Android Https请求的简单使用(Volley Https请求的示例)

导语

1. 官方文档：https://developer.android.com/training/articles/security-ssl.html#CommonProblems

2. Https使用了数字签名，对于数字签名的理解，阮一峰翻译一篇关于这方面很好的文章

3. 数字签名一般会使用RSA算法，对于RSA算法的理解，阮一峰也提供两篇生动的文章来说明：

   • 上篇
   • 下篇

   如果看到一大段数学公式就不想往下看的同学，我这里给个简化版的：

   将两个大质数相乘十分容易，但是想要对其乘积进行因式分解却极其困难，文章中给出了的例子： 
   将 
   1230186684530117755130494958384962720772853569595334 
   7921973224521517264005072636575187452021997864693899 
   5647494277406384592519255732630345373154826850791702 
   6122142913461670429214311602221240479274737794080665 
   351419597459856902143413 
   分解成两个质数的乘积，因为现在的方法只能暴力破解，以目前电子计算机的运算速率来看，即使破解了，也会耗费相当长的时间，导致破解行为本身没有什么意义

一般网站的链接

google给的示例代码有些过于简单，我添加了一些东西，复制粘贴就可以运行：

public class MainActivity extends AppCompatActivity {    @Override    protected void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        setContentView(R.layout.activity_main);        new Thread() {            @Override            public void run() {                try {                    URL url = new URL("https://wikipedia.org");                    URLConnection urlConnection = url.openConnection();                    InputStream in = urlConnection.getInputStream();                    printInputStream(in);                } catch (MalformedURLException e) {                    e.printStackTrace();                } catch (IOException e) {                    e.printStackTrace();                }            }        }.start();    }    private void printInputStream(InputStream is){        BufferedReader reader = new BufferedReader(new InputStreamReader(is));        StringBuffer sb = new StringBuffer();        String line = null;        try {            while ((line = reader.readLine()) != null) {                sb.append(line + "\n");            }        } catch (IOException e) {            e.printStackTrace();        } finally {            try {                is.close();            } catch (IOException e) {                e.printStackTrace();            }        }        String rs = sb.toString();        Log.e("inputSteam",rs);    }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

正常访问，结果为： 
点击这里查看大图 

有数字签名的网站

不做任何处理

将上面代码的第11行的网址改为：https://certs.cac.washington.edu/CAtest/ 
运行的结果会报错： 
点击这里查看大图 

官方给的处理

这里同样处理一下细节，复制可以直接运行

public class MainActivity extends AppCompatActivity {    private final String load = "-----BEGIN CERTIFICATE-----\n" +            "MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT\n" +            "AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZp\n" +            "Y2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2Fz\n" +            "aGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMC\n" +            "VVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNV\n" +            "BAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYX\n" +            "aGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4\n" +            "T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLG+MEVAtNDdiYICcBcKsa\n" +            "pr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5c\n" +            "L6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEG\n" +            "A1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQsw\n" +            "CQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtV\n" +            "VyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBA\n" +            "Y2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2Nl\n" +            "cnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNh\n" +            "Yy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmI\n" +            "JjT9bM5d++BtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9Rd+W4GnNDAMV40we\n" +            "s8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr\n" +            "8gbCjAEUHNF/\n" +            "-----END CERTIFICATE-----";    @Override    protected void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        setContentView(R.layout.activity_main);        new Thread() {            @Override            public void run() {                super.run();                URL url = null;                HttpsURLConnection urlConnection = null;                InputStream in = null;                try {                    //1.生成证书:Certificate                    CertificateFactory cf = CertificateFactory.getInstance("X.509");                    InputStream caInput = new ByteArrayInputStream(load.getBytes());                    Certificate ca = null;                    try {                        ca = cf.generateCertificate(caInput);                        System.out.println("ca=" + ((X509Certificate) ca).getSubjectDN());                    } catch (CertificateException e) {                        e.printStackTrace();                    } finally {                        caInput.close();                    }                    //2.初始化公钥:keyStore                    String keyStoreType = KeyStore.getDefaultType();                    KeyStore keyStore = KeyStore.getInstance(keyStoreType);                    keyStore.load(null, null);                    keyStore.setCertificateEntry("ca", ca);                    //3.初始化TrustManagerFactory                    String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();                    TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);                    tmf.init(keyStore);                    //4.初始化sslContext                    SSLContext context = SSLContext.getInstance("TLS");                    context.init(null, tmf.getTrustManagers(), null);                    //5.建立Https链接                    url = new URL("https://certs.cac.washington.edu/CAtest/");                    //注意，这里是HttpsURLConnection                    urlConnection = (HttpsURLConnection) url.openConnection();                    urlConnection.setSSLSocketFactory(context.getSocketFactory());                    in = urlConnection.getInputStream();                } catch (MalformedURLException e) {                    e.printStackTrace();                } catch (IOException e) {                    e.printStackTrace();                } catch (CertificateException e) {                    e.printStackTrace();                } catch (NoSuchAlgorithmException e) {                    e.printStackTrace();                } catch (KeyStoreException e) {                    e.printStackTrace();                } catch (KeyManagementException e) {                    e.printStackTrace();                }                copyInputStreamToOutputStream(in);            }        }.start();    }    private void copyInputStreamToOutputStream(InputStream is) {        if (is == null)            return;        BufferedReader reader = new BufferedReader(new InputStreamReader(is));        StringBuffer sb = new StringBuffer();        String line = null;        try {            while ((line = reader.readLine()) != null) {                sb.append(line + "\n");            }        } catch (IOException e) {            e.printStackTrace();        } finally {            try {                is.close();            } catch (IOException e) {                e.printStackTrace();            }        }        Log.e("inputstrem", sb.toString());    }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109

