Java Android SSL 双向认证代码

源代码下载：

https://github.com/yuxiaohui78/androidHttps

SSL双向认证tomcat实现，参考文章如下，其中是使用HttpClient实现的SSL通信。

http://blog.csdn.net/yuxiaohui78/article/details/41975915

下面代码使用的是HttpsUrlConnection 实现的SSL 通信。

[java] view plaincopy

1. package com.example.ssl.util;  
2.   
3. import java.io.FileNotFoundException;  
4. import java.io.IOException;  
5. import java.io.InputStream;  
6. import java.net.Socket;  
7. import java.security.KeyManagementException;  
8. import java.security.KeyStore;  
9. import java.security.KeyStoreException;  
10. import java.security.NoSuchAlgorithmException;  
11. import java.security.Principal;  
12. import java.security.PrivateKey;  
13. import java.security.UnrecoverableKeyException;  
14. import java.security.cert.CertificateException;  
15. import java.security.cert.X509Certificate;  
16. import java.util.Enumeration;  
17.   
18. import javax.net.ssl.KeyManager;  
19. import javax.net.ssl.KeyManagerFactory;  
20. import javax.net.ssl.SSLContext;  
21. import javax.net.ssl.SSLSocketFactory;  
22. import javax.net.ssl.TrustManager;  
23. import javax.net.ssl.TrustManagerFactory;  
24. import javax.net.ssl.X509KeyManager;  
25.   
26. import android.content.Context;  
27.   
28. public class TwoWaysAuthenticationSSLSocketFactory {  
29.   
30.     private static final String KEY_STORE_TYPE_BKS = "bks";  
31.     private static final String KEY_STORE_TYPE_P12 = "PKCS12";  
32.     private static final String keyStoreFileName = "client.key.p12";  
33.     private static final String keyStorePassword = "123456";  
34.     private static final String trustStoreFileName = "client.truststore";  
35.     private static final String trustStorePassword = "123456";  
36.     private static final String alias = null;//"client";  
37.     private static Context pContext = null;  
38.   
39.     public static SSLSocketFactory getSSLSocketFactory (Context ctx)  
40.             throws NoSuchAlgorithmException, KeyManagementException {  
41.           
42.         pContext = ctx;  
43.   
44.         SSLContext context = SSLContext.getInstance("TLS");  
45.         //TODO investigate: could also be "SSLContext context = SSLContext.getInstance("TLS");" Why?  
46.         try{  
47.             //create key and trust managers  
48.             KeyManager[] keyManagers = createKeyManagers(keyStoreFileName, keyStorePassword, alias);  
49.             TrustManager[] trustManagers = createTrustManagers(trustStoreFileName, trustStorePassword);  
50.             context.init(keyManagers, trustManagers, null);  
51.               
52.         } catch (KeyStoreException e) {  
53.             e.printStackTrace();  
54.         } catch (NoSuchAlgorithmException e) {  
55.             e.printStackTrace();  
56.         } catch (CertificateException e) {  
57.             e.printStackTrace();  
58.         } catch (IOException e) {  
59.             e.printStackTrace();  
60.         } catch (UnrecoverableKeyException e) {  
61.             e.printStackTrace();  
62.         } catch (KeyManagementException e) {  
63.             e.printStackTrace();  
64.         }  
65.   
66.         SSLSocketFactory socketFactory = context.getSocketFactory();  
67.         return socketFactory;  
68.     }  
69.     private static KeyManager[] createKeyManagers(String keyStoreFileName, String keyStorePassword, String alias)  
70.             throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {  
71.         InputStream inputStream = pContext.getResources().getAssets().open(keyStoreFileName);  
72.         KeyStore keyStore = KeyStore.getInstance(KEY_STORE_TYPE_P12);  
73.         keyStore.load(inputStream, keyStorePassword.toCharArray());  
74.           
75.         printKeystoreInfo(keyStore);//for debug  
76.   
77.         KeyManager[] managers;  
78.         if (alias != null) {  
79.             managers =  
80.                     new KeyManager[] {  
81.                     new TwoWaysAuthenticationSSLSocketFactory().new AliasKeyManager(keyStore, alias, keyStorePassword)};  
82.         } else {  
83.             KeyManagerFactory keyManagerFactory =  
84.                     KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());  
85.             keyManagerFactory.init(keyStore, keyStorePassword == null ? null : keyStorePassword.toCharArray());  
86.             managers = keyManagerFactory.getKeyManagers();  
87.         }  
88.         return managers;  
89.     }  
90.   
91.     private static TrustManager[] createTrustManagers(String trustStoreFileName, String trustStorePassword)  
92.             throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {  
93.         InputStream inputStream = pContext.getResources().getAssets().open(trustStoreFileName);  
94.         KeyStore trustStore = KeyStore.getInstance(KEY_STORE_TYPE_BKS);  
95.         trustStore.load(inputStream, trustStorePassword.toCharArray());  
96.   
97.         printKeystoreInfo(trustStore);//for debug  
98.           
99.         TrustManagerFactory trustManagerFactory =  
100.                 TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());  
101.         trustManagerFactory.init(trustStore);  
102.         return trustManagerFactory.getTrustManagers();  
103.     }  
104.   
105.     private static void printKeystoreInfo(KeyStore keystore) throws KeyStoreException {  
106.         System.out.println("Provider : " + keystore.getProvider().getName());  
107.         System.out.println("Type : " + keystore.getType());  
108.         System.out.println("Size : " + keystore.size());  
109.   
110.         Enumeration en = keystore.aliases();  
111.         while (en.hasMoreElements()) {  
112.             System.out.println("Alias: " + en.nextElement());  
113.         }  
114.     }  
115.   
116.     private class AliasKeyManager implements X509KeyManager {  
117.   
118.         private KeyStore _ks;  
119.         private String _alias;  
120.         private String _password;  
121.   
122.         public AliasKeyManager(KeyStore ks, String alias, String password) {  
123.             _ks = ks;  
124.             _alias = alias;  
125.             _password = password;  
126.         }  
127.   
128.         public String chooseClientAlias(String[] str, Principal[] principal, Socket socket) {  
129.             return _alias;  
130.         }  
131.   
132.         public String chooseServerAlias(String str, Principal[] principal, Socket socket) {  
133.             return _alias;  
134.         }  
135.   
136.         public X509Certificate[] getCertificateChain(String alias) {  
137.             try {  
138.                 java.security.cert.Certificate[] certificates = this._ks.getCertificateChain(alias);  
139.                 if(certificates == null){throw new FileNotFoundException("no certificate found for alias:" + alias);}  
140.                 X509Certificate[] x509Certificates = new X509Certificate[certificates.length];  
141.                 System.arraycopy(certificates, 0, x509Certificates, 0, certificates.length);  
142.                 return x509Certificates;  
143.             } catch (Exception e) {  
144.                 e.printStackTrace();  
145.                 return null;  
146.             }  
147.         }  
148.   
149.         public String[] getClientAliases(String str, Principal[] principal) {  
150.             return new String[] { _alias };  
151.         }  
152.   
153.         public PrivateKey getPrivateKey(String alias) {  
154.             try {  
155.                 return (PrivateKey) _ks.getKey(alias, _password == null ? null : _password.toCharArray());  
156.             } catch (Exception e) {  
157.                 e.printStackTrace();  
158.                 return null;  
159.             }  
160.         }  
161.   
162.         public String[] getServerAliases(String str, Principal[] principal) {  
163.             return new String[] { _alias };  
164.         }  
165.     }  
166. }  

