderbr=newBufferedReader(newInputStreamReader(conn.getInputStream()));

StringBuffersb=newStringBuffer();
Stringline;

while((line=br.readLine())!=null)
sb.append(line);

text.setText(sb.toString());


}catch(Exceptione){

Log.e(this.getClass().getName(),e.getMessage());
}

}


privateclassMyHostnameVerifierimplementsHostnameVerifier{


@Override

publicbooleanverify(Stringhostname,SSLSessionsession){

//TODOAuto-generatedmethodstub

returntrue;
}
}


privateclassMyTrustManagerimplementsX509TrustManager{


@Override

publicvoidcheckClientTrusted(X509Certificate[]chain,StringauthType)

throwsCertificateException{

//TODOAuto-generatedmethodstub

}


@Override

publicvoidcheckServerTrusted(X509Certificate[]chain,StringauthType)

throwsCertificateException{

//TODOAuto-generatedmethodstub

}


@Override

publicX509Certificate[]getAcceptedIssuers(){

//TODOAuto-generatedmethodstub

returnnull;
}
}
}

    public class Demo extends Activity {
        /** Called when the activity is first created. */
            private TextView text;
        @Override
        public void onCreate(Bundle savedInstanceState) {
            super.onCreate(savedInstanceState);
            setContentView(R.layout.main);
            text = (TextView)findViewById(R.id.text);
            GetHttps();
        }
        
        private void GetHttps(){
                String https = " https://800wen.com/";
                try{
                        SSLContext sc = SSLContext.getInstance("TLS");
                        sc.init(null, new TrustManager[]{new MyTrustManager()}, new SecureRandom());
                        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
                        HttpsURLConnection.setDefaultHostnameVerifier(new MyHostnameVerifier());
                        HttpsURLConnection conn = (HttpsURLConnection)new URL(https).openConnection();
                        conn.setDoOutput(true);
                        conn.setDoInput(true);
                        conn.connect();
                        
                         BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream())); 
                 StringBuffer sb = new StringBuffer(); 
                 String line; 
                 while ((line = br.readLine()) != null) 
                         sb.append(line); 
                        
                        text.setText(sb.toString());
                        
                }catch(Exception e){
                        Log.e(this.getClass().getName(), e.getMessage());
                }
                
        }
        
        private class MyHostnameVerifier implements HostnameVerifier{

                    @Override
                    public boolean verify(String hostname, SSLSession session) {
                            // TODO Auto-generated method stub
                            return true;
                    }
        }
        
        private class MyTrustManager implements X509TrustManager{

                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType)
                                    throws CertificateException {
                            // TODO Auto-generated method stub
                            
                    }

                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType)
                                    throws CertificateException {
                            // TODO Auto-generated method stub
                            
                    }

                    @Override
                    public X509Certificate[] getAcceptedIssuers() {
                            // TODO Auto-generated method stub
                            return null;
                    }        
        }  
    }

如果需要验证服务器端证书（这样能够防钓鱼），我是这样做的，还有些问题问大牛：
a. 导出公钥。在浏览器上用https访问tomcat，查看其证书，并另存为一个文件(存成了X.509格式：xxxx.cer)
b. 导入公钥。把xxxx.cer放在Android的assets文件夹中，以方便在运行时通过代码读取此证书，留了两个问题给大牛：

AssetManageram=context.getAssets();

InputStreamins=am.open("robusoft.cer");

try{

//读取证书

CertificateFactorycerFactory=CertificateFactory.getInstance("X.509");//问1
Certificatecer=cerFactory.generateCertificate(ins);

//创建一个证书库，并将证书导入证书库

KeyStorekeyStore=KeyStore.getInstance("PKCS12","BC");//问2

keyStore.load(null,null);

keyStore.setCertificateEntry("trust",cer);

returnkeyStore;

}finally{
ins.close();
}

//把咱的证书库作为信任证书库

SSLSocketFactorysocketFactory=newSSLSocketFactory(keystore);

Schemesch=newScheme("https",socketFactory,443);

//完工

HttpClientmHttpClient=newDefaultHttpClient();
mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

    AssetManager am = context.getAssets();
    InputStream ins = am.open("robusoft.cer");
    try {
            //读取证书
            CertificateFactory cerFactory = CertificateFactory.getInstance("X.509");  //问1
            Certificate cer = cerFactory.generateCertificate(ins);
            //创建一个证书库，并将证书导入证书库
            KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");   //问2
            keyStore.load(null, null);
            keyStore.setCertificateEntry("trust", cer);
            return keyStore;
    } finally {
            ins.close();
    }
    //把咱的证书库作为信任证书库
    SSLSocketFactory socketFactory = new SSLSocketFactory(keystore);
    Scheme sch = new Scheme("https", socketFactory, 443);
    //完工
    HttpClient mHttpClient = new DefaultHttpClient();
    mHttpClient.getConnectionManager().getSchemeRegistry().register(sch);

问1：这里用"PKCS12"不行

答1：PKCS12和JKS是keystore的type，不是Certificate的type，所以X.509不能用PKCS12代替

问2：这里用"JKS"不行。

答2：android平台上支持的keystore type好像只有PKCS12，不支持JKS，所以不能用JKS代替在PKCS12，不过在windows平台上是可以代替的