运行结果： 
点击这里查看大图 

第二行的load的由来：

1. 下载load-der.crt
2. 在cmd中输入命令：keytool -printcert -rfc -file 文件地址

点击这里查看大图 

实现的流程也很简单：

开始生成证书:Certificate初始化公钥:keyStore初始化TrustManagerFactory初始化sslContext建立Https链接后续的处理

Volley的示例

在实际开发中，我们使用网络框架来进行网络中的交互，所以上面的代码肯定是用不到的；现在通用的网络请求框架，都给HTTPS请求留出了空间来实现，下面以Volley为例：

public class MainActivity extends Activity {    private final String load = "-----BEGIN CERTIFICATE-----\n" +            "MIIEBzCCA3CgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCVVMxCzAJBgNVBAgT\n" +            "AldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNVBAsTC1VXIFNlcnZp\n" +            "Y2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYXaGVscEBjYWMud2Fz\n" +            "aGluZ3Rvbi5lZHUwHhcNMDMwMjI1MTgyNTA5WhcNMzAwOTAzMTgyNTA5WjCBlDELMAkGA1UEBhMC\n" +            "VVMxCzAJBgNVBAgTAldBMSEwHwYDVQQKExhVbml2ZXJzaXR5IG9mIFdhc2hpbmd0b24xFDASBgNV\n" +            "BAsTC1VXIFNlcnZpY2VzMRcwFQYDVQQDEw5VVyBTZXJ2aWNlcyBDQTEmMCQGCSqGSIb3DQEJARYX\n" +            "aGVscEBjYWMud2FzaGluZ3Rvbi5lZHUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALwCo6h4\n" +            "T44m+7ve+BrnEqflqBISFaZTXyJTjIVQ39ZWhE0B3LafbbZYju0imlQLG+MEVAtNDdiYICcBcKsa\n" +            "pr2dxOi31Nv0moCkOj7iQueMVU4E1TghYIR2I8hqixFCQIP/CMtSDail/POzFzzdVxI1pv2wRc5c\n" +            "L6zNwV25gbn3AgMBAAGjggFlMIIBYTAdBgNVHQ4EFgQUVdfBM8b6k/gnPcsgS/VajliXfXQwgcEG\n" +            "A1UdIwSBuTCBtoAUVdfBM8b6k/gnPcsgS/VajliXfXShgZqkgZcwgZQxCzAJBgNVBAYTAlVTMQsw\n" +            "CQYDVQQIEwJXQTEhMB8GA1UEChMYVW5pdmVyc2l0eSBvZiBXYXNoaW5ndG9uMRQwEgYDVQQLEwtV\n" +            "VyBTZXJ2aWNlczEXMBUGA1UEAxMOVVcgU2VydmljZXMgQ0ExJjAkBgkqhkiG9w0BCQEWF2hlbHBA\n" +            "Y2FjLndhc2hpbmd0b24uZWR1ggEAMAwGA1UdEwQFMAMBAf8wKwYDVR0RBCQwIoYgaHR0cDovL2Nl\n" +            "cnRzLmNhYy53YXNoaW5ndG9uLmVkdS8wQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2NlcnRzLmNh\n" +            "Yy53YXNoaW5ndG9uLmVkdS9VV1NlcnZpY2VzQ0EuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAIn0PNmI\n" +            "JjT9bM5d++BtQ5UpccUBI9XVh1sCX/NdxPDZ0pPCw7HOOwILumpulT9hGZm9Rd+W4GnNDAMV40we\n" +            "s8REptvOZObBBrjaaphDe1D/MwnrQythmoNKc33bFg9RotHrIfT4EskaIXSx0PywbyfIR1wWxMpr\n" +            "8gbCjAEUHNF/\n" +            "-----END CERTIFICATE-----";    @Override    protected void onCreate(Bundle savedInstanceState) {        super.onCreate(savedInstanceState);        //生成SSLSocketFactory        SSLSocketFactory sslSocketFactory = initSSLSocketFactory();        //HurlStack两个参数默认都是null,如果传入SSLSocketFactory，那么会以Https的方式来请求网络        HurlStack stack = new HurlStack(null, sslSocketFactory);        //通常，我们调用的是Volley.newRequestQueue(context),HurlStack为默认的，也就是不处理Https的情况        //现在传入处理Https的HurlStack，Volley就会去处理相应的请求        RequestQueue