调用部分：

[java] view plaincopy

1. private void runHttpsRequestWithHttpsURLConnection(){  
2.         AsyncTask <String, Void, String> testTask = new AsyncTask<String, Void, String>() {  
3.             @Override  
4.             protected String doInBackground(String... params) {  
5.                 String result = "";  
6.                 HttpsURLConnection conn = null;  
7.                 try {  
8.                     URL url = new URL(HTTPS_URL);   
9.                     conn = (HttpsURLConnection) url.openConnection();  
10.                     conn.setSSLSocketFactory(TwoWaysAuthenticationSSLSocketFactory.getSSLSocketFactory(MainActivity.this));  
11.                     conn.connect();  
12.                     result = parseSendMessageResponse(conn.getInputStream());  
13.                     Log.e("HttpsURLConnection Response=====>", result);  
14.                     return result;  
15.                 } catch (ClientProtocolException e) {  
16.                     e.printStackTrace();  
17.                 } catch (IllegalStateException e) {  
18.                     e.printStackTrace();  
19.                 } catch (IOException e) {  
20.                     e.printStackTrace();  
21.                 }catch (NoSuchAlgorithmException e){  
22.                     e.printStackTrace();  
23.                 }catch (KeyManagementException e){  
24.                     e.printStackTrace();  
25.                 }catch (Exception e){  
26.                     e.printStackTrace();  
27.                 }  
28.                 return null;  
29.             }  
30.   
31.             @Override  
32.             protected void onPostExecute(String result) {  
33.                 super.onPostExecute(result);  
34.                 showHttpPage (result);  
35.             }  
36.         };  
37.   
38.         testTask.execute();  
39.     }