HttpsURLConnection和DefaultHttpClient连接HTTPS不用证书

android开发可以用key连接https地址，但是没有key的时候也可以用如下的办法信任任何主机连接https地址：

一 HttpsURLConnection：

import java.security.SecureRandom; import java.security.cert.CertificateException; import java.security.cert.X509Certificate;  import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; import javax.net.ssl.X509TrustManager;  private void trustEveryone() {         try {                 HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier(){                         public boolean verify(String hostname, SSLSession session) {                                 return true;                         }});                 SSLContext context = SSLContext.getInstance("TLS");                 context.init(null, new X509TrustManager[]{new X509TrustManager(){                         public void checkClientTrusted(X509Certificate[] chain,                                         String authType) throws CertificateException {}                         public void checkServerTrusted(X509Certificate[] chain,                                         String authType) throws CertificateException {}                         public X509Certificate[] getAcceptedIssuers() {                                 return new X509Certificate[0];                         }}}, new SecureRandom());                 HttpsURLConnection.setDefaultSSLSocketFactory(                                 context.getSocketFactory());         } catch (Exception e) { // should never happen                 e.printStackTrace();         } } 

 二  DefaultHttpClient

在android中的SSLSocketFactory中有这样一个构造函数：

    /**
     * Constructs an HttpClient SSLSocketFactory backed by the given JSSE
     * SSLSocketFactory.
     *
     * @hide
     */
    public SSLSocketFactory(javax.net.ssl.SSLSocketFactory socketfactory) {
        super();
        this.sslcontext = null;
        this.socketfactory = socketfactory;
        this.nameResolver = null;
    }

但是是hide的。所以把SSLSocketFactory源码复制出来放开了了这个函数。命名为MySSLSocketFactory。如下可以构造一个MySSLSocketFactory：

private MySSLSocketFactory newSslSocketFactory() {try {SSLContext context = SSLContext.getInstance("TLS");context.init(null, new X509TrustManager[] { new X509TrustManager() {public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException {}public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {}public X509Certificate[] getAcceptedIssuers() {return new X509Certificate[0];}} }, new SecureRandom());// Pass the keystore to the SSLSocketFactory. The factory is// responsible// for the verification of the server certificate.MySSLSocketFactory sf = new MySSLSocketFactory(context.getSocketFactory());// Hostname verification from certificate// http://hc.apache.org/httpcomponents-client-ga/tutorial/html/connmgmt.html#d4e506sf.setHostnameVerifier(SSLSocketFactory.STRICT_HOSTNAME_VERIFIER);return sf;} catch (Exception e) {throw new AssertionError(e);}}

这样也解决了在android中用DefaultHttpClient连接https的问题。