requestQueue = Volley.newRequestQueue(this, stack);        //去访问网络        StringRequest request = new StringRequest("https://certs.cac.washington.edu/CAtest/",                new Response.Listener<String>() {                    @Override                    public void onResponse(String response) {                        Log.e("onResponse", response);                    }                }, new Response.ErrorListener() {            @Override            public void onErrorResponse(VolleyError error) {                Log.e("error", error.getMessage());            }        });        requestQueue.add(request);    }    /**     * 生成SSLSocketFactory     * 这里的代码与之前相比，没有什么不同     *     * @return     */    private SSLSocketFactory initSSLSocketFactory() {        //生成证书:Certificate        CertificateFactory cf = null;        SSLSocketFactory factory = null;        try {            cf = CertificateFactory.getInstance("X.509");            InputStream caInput = new ByteArrayInputStream(load.getBytes());            Certificate ca = null;            try {                ca = cf.generateCertificate(caInput);            } finally {                try {                    caInput.close();                } catch (IOException e) {                    e.printStackTrace();                }            }            //初始化公钥:keyStore            String keyType = KeyStore.getDefaultType();            KeyStore keyStore = KeyStore.getInstance(keyType);            keyStore.load(null, null);            keyStore.setCertificateEntry("ca", ca);            //初始化TrustManagerFactory            String algorithm = TrustManagerFactory.getDefaultAlgorithm();            TrustManagerFactory managerFactory = TrustManagerFactory.getInstance(algorithm);            managerFactory.init(keyStore);            //初始化sslContext            SSLContext sslContext = SSLContext.getInstance("TLS");            sslContext.init(null, managerFactory.getTrustManagers(), null);            factory = sslContext.getSocketFactory();        } catch (CertificateException e) {            e.printStackTrace();        } catch (NoSuchAlgorithmException e) {            e.printStackTrace();        } catch (KeyStoreException e) {            e.printStackTrace();        } catch (IOException e) {            e.printStackTrace();        } catch (KeyManagementException e) {            e.printStackTrace();        }        return factory;    }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108

结果展示： 
点击这里查看大图 

示例代码很简单，如果有需要，在项目里稍微写写代码，就可以集成进去。 
成熟网络请求框架都给使用者留出了传递“SSLSocketFactory ”的入口，仔细阅读下网络请求框架初始化的代码，就可以找对应的地方。

结语

HTTPS认证貌似要花不少的银子，一般各位也不会用到，如果要使用HTTPS，可以参考下上面的示例代码。另外，开头推荐阮一峰的几篇文章，希望各位看官查阅。

转载请标明出处http://blog.csdn.net/qq_26411333/article/details/52056809